Most websites still not GDPR compliant

GDPR

Rogier

Rogier

Senior Developer

Categories

Most Popular Articles

Subscribe to our newsletter

    For EU Subscribers | Privacy Statement
    For USA Subcribers | Privacy Statement

  • This field is for validation purposes and should be left unchanged.

Vodafone.com – EU – 6/2019

Common issues

When browsing the internet, most websites I come across are not GDPR compliant. Most of them seem to either try and fail, or won’t comply on purpose.

Common issues and occurrences:

1. “If you continue to browse this website, you consent to our cookies.”

Which is a recognition of GDPR as a privacy law, but they chose to disregard it at the the same time.

2. “We use cookies on this site.” No deny button or preferences available. Just “Accept”.

As number 1, a clear recognition followed by disregarding any effort in their user’s privacy. Which begs the question, why any effort in the first place?

3. A cookie wall.

See the link for more details; the cookie wall is not applicable for 99.9% percent of websites.

4. Accept or Deny. But we the cookies have already been set or can’t be revoked.

An accept or deny banner can be compliant. But we have seen too many times this banner appearing after cookies are already set and consequently a useless “Deny” button. If cookies are already set, you’re not compliant. If they can’t be revoked. You’re not compliant.

“Deny” should be the default at first load, as opt-in should be the user’s consent.

5. Levels of consent with categories you can choose.We have checked them all, just to be sure. Unchecking won’t matter, cookies are set!

The most common “work-around” it seems. Controlling the cookies by category, but expecting your users to opt-out, instead of opt-in. Which defeats the purpose of consent. This is the most popular window dresser for GDPR compliancy, but funny enough also the most visible one.

Furthermore

Some sites do have a popup with categories, where you can select “marketing” if you want. Or they have a cookie banner with an “accept” and “decline’ button. These sites visually seem to comply with the GDPR, but often are not.

If you actually check cookies on these sites, you will probably see the same thing on most of them: Be it the informational warning, a “browsing implies consent” warning, or even a “select your preferences”, with a checked “marketing” option (I’ve seen this with Cookiebot for example).

Or the “accept” or “decline” variation, in most cases you will see that Facebook, Youtube, Google Maps, advertisements, etc are already loaded before you have accepted cookies, selected the marketing category, or continued browsing.

You as visitor might not realise this, but when you see these services, you’re already being tracked, consent or not! For example. Uber.com

A quick scan

These sites are thumbing their nose’s at the GDPR in a serious way:  when you visit such sites, and check your cookies, you will see you’re already being tracked. These cookie warnings are nothing more than window dressing. The site is suggesting you can choose to opt-in (with the marketing category, or by clicking accept), or you can still choose not to continue browse and leave the website. But you are being misled, be it deliberate or not.

Sure, maybe the site owner is not aware of this. But as a site owner you should and are indeed responsible! And, I suspect that in a lot of cases, site owners are aware of the issue, but choose to ignore it.

If you’re a website owner and you’re not sure if your site is really compliant, it might be a good idea to do our quick scan.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.

© Copyright - Complianz 2019