More than 7 out of 10 of the most visited websites share your personal data with third parties – even when you explicitly withdraw your consent.
This is the worrying finding from the 2024 State of Website Privacy Report by privacy solution provider Privado.ai. After looking at the 100 most visited websites in the US and Europe, experts found that around 75% aren’t compliant with current privacy regulations enforced across the regions.
These alarming low rates of non-compliance show how privacy laws alone aren’t enough to protect your privacy. Using one of the best VPN apps and other privacy software remains the best bet you have to take back agency over your data.
Most US and European websites are at risk of privacy violations
Experts scanned the 100 most visited websites in the US and Europe in September 2024 to verify consent compliance with the California Privacy Rights Act (CPRA) and General Data Protection Regulation (GDPR) respectively. To do so, they used Privado.ai’s automated consent monitoring technology.
The team was especially surprised to see that 74% of European websites analyzed didn’t honor opt-in consent as required by GDPR. US websites rank for a very similar rate of non-compliance, with 76% not respecting opt-out consent as required by CPRA. For both regions, experts note, the majority (99%) of non-compliance “was due to data sharing with advertising third parties without proper consent via a network request.”
Despite these similar results, as the graph below shows, US websites are three times more at risk of breaching privacy laws than those in Europe. Roughly half of the websites in the report were media publications, alongside e-commerce, lifestyle, healthcare, finance, technology, and government sites.
According to Privado CEO Vaibhav Antil, the reason for such high non-compliance rates lies in how marketing technology constantly changes on websites.
“With modern privacy laws now in place, websites have added cookie banners in an attempt to comply, but the banners are usually misconfigured,” he said. “Privacy teams need continuous consent testing on websites to ensure compliance.”
Unsurprisingly, privacy fines are also rapidly increasing in both regions. Europe is especially leading the way in targeting increasingly larger fines on companies violating the GDPR, rising from $77.5 million in 2019 to $2.1 billion in 2023.
“In the US, there were almost no privacy fines before 2022, and now there is one every month,” experts wrote, adding that with the CPRA amendment to the California Consumer Privacy Act (CCPA) going into effect in February 2024, “privacy fines from California are expected to pick up even further.”
Saying that, bigger and bigger fines alone often fail to make a concrete change. A researcher at Proton, for instance, found that after only a week into 2024, Big Tech earned enough to pay off all 2023 GDPR fines.
How to take back control on your privacy online
These results clearly show how consent pop-ups aren’t enough to protect your privacy online, with many websites struggling to comply with current data protection laws. Your information looks very likely to be breached, time and time again if you don’t equip yourself with some extra help.
This is why using a virtual private network (VPN) is still crucial to boost your anonymity when browsing the web, even in countries where strict privacy laws are in place. A VPN encrypts your internet connection to prevent third-party access while spoofing your real IP address location for extra privacy.
Do you know?
Opt for a VPN with built-in web tracker-blocker tools – most providers offer this extra protection nowadays. Today TechRadar’s top pick, NordVPN, recently upgraded its Threat Protection tool to ensure it’s effective in malware and phishing protection.
I also recommend switching to a more secure web browser. The likes of Brave, Opera, and Mozilla Firefox are known to be more privacy-focused, and they come with both a built-in VPN and ad-blocker software.
Lastly, you might want to consider a data removal service, like Incogni, to help you exercise your right to be forgotten, as per privacy laws. These services send requests to data brokers for you asking to delete all the data they already have on you.