Of course, as an Internet user in the territory of the European Union, you are already accustomed to having to indicate your preferences for setting cookies as soon as you access a website. However, a recently published study reveals that most of the pop-ups submitted are not complying with the General Data Protection Regulation.
Researchers at MIT in the US, University College in London, and Aarhus University in Denmark point to the prevalence of design configurations that manipulate and even force users to respond in a way that does not, in fact, protect. your data.
The investigation reviewed around 10,000 websites in the UK, which are managed by companies such as QuantCast, OneTrust, TrustArc, Cookiebot and Crownpeak to understand how the design and settings of cookie preference tools affect users' choices.
Several websites use consent management platforms (CMP) to obtain permission regarding tracking cookies. However, the popups in question often contain options that are already "pre-selected", something that is often overlooked by the most unwary users. Although not legally valid, the practice is abundant on the platforms under review, with 56.2% of websites including them.
The study shows that only 11.8% of CMPs meet the requirements of the RGDP. On the platforms in question, user consent is in fact explicit as they have no preferences already selected and rejection of options is as easy as their approval.
The vast majority of CMPs under review make the process of rejecting tracking cookies difficult. In all, in 50.1% of the websites studied the platforms did not have the option to "reject all". Only 12.6% of PMCs demonstrated an affordable total rejection option. In addition, research shows that 74.3% of all buttons in the genre required more than one click to activate them.
Another trend found in 32.5% of websites reviewed is implicit consent. The pages in question allow a user on European territory to visit them even when they do not indicate their preferences regarding cookies. The use of third party trackers without consent is also frequent. The number of such cookies found by researchers on websites ranges from 52 to 542.
The study also demonstrates that two of the most commonly used interfaces by CMPs, ie not demonstrating a total rejection option for all cookies and presenting the options considered to be the main option before allowing greater control by the user, do not agree with the RGDP requirements.