An astonishing 75% of the 100 most visited websites in the US and Europe are not compliant with current privacy regulations, according to new research from Privado.ai in its 2024 State of Website Privacy Report.
Despite stricter privacy enforcement in Europe, Privado found a surprising 74% of top websites in Europe do not honour opt-in consent as required by Europe’s General Data Protection Regulation (GDPR).
And although top websites in the US had a similar non-compliance rate of 76% for not honouring opt-out consent as required by the California Privacy Rights Act (CPRA), Privado found the median volume of compliance risks to be three times higher in the US.
The State of Website Privacy Report is based on data from Privado’s consent monitoring solution collected in September 2024. Privado.ai decided to launch this solution and release this report in response to increasing privacy fines in both the US and Europe.
Six of the 20 largest GDPR fines since 2018 are due to consent compliance violations on websites, with Amazon receiving the second-largest GDPR fine to date – $888-million – for targeting users with ads without proper consent in 2021.
In the US, at least 10 companies since 2022 have been fined for violating consent compliance on websites as regulated by CPRA, the FTC (Federal Trade Commission), or HIPAA (Health Insurance Portability and Accountability Act).
With fines mounting and consumers demanding greater privacy, personal data sharing from websites has become a major legal risk for companies worldwide.
Some of the key findings from the report include:
- 76% of the most visited websites in the US do not honour CPRA opt-out signals.
- 74% of the most visited websites in Europe do not honour GDPR opt-in consent.
- The most visited websites share personal data with an average of 17 advertising third-parties in the US and six in Europe.
“With modern privacy laws now in place, websites have added cookie banners in an attempt to comply, but the banners are usually misconfigured.” says Privado CEO, Vaibhav Antil. “Especially as marketing technology constantly changes on websites, privacy teams need continuous consent testing on websites to ensure compliance.”