A new report finds that 75 percent of the 100 most visited websites in the US and Europe are not compliant with current privacy regulations.
The study from privacy solution provider Privado.ai shows despite stricter privacy enforcement in Europe a surprising 74 percent of top websites do not honor opt-in consent as required by Europe’s General Data Protection Regulation (GDPR).
Although top websites in the US have a similar non-compliance rate of 76 percent for not honoring opt-out consent as required by the California Privacy Rights Act (CPRA), Privado finds the median volume of compliance risks to be three times higher in the US.
“With modern privacy laws now in place, websites have added cookie banners in an attempt to comply, but the banners are usually misconfigured,” says Privado CEO Vaibhav Antil. “Especially as marketing technology constantly changes on websites, privacy teams need continuous consent testing on websites to ensure compliance.”
To comply with the CPRA amendment to CCPA (California Consumer Privacy Act), websites in the US must block personal data sharing with advertising third parties if the user opts out. To comply with GDPR, websites in Europe must block personal data collection and sharing with third parties unless the user provides opt-in consent. Despite increasing privacy fines on both sides of the Atlantic, most websites are not honoring the consent requirements in the US or Europe.
Six of the 20 largest GDPR fines since 2018 are due to consent compliance violations on websites, with Amazon receiving the second-largest GDPR fine to date, $888M, for targeting users with ads without proper consent in 2021.
In the US, at least 10 companies since 2022 have been fined for violating consent compliance on websites as regulated by CPRA, the FTC (Federal Trade Commission), or HIPAA (Health Insurance Portability and Accountability Act).
While consent management platforms are critical for collecting, acting on, and recording consent, they lack the full visibility and governance to ensure personal data doesn’t improperly leak to advertising third parties. Privacy code scanning enables the complete and continuous visibility and governance needed to ensure compliance with today’s complex web of privacy regulations.
You can get the full report from the Privado site.
Image credit: md3d/depositphotos.com
