Websites Are Defiant with Cookie Tracking in the Wake of GDPR

Laura BednarCybersecurityLeave a Comment

GDPR Cookie Opt-Out Websites

Now that websites in Europe are required to follow the GDPR rules to help better preserve the privacy of users, it’s been found that only a startling 11.8 percent of websites are compliant with the rules. The main concern about those not complying is that their websites are purposely making it difficult to opt-out of cookie tracking.

Getting Away with It

These websites aren’t exactly breaking the rules, but are bending them. This is done by using CMPs, otherwise known as Consent Management Platforms, such as QuantCast, Cookiebot, TrustArc, OneTrust, and Crownpeak. Through these platforms, websites are using a function known as implicit consent, which tells the system to assume that the user is consenting to using cookies when they simply visit a website, don’t respond to a pop-up window, or navigate within the website.

A user can be completely unaware that they’ve given consent, or a user can be aware but be unsure of how to reject the cookie-tracking because the site has made it incredibly difficult or tedious to get to the reject button. Through a study conducted by MIT, UCL, and Aarhus University called “Dark Patterns after the GDPR,” it’s been noted that these cookie-trackers can also place the opt-out buttons somewhere other than the first page, which increased supposed user opt-ins by as much as 23 percent. This can be considered a “dark pattern” kind of technique because of how it makes it harder for users to opt-out. According to the GDPR laws, user consent must be “freely given” and not forced or pressured by inconvenience or other methods. Other methods included:

  • Using pre-ticked boxes possibly indicating consent or supposedly consumer interest
  • The Dark Patterns study found that users were more likely to notice and interact with a consent pop-up or box if it was in the lower-left part of the screen and moving it decreased the likelihood
  • Ignoring the user’s response to the cookie pop-ups and tracked them anyways

Possible Solutions and Enforcement

With limited resources, enforcement agencies in Europe will have to address this issue likely by targeting the source and foundation of the problem: the CMPs themselves and their pop-up methods. By enforcing compliance and making changes to the pop-up tools made by these CMPs, one could possibly put an end to this kind of pop-up practice. In the same “Dark Patterns after the GDPR” study, it is also suggested that automated tools can be used to help speed “discovery and enforcement.”

Preserve Your Privacy

With how blatant some of these entities are defying the GDPR laws, it’s easy to worry about whether your information will ever truly be private. SecureData can safely store and protect your data with our award-winning, GDPR-compliant data storage devices. These FIPS Validated hardware encrypted hard drives and flash drives allow you to have complete access over your data.

We also value the privacy of our every customer when they choose one of our many data recovery services. From our SSAE 18 Type II Certification to our FIPS 140-2 Level 3 Validated data handling practices, we take every precaution to adhere to the highest standards to ensure that your data privacy remains intact throughout the entire data recovery process. Call us at 1-800-388-1266 to learn how our products and services can help maintain your privacy.