Dr. Cristiana Teixeira Santos

Assistant Professor
International and European Law

For a rather complete record of my publications, see the pointers on  Google Scholar , Semantic ScholarDPLP     

See below selected publications on Dark Patterns, Online Tracking, and Subject Access Requests

  • Leiser M, Santos C. , Dark Patterns, Enforcement, and the Emerging Digital Design Acquis: Manipulation beneath the Interface, European Journal of Law and Technology, Vol. 15, N.1 (2024). Link
  • Bielova, N., Santos, C., Gray, C. M. Two worlds apart! Closing the gap between regulating EU consent and user studies, Volume 37 of the Harvard Journal of Law & Technology (JOLT), 2024. Link
  • Gray, C. M., Bielova, N., Santos, C., Mildner T., 2024, An ontology of dark patterns knowledge: Foundations, definitions, and a pathway for shared knowledge-building. Link 
  • Janecek V., Santos C, 2024. The autonomous concept of “damage” according to the GDPR and its unfortunate implications: Österreichische Post. Common Market Law Review. Link 
  • Kyi L., Mhaidli A., Santos C., Roesner F., Biega A., It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes, 2024. Link 
  • Santos C., Rossi A., The emergence of dark patterns as a legal concept in case law, Internet Policy Review, 2023. Link
  • Morel, V., Santos, C., Fredholm, V., Thunberg A., Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB TCF Paywalls, accepted for presentation at the Workshop on Privacy in the Electronic Society, 2023. Link
  • Gray, C. M.; Santos, C.; Bielova, N., Towards a Preliminary Ontology of Dark Patterns Knowledge, In: Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems (CHI EA '23), 2023. Link
  • Kyi L., Shivakumar S., Roesner F., Santos C., Zufall F., Biega A., (2023)2023. Investigating Deceptive
    Design in GDPR’s Legitimate Interest. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI ’23), April 23–28, 2023, Hamburg, Germany. ACM, New York, NY, USA, 16 pages. https://doi.org/10. Link
  • Morel, V., Santos, C., Lintao, Y., & Human, S. . Your Consent Is Worth 75 Euros A Year - Measurement and Lawfulness of Cookie Paywalls (2022). Workshop on Privacy in the Electronic Society (WPES). Link
  • Gunawan, J., Santos, C., & Kamara, I. Redress for dark patterns privacy harms? A case study on consent interactions. Paper presented at 2022 ACM Symposium on Computer Science and Law, Washington , Washington, United States.  (Accepted/In press). Link
  • Botes M, Kocyigit E., Rossi A., Sanchez-Chamorro L., Sergeeva A., Bongard-Blanchy K., Valoggia P., Santos C., Carli R. Feedback to the EDPB Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them. Link
  • Veale M., Nouwens M., Santos C.  Impossible Asks: Can the Transparency and Consent Framework Ever Authorise Real-Time Bidding After the Belgian DPA Decision? Link
  • Soe TH, Santos C., Slavkovik M., (2022) Automated detection of dark patterns in cookie banners: how to do it poorly and why it is hard to do it any other way (preprint) Link
  • Lauradoux, C., Santos, C. (2022) Feedback on the EDPB Guidelines 01/2022 on data subject rights-Right of access. Link 
  • HumanS., Pandit H., Morel VM, Santos C., Degeling M.,  Rossi A., Botes W., Jesus V., Kamara I. (2022) Data Protection and Consenting Communication Mechanisms: Current Open Proposals and Challenges. Link
  • Santos C., Rossi A.,  Chamorro S. L.,  Bongard-Blanchy K., Abu-Salma R. (2021). Cookie Banners, What's the Purpose? Analyzing Cookie Banner Text Through a Legal Lens. In Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society (WPES '21). Association for Computing Machinery, New York, NY, USA, 187–194. https://doi.org/10.1145/3463676.3485611 Link
  • Santos C., Nouwens M., Toth M., Bielova N., Roca V. (2021) “Consent management platforms under the GDPR: processors and/or controllers?” In: Gruschka N., Antunes L.F.C., Rannenberg K., Drogkaris P. (eds) Privacy Technologies and Policy. APF 2021. Lecture Notes in Computer Science, vol 12703. Springer. Link
  • Gray C., Santos C., Bielova N., Toth M., Clifford D (2021) "Dark Patterns and the Legal Requirements of Consent Banners: An Interaction Criticism Perspective". In CHI Conference on Human Factors in Computing Systems (CHI), May 8–13, 2021, Yokohama, Japan. ACM, New York, NY, USA Honorable Mention. Link
  • Santos C., Bielova N., & Matte C. (2020). "Are cookie banners indeed compliant with the law? Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners" - Journal Technology and Regulation 2020 (December), 91-135. Link
  • Santos C., Matte C., Bielova N. (2020) "Purposes in IAB Europe's TCF: which legal basis and how are they used by advertisers?" (2020), In: Antunes L., Naldi M., Italiano G., Rannenberg K., Drogkaris P. (eds) Privacy Technologies and Policy. APF 2020. Lecture Notes in Computer Science, vol 12121. Springer. Link
  • Fouad I., Santos C., Kassar F. A., Bielova B., Calzavara S. (2020), "On Compliance of Cookie Purposes with the Purpose Specification Principle". 2020 International Workshop on Privacy Engineering (IWPE), 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2020, pp. 326-333. Link
  • Boniface, C., Fouad, I., Bielova, N., Lauradoux, C., & Santos, C. (2019). "Security Analysis of Subject Access Request Procedures - How to Authenticate Data Subjects Safely When They Request for Their Data".  Annual Privacy Forum (APF), Jun 2019, Rome, Italy. pp.1-20. Link
  • Matte C., Bielova, N., Santos, C. (2019). "Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent Framework", 2020 IEEE Symposium on Security and Privacy (SP) (2020): 791-809. Link 
  • Bartolini C., Lenzini L., Santos C. (2019), "An Agile Approach to Validate a Formal Representation of the GDPR", Frontiers in Artificial Intelligence and Applications (FAIA, 2019), Lecture Notes in Computer Science, Springer. doi
  • Bartolini C., Lenzini L., Santos C. (2018), "A Legal Validation of a Formal Representation of Articles of the GDPR", Proceedings of the 2nd Workshop on Technologies for Regulatory Compliance (TERECOM 2018), Groningen, The Netherlands, December 2018, Rodríguez-Doncel V., Casanovas P. et al. (2019), Vol-2309, p. 111-124. link
  • V. Opijnen M., Santos C. (2017), "On  the Concept of Relevance in Legal Information Retrieval", Artificial Intelligence and Law Journal. doi



Scholarly publications

Schietecat, A., van Ooijen, A-L., Lakens, D., van der Toorn, J., Boes, M. L., Bilgili, Ö., Veldhuizen, M., van Goch, M., Funk, M., & Teixeira Santos, C. (2023). The Power of One: Exploring the Needs of the Unheard and Unseen. Report Phase 2. Center for Unusual Collaborations.