Lehtosalo, SuviWoods, Daniel W.Klein, MaikeKrupka, DanielWinter, CorneliaWohlgemuth, Volker2023-11-292023-11-292023978-3-88579-731-9https://dl.gi.de/handle/20.500.12116/43187Many privacy and data protection laws, such as Article 8 GDPR and the CCPA, establish different requirements when establishing a legal basis for collecting personal data about children. Our study asks whether and how children’s websites collect consent. We conduct an automated analysis of 2, 066 educational and gaming websites, and a manual analysis of 13 large sites. We measure the prevalence of deceptive patterns identified in prior work, plus a new design consideration, whether the dialog is addressed to the child user’s parent or guardian. A small minority of websites address dialogs for children, which suggest the majority of children’s websites in our sample may not comply with Article 8 GDPR.enOnline consentData protectionInternet measurementChild protectionText/Conference Paper10.18420/inf2023_651617-5468