Only one in ten European websites respects the General Data Protection Regulation (GDPR), the European privacy law, according to a study by MIT, UCL and Aarhus Universiteit.
As a result of the GDPR, websites are obliged to give users the option to not be tracked with cookies, small pieces of text that websites can store on a computer or phone to retrieve later. However, most websites purposely make it very difficult for their users to resist this tracking, according to the study.
They studied 10,000 websites, and found that only 11.8% of them complied with the minimum requirements of the European privacy legislation. Most of them have become very creative in bypassing or avoiding the regulations, often assisted by consent management platforms (CMPs), like QuantCast, CookieBot and TrustArc.
The consent management platforms use a pop-up window in which the website asks for the user's permission. As the websites assume that the users have agreed to the tracking of their cookies if they ignore the pop-up, this is called 'implicit consent'. The option to refuse all cookies is usually hidden somewhere on the website, and is rarely used.
"Why do they allow their clients to use scrolling as consent, and then bury the 'refuse' button?" said Midas Nouwens, one of the researchers, reports TechCrunch.
The number of trackers on the 10,000 studied websites was between 58 and 542, making it too confusing and difficult for users to give their informed consent. "Since the resources of enforcement agencies are limited, we should focus on the popular pop-up providers, rather than targeting the individual websites," Nouwens added.
The Brussels Times