For a rather complete record of my publications, see the pointers on  Google Scholar , Semantic Scholar,  DPLP     

2026

• Usable and Lawful: Can Consent be Both? Cristiana Santos, Colin M. Gray, Nataliia Bielova, Sanju Ahuja. Information & Communications Technology Law, 1–35. 2026, https://doi.org/10.1080/13600834.2025.2610581

2025

• Assessing the (severity of) impacts on fundamental rights. Gianclaudio Malgieri, Cristiana Santos, Computer Law & Security Review, Volume 56 (2025)106113, ISSN 2212-473X.

• Understanding the scope of Article 25 of the DSA in regulating dark patterns. Cristiana Santos, Nataliia Bielova, Sanju Ahuja, Christine Utz (2025, forthcoming). In R. Gellert, C. Santos, & H. Schraffenberger (Eds.), Dark patterns and deceptive design patterns: Conceptualising and systematising a key contemporary phenomenon. Edward Elgar

• Towards Key Contributing Factors in Identifying Dark Pattern Autonomy Violations under the EU Digital Services Act. Sanju Ahuja, Johanna Gunawan, Cristiana Santos, Nataliia Bielova. Designing Interactive Systems Conference (DIS), 2025.

• “I will never pay for this” Perceptions of fairness and factors affecting behaviour on ‘pay-or-ok’ models, Victor Morel , Farzaneh Karegar, Cristiana Santos, Privacy Technologies and Policy: 13th Annual Privacy Forum, APF 2025, Frankfurt am Main, Germany, October 22–23, 2025, Proceedings

• Measuring Compliance of Consent Revocation on the Web. Gayatri Priyadarsini Kancherla, Nataliia Bielova, Cristiana Santos, Abhishek Bichhawat. Privacy Enhancing Technologies (PETS), 2025. [Summary]

• You Can't Trust Your Tag Neither: Privacy Leaks and Potential Legal Violations within the Google Tag Manager. Gilles Mertens, Nataliia Bielova, Vincent Roca, Cristiana Santos. IEEE European Symposium on Security and Privacy (Euro S&P), 2025.

• Turning to Online Forums for Legal Information: A Case Study of GDPR's Legitimate Interests, Lin Kyi, Cristiana Santos, Sushil Ammanaghatta Shivakumar, Franziska Roesner, Asia Biega, Privacy Technologies and Policy: 13th Annual Privacy Forum, APF 2025, Frankfurt am Main, Germany, October 22–23, 2025, Proceedings

• The European Data Protection Board-a (non) consensual and (un) accountable role? Lisette Mustert, Cristiana Santos, accepted for publication at the Computers Law and Security Review. 2025

• Leveraging Interdisciplinary Methods for Evidence Collection in Enforcement: Dark Patterns as a Case Study. Johanna Gunawan, Colin M. Gray, Cristiana Santos, Nataliia Bielova. Accepted for publication at the Internet Policy Review (Special Issue: The Craft of Interdisciplinary Research and Methods in Public Interest Cybersecurity, Privacy, and Digital Rights Governance). 2025
   

2024

• The Devil is in the Details: Detection, Measurement and Lawfulness of Server-Side Tracking on the Web, Imane Fouad, Cristiana Santos,  Pierre Laperdrix, Proceedings on Privacy Enhancing Technologies 2024(4), 450–465 
• Dark Patterns, Enforcement, and the Emerging Digital Design Acquis: Manipulation beneath the Interface, Leiser M, Santos C., European Journal of Law and Technology, Vol. 15, N.1, 2024
•  Two worlds apart! Closing the gap between regulating EU consent and user studies, Bielova, N., Santos, C., Gray, C. M., Volume 37 of the Harvard Journal of Law & Technology (JOLT), 2024. 
•  An ontology of dark patterns knowledge: Foundations, definitions, and a pathway for shared knowledge-building. Gray, C. M., Bielova, N., Santos, C., Mildner T., 2024
• The autonomous concept of “damage” according to the GDPR and its unfortunate implications: Österreichische Post. Janecek V., Santos C, Common Market Law Review. 2024 
•  It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes, Kyi L., Mhaidli A., Santos C., Roesner F., Biega A.,2024.
   

2023

• Santos C., Rossi A., The emergence of dark patterns as a legal concept in case law, Internet Policy Review, 2023. Link
• Morel, V., Santos, C., Fredholm, V., Thunberg A., Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB TCF Paywalls, accepted for presentation at the Workshop on Privacy in the Electronic Society, 2023. Link
• Gray, C. M.; Santos, C.; Bielova, N., Towards a Preliminary Ontology of Dark Patterns Knowledge, In: Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems (CHI EA '23), 2023. Link
• Kyi L., Shivakumar S., Roesner F., Santos C., Zufall F., Biega A., (2023)2023. Investigating Deceptive
  Design in GDPR’s Legitimate Interest. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI ’23), April 23–28, 2023, Hamburg, Germany. ACM, New York, NY, USA, 16 pages. https://doi.org/10. Link
  1145/3544548.3580637

2022

• Morel, V., Santos, C., Lintao, Y., & Human, S. . Your Consent Is Worth 75 Euros A Year - Measurement and Lawfulness of Cookie Paywalls (2022). Workshop on Privacy in the Electronic Society (WPES). Link
• Gunawan, J., Santos, C., & Kamara, I. Redress for dark patterns privacy harms? A case study on consent interactions. Paper presented at 2022 ACM Symposium on Computer Science and Law, Washington , Washington, United States.  (Accepted/In press). Link
• Botes M, Kocyigit E., Rossi A., Sanchez-Chamorro L., Sergeeva A., Bongard-Blanchy K., Valoggia P., Santos C., Carli R. Feedback to the EDPB Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them. Link
• Veale M., Nouwens M., Santos C.  Impossible Asks: Can the Transparency and Consent Framework Ever Authorise Real-Time Bidding After the Belgian DPA Decision? Link
• Soe TH, Santos C., Slavkovik M., (2022) Automated detection of dark patterns in cookie banners: how to do it poorly and why it is hard to do it any other way (preprint) Link
• Lauradoux, C., Santos, C. (2022) Feedback on the EDPB Guidelines 01/2022 on data subject rights-Right of access. Link 
• HumanS., Pandit H., Morel VM, Santos C., Degeling M.,  Rossi A., Botes W., Jesus V., Kamara I. (2022) Data Protection and Consenting Communication Mechanisms: Current Open Proposals and Challenges. Link

2021

• Santos C., Rossi A.,  Chamorro S. L.,  Bongard-Blanchy K., Abu-Salma R. (2021). Cookie Banners, What's the Purpose? Analyzing Cookie Banner Text Through a Legal Lens. In Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society (WPES '21). Association for Computing Machinery, New York, NY, USA, 187–194. https://doi.org/10.1145/3463676.3485611 Link
• Santos C., Nouwens M., Toth M., Bielova N., Roca V. (2021) “Consent management platforms under the GDPR: processors and/or controllers?” In: Gruschka N., Antunes L.F.C., Rannenberg K., Drogkaris P. (eds) Privacy Technologies and Policy. APF 2021. Lecture Notes in Computer Science, vol 12703. Springer. Link
• Gray C., Santos C., Bielova N., Toth M., Clifford D (2021) "Dark Patterns and the Legal Requirements of Consent Banners: An Interaction Criticism Perspective". In CHI Conference on Human Factors in Computing Systems (CHI), May 8–13, 2021, Yokohama, Japan. ACM, New York, NY, USA Honorable Mention. Link

2020

• Santos C., Bielova N., & Matte C. (2020). "Are cookie banners indeed compliant with the law? Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners" - Journal Technology and Regulation 2020 (December), 91-135. Link
• Santos C., Matte C., Bielova N. (2020) "Purposes in IAB Europe's TCF: which legal basis and how are they used by advertisers?" (2020), In: Antunes L., Naldi M., Italiano G., Rannenberg K., Drogkaris P. (eds) Privacy Technologies and Policy. APF 2020. Lecture Notes in Computer Science, vol 12121. Springer. Link
• Fouad I., Santos C., Kassar F. A., Bielova B., Calzavara S. (2020), "On Compliance of Cookie Purposes with the Purpose Specification Principle". 2020 International Workshop on Privacy Engineering (IWPE), 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2020, pp. 326-333. Link
• Matte C., Bielova, N., Santos, C. (2019). "Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent Framework", 2020 IEEE Symposium on Security and Privacy (SP) (2020): 791-809. Link 

2019

• Boniface, C., Fouad, I., Bielova, N., Lauradoux, C., & Santos, C. (2019). "Security Analysis of Subject Access Request Procedures - How to Authenticate Data Subjects Safely When They Request for Their Data".  Annual Privacy Forum (APF), Jun 2019, Rome, Italy. pp.1-20. Link
• Bartolini C., Lenzini L., Santos C. (2019), "An Agile Approach to Validate a Formal Representation of the GDPR", Frontiers in Artificial Intelligence and Applications (FAIA, 2019), Lecture Notes in Computer Science, Springer. doi

2018

• Bartolini C., Lenzini L., Santos C. (2018), "A Legal Validation of a Formal Representation of Articles of the GDPR", Proceedings of the 2nd Workshop on Technologies for Regulatory Compliance (TERECOM 2018), Groningen, The Netherlands, December 2018, Rodríguez-Doncel V., Casanovas P. et al. (2019), Vol-2309, p. 111-124. link

2017

• V. Opijnen M., Santos C. (2017), "On  the Concept of Relevance in Legal Information Retrieval", Artificial Intelligence and Law Journal. doi