
Ninety-five per cent of websites may breach General Data Protection Regulation (GDPR) rules around user cookie storage.
Cookies are files that contain small pieces of data about a website user based on the sites they visit, which get saved onto the user’s device every time they go to a website. Websites use cookies to tailor advertisements to the user, record what they have put in their online shopping basket and track the number of people using their site.
Since 2018, the European Union’s GDPR has required websites to have so-called cookie bars or banners that pop up when a user first visits a site, with this legislation also applying in the UK. The pop-up bars explain why cookies are collected, define how they are used and require the user to consent to their data being stored.
Advertisement
suggests many websites fail to meet GDPR legislation. “We felt this is something that was really broken for users,” says at ETH Zurich in Switzerland.
Kubíček and his colleagues looked at 29,398 websites, taken from the client lists of companies that design cookie banners. The team assessed whether the banner text accurately represented the cookies being collected and if a user’s consent affected the cookies that were saved.
Of the websites, 94.7 per cent had at least one potential GDPR violation. About 7 in 10 of the sites activated cookies before a user had agreed to how their data was stored, while around 1 in 5 activated cookies the user had declined.
To enable better user control, Kubíček’s team has developed a web browser extension that uses machine learning to divide cookies into four categories: essential, such as those that store log-in details; functional, like those that enable embedded videos to run correctly; analytics; and advertising. Users can agree to accept or decline cookies in each category without having to read any banner text.
When tested on 100 websites, the browser extension was found to have no obvious malfunctions 85 per cent of the time.
at De Montfort University in Leicester, UK, welcomes the browser extension, but says it could cause problems.
“For ad-blocker web extensions, this has been an arms race for many years,” he says. “If cookie-blocker web extensions become more common, and web-tracking frameworks don’t pivot to different technologies, such an arms race should be expected here too.”
Reference: