Saturday, November 16, 2024

Most visited websites in U.S. and Europe are not compliant with privacy regulations


By Dr. Tim Sandle
November 15, 2024
DIGITAL JOURNAL

Computers and offices. — Image by © Tim Sandle.

The company Privado has issued its 2024 State of Website Privacy Report. The report finds high rates of non-compliance with privacy regulations and identifies controls needed to avoid privacy fines.

The report also reveals that 75 percent of the 100 most visited websites in the U.S. and Europe are not compliant with current privacy regulations.

Despite stricter privacy enforcement in Europe, Privado found many top websites in Europe do not honour opt-in consent as required by Europe’s General Data Protection Regulation (GDPR).

To comply with GDPR, websites in Europe must block personal data collection and sharing with third parties unless the user provides opt-in consent.

Although top websites in the U.S. had a similar non-compliance rate for not honouring opt-out consent as required by the California Privacy Rights Act (CPRA), Privado found the median volume of compliance risks to be three-times higher in the U.S.

To comply with the CPRA amendment to CCPA (California Consumer Privacy Act), websites in the US must block personal data sharing with advertising third parties if the user opts out of data sharing.

Six of the 20 largest GDPR fines since 2018 are due to consent compliance violations on websites, with Amazon receiving the second-largest GDPR fine to date, $888 million, for targeting users with ads without proper consent in 2021.

In the US, at least 10 companies since 2022 have been fined for violating consent compliance on websites as regulated by CPRA, the FTC (Federal Trade Commission), or HIPAA (Health Insurance Portability and Accountability Act).

With consumers demanding greater privacy, personal data sharing from websites has become a major legal risk for companies worldwide.

Privado CEO Vaibhav Antil explains: “With modern privacy laws now in place, websites have added cookie banners in an attempt to comply, but the banners are usually misconfigured. Especially as marketing technology constantly changes on websites, privacy teams need continuous consent testing on websites to ensure compliance.”

One challenge within the firm that arises is because privacy teams typically lack the visibility and controls to track what third parties are integrated with on their websites and whether they are honouring consent requirements.

With teams using so many third parties to optimize marketing and website performance, privacy teams need comprehensive solutions to continuously monitor consent and data flows.

In terms of a solution, privacy code scanning should be used in conjunction with a consent management platform to implement best-in-class digital tracking governance for websites and mobile apps.

No comments:

Post a Comment