More than 70% of websites share your personal information – even if you do not consent
More than 7 out of 10 of the most visited websites share your personal data with third parties – even if you explicitly withdraw your consent.
This is the worrying finding of the 2024 State of Website Privacy Report by privacy solutions provider Privado.ai. After looking at the 100 most visited websites in the US and Europe, experts found that approximately 75% do not comply with current privacy regulations imposed in the regions.
These alarmingly low rates of non-compliance show that privacy laws alone are not enough to protect your privacy. Using one of the best VPN apps and other privacy software remains the best choice you have to take control of your data.
Most American and European websites are at risk of privacy violations
Experts scanned the 100 most visited websites in the US and Europe in September 2024 to verify compliance with the California Privacy Rights Act (CPRA) and the General Data Protection Regulation (GDPR), respectively. To do this, they used Privado.ai’s automated consent monitoring technology.
The team was particularly surprised to see that 74% of European websites analyzed did not respect opt-in consent as required by the GDPR. US websites score very similarly in terms of non-compliance, with 76% not respecting the opt-out consent as required by the CPRA. For both regions, experts note that the majority (99%) of non-compliance “was due to sharing data with advertising third parties without appropriate consent via a network request.”
Despite these similar results, as the graph below shows, US websites are three times more likely to breach privacy laws than those in Europe. About half of the websites in the report were media publications, along with e-commerce, lifestyle, healthcare, finance, technology and government sites.
According to Vaibhav Antil, CEO of Privado, the reason for such high non-compliance rates lies in the way marketing technology on websites is constantly changing.
“With modern privacy laws in place, websites have added cookie banners in an attempt to comply, but the banners are usually misconfigured,” he said. “Privacy teams must continually test consent on websites to ensure compliance.”
Unsurprisingly, privacy fines are also rising rapidly in both regions. Europe is leading the way in imposing increasingly higher fines on companies that violate the GDPR $77.5 million in 2019 to $2.1 billion in 2023.
“In the US, there were almost no privacy fines before 2022, and now there is one every month,” experts wrote, adding that with the CPRA amendment to the California Consumer Privacy Act (CCPA) that went into effect in February 2024, “ privacy fines Fines from California are expected to increase further.”
That said, increasingly higher fines alone often do not bring about concrete change. For example, a researcher at Proton found that after just one week in 2024, Big Tech was making enough to pay off all GDPR fines for 2023.
How to take back control of your online privacy
These results clearly show how consent pop-ups are not enough to protect your privacy online, with many websites struggling to comply with current data protection laws. It seems very likely that your information will be compromised again and again if you don’t equip yourself with some extra help.
This is why using a virtual private network (VPN) is still crucial to increase your anonymity while browsing the web, even in countries with strict privacy laws. A VPN encrypts your Internet connection to prevent third-party access while spoofing your real IP address location for added privacy.
Do you know that?
Choose a VPN with built-in web tracker-blocker tools – most providers these days offer this extra protection. Ny Breaking’s top pick, NordVPN, recently upgraded its Threat Protection tool to ensure it’s effective at protecting against malware and phishing.
I also recommend switching to a more secure web browser. Brave, Opera and Mozilla Firefox are known to be more privacy-oriented and come with both a built-in VPN and ad-blocking software.
Finally, you may want to consider a data erasure service such as Incognit to help you exercise your right to be forgotten, in accordance with privacy laws. These services send requests to data brokers asking them to delete any data they already have about you.