search
English Bewerken
search EN

Dr. Cristiana Teixeira Santos

Universitair docent 
Recht, Economie, Bestuur en Organisatie
Departement Rechtsgeleerdheid
Internationaal en Europees Recht
Internationaal en Europees Recht
Johanna Hudiggebouw
Achter Sint Pieter 200
Kamer 1.03
3512 HT Utrecht

Dr. Cristiana Teixeira Santos

Universitair docent
Internationaal en Europees Recht
c.teixeirasantos@uu.nl
Profiel Publicaties Activiteiten Prijzen In de media Onderzoek Onderwijs Nevenwerkzaamheden Contact
Profiel Publicaties Activiteiten Prijzen In de media Onderzoek Onderwijs Nevenwerkzaamheden Contact
Expertises
Onderzoeksthema's

Impact and Outreach 

My work supports regulators, EU institutions, consumer organisations, and civil society in understanding and enforcing rules on roles and responsabilities of actors in the data ecosystem, compliance of online tracking with GDPR/ePrivacy Directive, DSA and DMA, and dark patterns/manipulation of users and developers. It has been cited in official guidelines, policy reports, regulatory decisions, and enforcement cases and is also used by stakeholders in ongoing regulatory and advocacy work.

1 Enforcement impact: complaints and regulatory decisions

  • Jan 2026 — Bits of Freedom referred to our research on dark patterns under the Digital Services Act in the appeal hearing held at the Amsterdam Court of Appeal in the Netherlands, to support its argument that Meta’s interface practices fall within the DSA’s Article 25 prohibition of dark patterns. 

  • Nov 2025 — Vanity Fair received a €750k fine by the French regulator (CNIL) for not respecting user consent on their websites; the complaint was initiated by noyb using our 2019 research and tools. (Link to the project; Link to Noyb complaint ; Link to CNIL's decision )

  • Feb 2022 — The Belgian Data Protection Authority (AP) found IAB Europe’s TCF non-compliant with the GDPR and imposed a €250k fine; our research on CMPs, consent banners, and dark patterns was used in the investigation and cited multiple times in the decision. (Link)

2 Policy and guidance influence

  • Jan 2025 — Cited by the European Parliamentary Research Service  on dark patterns (Link to the paper)

  • Jul 2024 — Cited in Spanish Data Protection Authority guidelines on ‘Addictive patterns in the processing of personal data’ for our work on the Ontology of Dark Patterns (Link to the Guidelines. Paper )

  • Nov 2023 —  Cited in the legislative study report of the US California Consumer Privacy Act (CCPA)

  • Jan 2023 —  Cited in the EU Commission report "Study on the impact of recent developments in digital advertising on privacy, publishers and advertisers", on our work on tracking technologies (Link and paper)

  • Apr 2022 — Cited by the UK Competition & Markets Authority (CMA) report on Choice Architecture on our work on dark patterns (Link and paper)

3 Open tools for enforcement and research

  • May 2023 — Launched a database of case law on deceptive design (deceptive.design/cases), now used in several research projects.

 

Additional impact (chronological record)

2025

  • Quote - Free shapes icons December 2025: Our work on ‘’‘Assessing the (severity of) impacts on fundamental rights'' was cited by the Danish Institute for Human Rights (DIHR) report on ‘’A guide to fundamental rights impact assessments (FRIA) under the AI Act'' Link 
  • Quote - Free shapes icons December 2025:  Our work on ‘’‘Assessing the (severity of) impacts on fundamental rights'' was cited by the EU Agency For Fundamental Rights (FRA) Report on ‘’Assessing High-risk Artificial Intelligence: Fundamental Rights Risks'' Link
  • November 2025: the companhy VanityFair got a 750K euro fine by the French regulator (CNIL) for not respecting user consent on their websites, a complaint that was initiated by Noyb using our research and tools from 2019. Link to the project; Link to Noyb complaint ; Link to CNIL's decision 
  • October 2025: I was shortlisted to the W@Privacy Awards in the category of ‘Privacy Icon’. This initiative celebrates exceptional female leaders in privacy who lead by example, empower others, and make lasting impact in their communities. 
  • Quote - Free shapes icons February 2025: the Federation of German Consumer Organisations – VZBV cited our work on server-side tracking on their report on targeted ads. Link to the report; Link to the paper.  
  • Quote - Free shapes icons February 2025: The Swedish consumer organization cites our ontology of dark patters! Link 
  • Quote - Free shapes icons January 2025: Our work on dark patterns has been cited by the European Parliamentary Research Service. Link to the paper

2024

  • Book - Free Icon PNG, SVG2024: I am co-editing a book ‘’Dark Patterns and Manipulative Design: Conceptualising and Systematising a Key Contemporary Phenomenon from a Legal Perspective and Beyond''. The book will be published in 2025. Link to the Book 
  • Quote - Free shapes icons July 2024: Our Ontology of Dark Patterns Knowledge was cited in the Spanish Data Protection Authority Guidelines ‘’Addictive patterns in the processing of personal data''. Link to the Guidelines. Paper  
  • Quote - Free shapes icons May 2024: Our work on enforcement of dark patterns and the digital design acquis was cited by the Centre on regulation in Europe (CERRE) Report on ‘’Harmful Online Choice Architecture''. Link to the report. Paper  
  • March 2024: I gave an interview to the NRC on the recent CJEU decision on IAB Europe TCF and its impact on adtech industry
  • Quote - Free shapes icons March 2024: Our work on Real Time Bidding and IAB Europe TCF was cited by The Register. Link and paper
  • Quote - Free shapes icons February 2024: Our work on the ''Pay or Okay'' was cited in an open joint letter signed by 27 civil rights organisations, urging the EDPB to oppose to the 'pay or okay' model. 

2023

  • Quote - Free shapes icons December 2023: Our work on the pay-or-ok model was cited in a ''Pay or Okay'' complaint against META to the Spanish Data Protection Authority! 
  • Quote - Free shapes icons November 2023: Our work on dark patterns was cited in the study report of the US California Consumer Privacy Act. 
  • Quote - Free shapes icons November 2023: Our work on the pay-or-ok model was cited in the Noyb's ''Pay or Okay'' complaint against META to the Austrian Data Protection Authority! 
  • May 2023 - We launched a database of case law on deceptive design: deceptive.design/cases . This database is being used in several research projects!
  • April 2023 - Our work on Dark Patterns and Legitimate interest legal basis was presented at the regulator CNIL (French Data Protection Authority) at the event Privacy Research Day 2023. Link and paper 
  • March 2023 - Our paper "Two Worlds Apart: Closing the Gap Between Regulating EU Consent and User Studies" was presented at the Harvard Law School conferece "Beyond the FTC: The Future of Privacy Enforcement". Link 
  • Quote - Free shapes icons January 2023 - Our work on Dark Patterns and tracking was cited in the EU Commission report "Study on the impact of recent developments in digital advertising on privacy, publishers and advertisers",  Link and paper 
  • Quote - Free shapes icons January 2023 - Our work on IAB TCF “Impossible asks: Can the TCF Ever Authorize Real-Time Bidding After the Belgian DPA Decision ” was also cited by the EU Commission report "Study on the impact of recent developments in digital advertising on privacy, publishers and advertisers", Link and paper 

2022

  • October 2022 - Our work on Paywalls entitled " Your Consent Is Worth 75 Euros A Year – Measurement and Lawfulness of Cookie Paywalls " was covered by the Gizmodo (Link) and was in a podcast by Dataskeptic.  This paper was presented at the 2022 Workshop on Privacy in the Electronic Society (WPES) in November. Link and paper.
  • August 2022 - Our work on the legal and empirical analysis of the IAB Europe TCF was covered by the Decareto company in their report on the lawfulness of this standard. Link and Paper.
  • Quote - Free shapes icons June 2022 - Our work on Dark patterns and legal compliance of consent requests was covered by the EU Commission study  "Behavioural study on unfair commercial practices in the digital environment-Dark patterns and manipulative personalisation" Link
  • Quote - Free shapes icons April 2022 - Our work on Dark Patterns and the Legal Requirements of Consent Banners: An Interaction Criticism Perspective was covered by the UK Competition & Markets Authorithy (CMA). Link and paper
  • April 2022 - Our paper "My Cookie is a phoenix: detection, measurement, and lawfulness of cookie respawning with browser fingerprinting" was covered by LeMonde.fr, La-rem.eu. Paper
  • April 2022 - Our work on In-Depth Technical and Legal Analysis of Tracking on Health Related Websites with ERNIE Extension   was covered by Le Monde. Link and paper
  • Quote - Free shapes icons April 2022- Our work on “ Impossible asks: Can the TCF Ever Authorize Real-Time Bidding After the Belgian DPA Decision ” was covered by EDRI regarding the IAB TCF decision. Link
  • February 2022 - The Belgian Data Protection Authority ruled a decision that IAB Europe's TCF is non-compliant with the GDPR and imposed a fine of 250K euro. Our research on Consent Management Platforms (CMPs), Cookie Banners   and Dark Patterns was used in the investigation and cited multiple times in the final decision of the Belgian DPA. Link 
  • Quote - Free shapes icons January 2022 - Our paper on Consent Management Platforms (CMPs) was cited by ENISA. Link 

2021

  • Quote - Free shapes icons Our paper on privacy and smart tourism destinations was cited by the EU Commission study "Study on
    Mastering data for tourism by EU destinations" Link and paper 
  • July 2021 - We were interviewed by the Vice on Dark Patterns , named ' It's Bad Design On Purpose' – Why Website Cookie Banners Look Like That? Link
  • June 2021- I spoke at the conference “ What can the ePrivacy Regulation do against Dark Patterns ” together with Maryant Fernandez (BEUC), Peter Eberl (European Commission), and Christian Drews (Dapde project). Link

2020

  • July 2020 - We were interviewed by the French Data Protection Authority (CNIL) about our work on user's consent by the IAB Europe's Transparency and Consent Framework (TCF) Link

 

I consult for various stakeholders, including the European Commission in their ongoing enforcement actions, and advised the European Social Economic Committee on consumer regulation. I provide expertise to the Council of Europe, the EDPB, the Global Privacy Enforcement Network on their dark pattern sweep, the industry-based Dutch Expert Group on Digital Manipulation, and the WWW Foundation’s Tech Policy and Design Lab. I sit on the OECD Committee on Consumer Policy Advisory Group. 

Contributions to stakeholder public consultations

I provide feedback to the European Data Protection Board, Data Protection Authorithies, and the EU Commission:

  • EU Commission's Call for evidence on Simplication - Digital Package and Omnibus in 2025 (link)
  • European Data Protection Board (EDPB) ‘Help make GDPR compliance easy for organizations: what templates would be helpful for you’ (link)
  • European Data Protection Board (EDPB) guidelines on technical scope of Art. 5(3) of ePrivacy Directive in 2024 (link)
  • European Commission Report on the General Data Protection Regulation on the use of paywalls in 2024 (link)
  • European Data Protection Board (EDPB) guidelines on “Dark patterns in social media platform interfaces: How to recognise and avoid them” in 2022 (link
  • European Data Protection Board (EDPB) guidelines on the Right of Access in 2022 (link
  • French Data Protection Authority draft recommendation on “cookies and other trackers”  in 2020 (link)
  • Italian Data Protection Authority  on guidelines on the use of cookies and other tracking tools in 2020 (link)
  • European Data Protection Board (EDPB) guidelines on the concepts of controller and processor in the GDPR in 2020 (link)

 

 

Bekijk media op de UU Research Portal

Direct naar

Diensten

Over de UU