Here's how websites are breaching tracking policies

Did you know any device connected to a network can leak data about its users and environment? Online tracking enables online companies to collect data, which could be used for personalised offers. 

Our researchers are exposing the alarming realities of online tracking. Read on to find out just many websites are breaching regulations when it comes to your data. 

Non-compliant practices 

A Newcastle University-led study has found that the privacy notices and tracking practices of top global websites, and their corresponding apps, on Android devices are not compliant with current regulations. 

And now, the research team is calling for website and app developers to be more transparent and step up their efforts to educate users about online tracking practices, after their study has shown cookie notices and user opt-out routes violations in 97 out of EU’s 100 most popular websites.

The study also reveals that the corresponding Android apps of such popular websites suffer from the same non-complaint practices.  

Led by Dr Maryam Mehrnezhad, Lecturer in Cybersecurity and Privacy at Newcastle University’s School of Computing, the research team observed the top 100 EU websites from a user’s point of view to analyse how these websites handle their privacy notices and use and present privacy-enhancing technologies (PETs).  The team also measures the difficulties of opting-out of the default privacy settings if the user changes their mind later. 

The scientists found that only three websites allowed users to reject cookie notices as easily as they could accept. This means that the practices of the other 97 websites are non-compliant with the law and do not meet the minimum requirements provided by the GDPR.   

The study also shows that it would take an overage of three clicks for the user can opt out of the cookie notice on a website, and six clicks on average if the user accepts the cookie notice but later decides to opt out.  

You can find the published findings in the journal Proceedings on Privacy Enhancing Technologies and the European Workshop on Usable Security.

Intrusive online tracking  

These series of studies find disparities between the current data protection regulations, what websites offer as tracking protection and the ways individuals report to do so.

Dr Mehrnezhad said: “Recognising the users’ mindset is the key for multiple stakeholders such as developers and policymakers to protect them from online tracking across platforms e.g. websites, apps and IoT devices. That is why we have conducted our studies from a non-expert user’s point of view.” 

Study co-author, Dr Ehsan Toreini, Assistant Professor at Durham University, added: “Intrusive online tracking has gone to a different level now. For instance, even in the presence of the recent data protection regulations, now advertising companies have an individual profile per user allowing them to track each user individually.” 

Co-author Dr Kovila Coopamootoo, Lecturer (Assistant Professor) at King's College London, said: “Notice and consent choices need to be fair and usable and not be the users’ burden.” 

How does online tracking work?  

The most common tracking method is known as cookies – small pieces of data (in text form) that are downloaded to a device (e.g. computer or mobile) when a website is visited.

Other tracking methods include websites creating a fingerprint of the user’s browser with information collected through JavaScript.   

The current studies of the groups shows that such problems aggravate more when users are studies across different demographics e.g., gender and nationality. To mitigate these issues, the study authors recommend that designers and privacy educators need to not only provide information, but guide different user groups according to their preferences, and support accessibility of PETs within users’ preferred route. The team highlights that regulators should identify those needs leading to more effective and sometimes distinctive regulations.

You might also like...

• Find out more about Dr Maryam Mehrnezhad, Lecturer in Cybersecurity and Privacy
• Explore our School of Computing
• Read more about Study co-author, Dr Ehsan Toreini, Assistant Professor at Durham University
• Read more about co-author Dr Kovila Coopamootoo, Lecturer (Assistant Professor) at King's College London
• Discover the published findings in the journal Proceedings on Privacy Enhancing Technologies and the European Workshop on Usable Security.

To find out more about the work our researchers are doing to tackle the largest challenges facing our society, explore our blog. Alternatively, receive the latest, cutting-edge insights direct to your inbox when you subscribe to our research newsletter.