GDPR has been in force since last May, but what has really changed? This report tries to answer that question by examining how organizations in the EU and North America are collecting and using data consents for EU internet users.
There are many indications that tech and advertising giants have a stake in keeping the status quo and won’t change without more of a fight. Google’s appeal against the €50 million fine imposed on them by the French CNIL seems to be proof of that.
But how are other websites reacting so far? If consent mechanisms are in place, do they work according to the GDPR philosophy? Or maybe they adapted to some of the requirements, omitting the rest?
We decided to investigate this matter in our latest report.
About the methodology
Consent is not the only base for data processing. However, it’s the simplest one to evaluate in practice. Most website owners want to use personal data in the form of persistent tracking cookies. Under the GDPR, in order to do that, they should ask for consent.
To see how companies meet their new obligations, we checked 200 websites – 25 from each of the following countries:
- France
- United Kingdom
- Belgium
- Germany
- Spain
- Poland
- United States
- Canada
For each country, we selected 5 large and visible organizations from the following sectors:
- banking
- insurance
- e-commerce
- media
- government
And then scored the websites based on two main criteria:
- consent mechanism quality
- clarity and availability of information
The higher the score, the closer to the GDPR ideal. We invite you to learn all about the results, divided according to industries and countries.
The research, however, didn’t aim to evaluate who is and isn’t GDPR-compliant – we’ll leave that assessment to the relevant authorities.
What’s to come? We asked the experts
Statistics are not all that our report has to offer. You’ll also find there quotes from 4 specialist contributors giving their insight into the current (and future!) state of affairs. The list of experts includes:
- Aurélie Pols, Privacy Engineer & founder of Competing on Privacy
- Dr Johnny Ryan, FRHistS, Brave
- David Clarke, Founder of GDPR Technology Group and Cyber Security advisor
- Maciej Zawadziński, CEO of Clearcode and Piwik PRO
We asked them what they thought were the biggest events of 2018 and what to expect in 2019. Sound interesting? Check out the full report to see the results, the biggest trends we saw and what our panel of experts think we’ll see in 2019.
