Study Finds Top U.S. Web Sites Aren't Transparent About Data Privacy

Companies running U.S. Web sites aren't really showing much positive spirit on Data Privacy Day, Jan. 28.

A study announced Friday by privacy compliance solutions vendor Zendata found woeful practices in place with the top 1,000 U.S. Web sites. The context is the European Union's General Data Protection Regulation (GDPR), which went into effect years ago on May 25, 2018.

The GDPR specifies financial penalties for data privacy infractions that also apply to U.S. companies when they interact with European Union denizens. Zendata pegged the GDPR fines at the $80,000 to $120,000 range, but data breaches will cost organizations more and they'll bear upfront costs in the "millions."

No Opt Out
For the study, Zendata analyzed the top 1,000 U.S. Web sites (per data) during the Dec. 2021 period, using its own software for the analyses. Almost half of the sites (43.2 percent) didn't offer a choice of opting out of having one's data being sold. The actual use of the collected data was deemed as "ambiguous" for 41.4 percent of these sites.

Web site operators also failed in various ways to alert site visitors about the use of cookies to track their actions. Zendata found that 54.9 percent of the sites lacked a cookie message on the first load, and 31.7 percent of these sites not alerting users to cookies also used ad trackers.

Web site visitors also are getting tracked by "device fingerprinting," which was the case for 43.8 percent of the top U.S. Web sites studied.

Complex Privacy Policies
Perhaps worst of all, Zendata's study found that 82.1 percent of the top Web sites used complex privacy policies that were difficult to understand. Zendata researchers didn't read through these policies, but instead used a scanner and algorithm to make that determination.

"Websites with privacy policies that are 'difficult to understand' were determined by a proprietary machine learning model which takes into account privacy policy length, structure of the website, description of data uses, readability of the page, sentence length and lexical diversity," the announcement explained.

Reading privacy policies is sort of failure by design. It was once estimated that it would take "244 hours a year" for an American to read the privacy policies of all the Web sites visited. That estimate comes from a 2008 study, though. It's now deemed to be an impossible task due to the "length, terminology and ambiguous language" used in Web site privacy policies, Zendata contended.

A privacy-driven approach by Web sites leads to a positive effect, both in terms of brand and revenue, according to Zendata, citing a 2019 GDPR study. Zendata sells a service toward that end, but noted that "the average privacy compliance tools are at about $60k," plus IT support costs, making them costly for many small-to-medium businesses.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube