Studies have revealed that the extent to which cookie consent drive illegal practices is alarming, with vendors turning a blind eye to unlawful configurations of their systems.
The latest study by researchers from UCL, MIT, and Aarhus University suggests that a vast majority of websites undermine the European Union data privacy rules. As per the “Dark Patterns after the GDPR” report published on January 8, 2020, less than 12% of the top 10,000 websites studied met the minimum requirements of the EU privacy law for using the cookie consent tools.
The illegal practices and configurations result from websites that do not follow the legally prescribed course of action for the use of cookie consent tools, to obtain lawful consent from their website visitors. Such consent is a must for all websites in the EU. This is defined by the guidelines set out in the General Data Protection Regulation (GDPR) designed to govern how firms collect and process the personal data of their users.
The findings of January’s study shows that only a significant minority (about 11.8%) of websites complies fully with the GDPR’s standards. The study further investigates how the designs of different CMPs and cookie consent tools affect visitors actually choosing to consent in the first place. In case an opt-out button is added to the website interface, consent increases by about 25%.
GDPR is still a relatively new form of legislation in the world of privacy protection, and data protection regulators are rushing to catch up with the adaptations in the online privacy ecosystem. For firms that are circumventing GDPR, data protection authorities should use automated tools to ensure enforcement of cookie consent tools.
There is an urgent need for some degree of industry self-regulation in the online world. Until the GDPR and other data protection become fully enforced, it would seem likely that CMPs and cookie consent tools to fall short of adequately protecting users from being misled into sharing their private data.