Plenary keynotes

• 2024 [upcoming]: Privacy Enhancing Technologies Symposium (PETS), the annual computer science conference for privacy protection. Bristol, UK.
• 2024 [upcoming]: Mapping and Governing the Online Worls (MGOW), interdisciplinary conference bringing researchers from law, economics, computer science and related fields. Ascona, Switzerland.
• 2023: French Association of Law and Economics (AFED), the annual conference of the French law and economics community, Nice, France.
• 2023: Consentir sur le Web conference for the French legal, economics, social science and computer science communities, online.
• 2021: International workshop on Designing Security for the Web (SecWeb), the annual computer science workshop for Web security and privacy, online.
• 2019: Atelier sur la Protection de la Vie Privee (APVP), the annual French computer science workshop on privacy protection, Cap Hornu, France.
• 2018: Scientific days of RISE/DS4H Academy, Universite Cote d'Azur, Nice, France [Video]

Invited talks

• 2024: Invited talk at Lorentz center seminar on Fair patterns for online interfaces on impact of design on users consent decisions. Leiden, the Netherlands.
2024: Invited talk at the Dutch Data Protection Authority on online tracking, consent and dark patterns. The Hague, the Netherlands.
• 2023: Invited talk at the Towards Neuro Ethics rights Workshop, a series of workshops to tackle the questions of neurodata protection for law and computer science experts, Paris, November 2023.
• 2023: Invited talk at Harvard Law School's Beyond the FTC, the first symposium at Harvard on Privacy for Legal and Computer Scientists, Harvard Law School, Cambridge, USA. [Video]
• 2023: Invited talk at UK Cyber Security & Privacy Seminar Series on technical and legal perspectives of Web Privacy, online event. [Video]
• 2023: Invited talk on online tracking and consent at EPFL SPRING lab, Lausanne, Switzerland.
• 2021: Invited speaker at TILTing Perspectives 2021, one of the most reputed Legal conferences in the EU, online event.
• 2021: Invited talk at Belgian CIF seminars at KULeuven with Cristiana Santos, online event. [Video]
• 2021: Invited talk at Organisation for Economic Co-operation and Development (OECD) with Cristiana Santos, online event.
• 2021: Keynote speaker at the "Security and Privacy" track of Dutch ICT.OPEN, online event.
• 2020: Invited talk at Groupe de Travail Protection de la Vie Privee of CNRS GDR Securite, online.
• 2020: Invited talk at Cyber Security Coalition with Cristiana Santos, webinar. [Video]
• 2020: Invited talk at French Deep Law for Tech webinar with Cristiana Santos, webinar. [Video]
• 2020: Runner-up for the Best HotPETs talk with Cristiana Santos at HotPETs 2020, online event [Slides] [Video]
• 2019: Invited talk at the Mozilla Security Research Summit, Vienna, Austria
• 2019: Invited talk at the French Data Protection Authority (CNIL), Paris, France
• 2018: Invited talk at the "Transparence et opacite des systemes d'information" workshop in Lyon, France
• 2018: Invited talk at the Journees Scientifiques Inria, Bordeaux, France. [Video ]
• 2017: Invited talk at the EU Parliament meeting dedicated to the analysis of the new EU ePrivacy Regulation in Brussels, Belgium.
• 2017: Invited talk at the Seminaire SoSySec, Inria Rennes, France.
• 2017 : Invited talk at the Russian-French Workshop in Big Data and Applications, Higher School of Economics, Moscow, Russia
• 2016: Invited talk at the CAPPRIS Inria Collaborative Action, Sophia Antipolis, France.
• 2013: Invited speaker at the panel of International Conference on Runtime Verification, Rennes, France.
• 2013: Invited talk at Dagstuhl Seminar: Verifiably Secure Process-Aware Information Systems, Wadern, Germany.
• 2013: Invited talks at PRIVATICS Inria team, Grenoble, France and INDES Inria team, Sophia Antipolis, France.
• 2012: Invited talk at Dagstuhl Seminar: Web Application Security, Wadern, Germany
• 2012: Invited talk at Security and Formal Methods seminar, Inria Rennes, France.

Interviews by the media

• Interview in LeMonde.fr on our large-scale detection of Web tracking, cookie syncing and browser fingerprinting, and development of ERNIE extension, 2022.
• Interview in Wired.com about the advances in the field of Browser Fingerprinting and our journal article at ACM TWEB, 2022.
• Interview in VICE: "It's Bad Design On Purpose - Why Website Cookie Banners Look Like That", 2021.
• Interview at the French Data Protection Authority (CNIL) about our IEEE Security & Privacy paper on cookie banners that do not respect the users' choice, 2020.
• Interview in MediaPart: "Donnees personnelles: les cookies resistent encore". I presented our work on verifying legal compliance of cookie banners with GDPR and ePrivacy, 2020.
• Interview in Usine Digitale: "Fuite massive de donnees a AccorHotels : ce que risque l'entreprise". I explained the problem of data breaches and massive data collection, data minimisation and purpose limitation principles of the GDPR, N906279, 2019.
• Interview in L'OBS: "Entre realite augmentee et reconnaissance faciale, on a parcouru le supermarche de demain". I explain the meaning of valid consent under GDPR, problem of consent and third-party data usage and data minimisation principle: "Si vous me ciblez par rapport à mon age, vous n'avez pas besoin de mon visage !", 2019.
• Interview at the French Data Protection Authority (CNIL) about our experiment demonstrating uniqueness of users based on their browser extensions and logins, 2018.
• Interview in NiceMatin: "Comment mieux proteger sa vie privee en naviguant sur internet? Les conseils d'une specialiste". I explained how Web browser cookies and other tracking technologies work and demonstrated our research on how users can be tracked by the fingerprint of their browser extensions, 2018.
• Interview in DCloudNews: "Les mouchards du web epingles par une jeune chercheuse de l'INRIA". I explained how Internet users can be tracked on the Web thanks to the browser extensions they install and how the new ePrivacy Regulation could protect the users, 2017.
• Interview in "Science et vie" magazine: "Achat sur Internet - Des prix a la tete du client!", No. 1177. I was involved in this article thanks to my knowledge on Web tracking techniques and to my research on Price Discrimination of Online Airline Tickets, 2015.

Impact on society

After being awarded a Personal Research grant ANR JCJC, in 2018 I have started the ANR PrivaWEB project by establishing a multidisciplinary team of computer scientists and legal scholars to study privacy and legal compliance of Web applications with the EU Data Protection law. This new team was an excellent strategy to tackle complex issues of compliance from legal and technical perspectives.

First collaboration with the legal scholar

Our collaboration with the legal scholar Cristiana Santos helped the team to better understand the EU Data Protection law and jointly investigate how law should apply to new tracking technology and user consent. We have published the first joint article in a journal in Law and Technology, at TechReg in 2020. Impact of this work is manyfold:

• Non-profit NOYB filed 500 complaints to European Data Protection Authorities based on our work.

Academic tool used to file 3 complaints to the French Data Protection Authority (CNIL)

In 2019, with we designed a compliance testing tool "Cookie Glasses" for consent banners and identified numerous violations, published in a top computer security conference, IEEE Security & Privacy 2020. This research has led to one of the first cases where a tool from academia has been used by an NGO (non-governmental organisation):

• Non-profit NOYB issued 3 complaints to the French Data Protection Authority (CNIL) using our results and our browser extension in 2019.

Collaboration with the design scholar and its immediate impact on policy makers

In early 2020, we have established a new collaboration with researcher in design Colin M. Gray - this has led to a remarkably new and influential paper on dark patterns and legal requirements of cookie banners, published in 2021. This work has been cited in the following reports by regulators:

• OECD report on Dark commercial patterns in 2022 [LINK]
• European Commission study on unfair commercial practices in the digital environment in 2022 [LINK]
• UK Competition & Markets Authorithy report on Online Choice Architecture in 2022 [LINK]
• Norwegian Consumer Council report in 2021 [LINK]

Legal roles and responsibilities and the decision of Belgian Data Protection Authority

Our multidisciplinary team analyzed the practices of the consent banner providers, investigating legal roles and responsibilities of each actor. Thanks to the arguments in our APF 2021 paper, these companies have been then reclassified as "data controllers", rather than mere processors. This work had an immediate practical importance:

• Belgian Data Protection Authority used arguments presented in the paper in its decision to fine IAB Europe over its consent framework's GDPR violations.

Contributions to the EDPB and EU Data Protection Authorities

We have contributed to several public consultations of the EU Data Protection Authorities:

• Feedback to the European Data Protection Board’s Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive.
  Cristiana Santos, Nataliia Bielova, Vincent Roca, Mathieu Cunche, Gilles Mertens, Karel Kubicek, Hamed Haddadi. Research report, 2024.
  
  
• Contribution to the public consultation on the CNIL's draft recommendation on "cookies and other trackers.
  Michael Toth, Nataliia Bielova, Cristiana Santos, Vincent Roca, and Celestin Matte.
  Research report, 2020.
  
  
• Feedback to EDPB regarding Guidelines 07/2020 on the concepts of controller and processor in the GDPR.
  Nataliia Bielova and Cristiana Santos. Research report, 2020.
  
  
• Feedback to the Guidelines on the use of cookies and other tracking tools of the Italian Data Protection Authority.
  Nataliia Bielova and Cristiana Santos. Research report, 2020.

Popularisation of scientific knowledge

• 2019: Intervention with high school students during ``Semaine De La Science'' with Cinesciences at the cinematheque of Nice, France.
• 2019: I am a contributor of the Inria white book on CyberSecurity: I provided an overview of the research in the area of Web Tracking technologies carried out by Inria teams.
• 2017: I have contributed the article by LINC of the CNIL on the usage of browser extensions for Web tracking, that highlights our research.
• 2017: Presentation "Technologies et Protection de votre vie privée sur Internet" at Cafe-techno, Inria Sophia Antipolis, France.
• 2016: Co-author of the article for general public in ERCIM News: "Using JavaScript Monitoring to Prevent Device Fingerprinting".
• 2013: Presentation "Web Tracking technologies and privacy protection on the Web" at Inria Conf'Lunch, Inria Rennes, France. Available slides and video.
• 2013: Co-author of the article for general public "L'equipe Celtique et la protection de la vie privee sur le web" at Ouest Inria, that presented our approach for quantifying Web browser fingerprinting.

Software

ERNIE extension to visualise cookie syncing

The Ernie extension is released as part of the WPES'21 paper In-Depth Technical and Legal Analysis of Tracking on Health Related Websites with ERNIE Extension. This extension is able to recognize complex tracking techniques and categorize HTTP requests into one of six tracking categories.

A more thorough explanation of the functionality, and the up to date source code of the extension can be found on: https://github.com/vwesselkamp/ernie-extension, last updated in 2021.

Cookie Glasses

Cookie Glasses is a browser extension that shows what information the web browser stores when consent is registered by cookie banners of IAB Europe's Transparency & Consent Framework. This extension has been used in our IEEE S&P'20 study on cookie banners.

More information is available here: https://github.com/Perdu/Cookie-Glasses, last updated in 2020.

Browser Extensions and Login-Leak experiment

In the experiment, we collect user's browser fingerprint, together with the browser extensions installed and a list of websites she has logged in. We show how unique are Web users based on their extensions and Web logins.

Experimental website is available at https://extensions.inrialpes.fr/, last updates in 2019.

Control What You Include

This tool allows Web developers to gain control over the third party content they include. Our solution is based on the automatic rewriting of the web application so that the third party requests are redirected to a trusted third party server that automatically eliminates third-party tracking cookies and other Web tracking technologies.

More detailed description is available here, last updates in 2018.

WebStats

WebStats collects, on a monthly basis, a number of JavaScript and security statistics about top 10 000 webpages: the usage of popular JavaScript libraries; the usage of different language constructs in these libraries; use of Content Security Policies and secure cookies, etc. The WebStats website can be used by programmers, researchers in programming and researchers in privacy.

The website is available at http://webstats.inria.fr/, last updates in 2018.