Complianz Privacy Suite

Most websites still not GDPR compliant

Rogier Lankhorst

Rogier Lankhorst

Categories

Popular articles

Editing Legal Documents

The legal documents are generated by the Wizard and will show up under ‘Pages’ with a shortcode in the content. This shortcode is used to

Read More

CNIL updated privacy guidelines

While the much-anticipated ePrivacy directive seems to be postponed for some years, local Data Protection Authorities formulate their statements, which provide us with concrete guidelines

Read More
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Vodafone.com – EU – 6/2019

Common issues

When browsing the internet, most websites I come across are not GDPR compliant. Most of them seem to either try and fail, or won’t comply on purpose.

Common issues and occurrences:

1. “If you continue to browse this website, you consent to our cookies.”

Which is a recognition of GDPR as a privacy law, but they chose to disregard it at the the same time.

2. “We use cookies on this site.” No deny button or preferences available. Just “Accept”.

As number 1, a clear recognition followed by disregarding any effort in their user’s privacy. Which begs the question, why any effort in the first place?

3. A cookie wall.

See the link for more details; the cookie wall is not applicable for 99.9% percent of websites.

4. Accept or Deny. But we the cookies have already been set or can’t be revoked.

An accept or deny banner can be compliant. But we have seen too many times this banner appearing after cookies are already set and consequently a useless “Deny” button. If cookies are already set, you’re not compliant. If they can’t be revoked. You’re not compliant.

“Deny” should be the default at first load, as opt-in should be the user’s consent.

5. Levels of consent with categories you can choose.We have checked them all, just to be sure. Unchecking won’t matter, cookies are set!

The most common “work-around” it seems. Controlling the cookies by category, but expecting your users to opt-out, instead of opt-in. Which defeats the purpose of consent. This is the most popular window dresser for GDPR compliancy, but funny enough also the most visible one.

Furthermore

Some sites do have a popup with categories, where you can select “marketing” if you want. Or they have a cookie banner with an “accept” and “decline’ button. These sites visually seem to comply with the GDPR, but often are not.

If you actually check cookies on these sites, you will probably see the same thing on most of them: Be it the informational warning, a “browsing implies consent” warning, or even a “select your preferences”, with a checked “marketing” option (I’ve seen this with Cookiebot for example).

Or the “accept” or “decline” variation, in most cases you will see that Facebook, Youtube, Google Maps, advertisements, etc are already loaded before you have accepted cookies, selected the marketing category, or continued browsing.

You as visitor might not realise this, but when you see these services, you’re already being tracked, consent or not! For example. Uber.com

A quick scan

These sites are thumbing their nose’s at the GDPR in a serious way:  when you visit such sites, and check your cookies, you will see you’re already being tracked. These cookie warnings are nothing more than window dressing. The site is suggesting you can choose to opt-in (with the marketing category, or by clicking accept), or you can still choose not to continue browse and leave the website. But you are being misled, be it deliberate or not.

Sure, maybe the site owner is not aware of this. But as a site owner you should and are indeed responsible! And, I suspect that in a lot of cases, site owners are aware of the issue, but choose to ignore it.

If you’re a website owner and you’re not sure if your site is really compliant, it might be a good idea to do our quick scan.

Related articles

Leave a Reply

Your email address will not be published.