Studies have revealed that the extent to which cookie consent drive illegal practices is alarming, with vendors turning a blind eye to unlawful configurations of their systems.

The Impact of US Government Shutdown on U.S. Cybersecurity

The latest study by researchers from UCL, MIT, and Aarhus University suggests that a vast majority of websites undermine the European Union data privacy rules. As per the “Dark Patterns after the GDPR” report published on January 8, 2020, less than 12% of the top 10,000 websites studied met the minimum requirements of the EU privacy law for using the cookie consent tools.

The illegal practices and configurations result from websites that do not follow the legally prescribed course of action for the use of cookie consent tools, to obtain lawful consent from their website visitors. Such consent is a must for all websites in the EU. This is defined by the guidelines set out in the General Data Protection Regulation (GDPR) designed to govern how firms collect and process the personal data of their users.

Despite this regulatory requirement, many websites can navigate around the GDPR — or at least to escape its penalties — by altering the design of their consent management platforms.  The best example of this is that regardless of the GDPR, many websites flag users who ignore cookie consent tools as having passed approval. Some cookie consent tools also give the user no choice between declining and approving the use of cookies, while others use pre-ticked boxes to duplicitously garner user consent. There is also ambiguity about the method of consent and many websites have managed to obtain it without the user realizing it.

Microsoft rolls out a new cloud tool for analyzing business data

The findings of January’s study shows that only a significant minority (about 11.8%) of websites complies fully with the GDPR’s standards. The study further investigates how the designs of different CMPs and cookie consent tools affect visitors actually choosing to consent in the first place. In case an opt-out button is added to the website interface, consent increases by about 25%.

GDPR is still a relatively new form of legislation in the world of privacy protection, and data protection regulators are rushing to catch up with the adaptations in the online privacy ecosystem. For firms that are circumventing GDPR, data protection authorities should use automated tools to ensure enforcement of cookie consent tools.

There is an urgent need for some degree of industry self-regulation in the online world. Until the GDPR and other data protection become fully enforced, it would seem likely that CMPs and cookie consent tools to fall short of adequately protecting users from being misled into sharing their private data.

Top Most Critical Cybersecurity Risks in the Automotive Industry