Back to blog

We’re Releasing “The State of GDPR Consent” Report


Written by ,

Published February 11, 2019 · Updated August 7, 2019

We’re Releasing “The State of GDPR Consent” Report

GDPR has been in force since last May, but what has really changed? This report tries to answer that question by examining how organizations in the EU and North America are collecting and using data consents for EU internet users.

There are many indications that tech and advertising giants have a stake in keeping the status quo and won’t change without more of a fight. Google’s appeal against the €50 million fine imposed on them by the French CNIL seems to be proof of that.

But how are other websites reacting so far? If consent mechanisms are in place, do they work according to the GDPR philosophy? Or maybe they adapted to some of the requirements, omitting the rest?

We decided to investigate this matter in our latest report.

About the methodology

Consent is not the only base for data processing. However, it’s the simplest one to evaluate in practice. Most website owners want to use personal data in the form of persistent tracking cookies. Under the GDPR, in order to do that, they should ask for consent.

To see how companies meet their new obligations, we checked 200 websites – 25 from each of the following countries:

  • France
  • United Kingdom
  • Belgium
  • Germany
  • Spain
  • Poland
  • United States
  • Canada

For each country, we selected 5 large and visible organizations from the following sectors:

  • banking
  • insurance
  • e-commerce
  • media
  • government

And then scored the websites based on two main criteria:

  • consent mechanism quality
  • clarity and availability of information

The higher the score, the closer to the GDPR ideal. We invite you to learn all about the results, divided according to industries and countries.

The research, however, didn’t aim to evaluate who is and isn’t GDPR-compliant – we’ll leave that assessment to the relevant authorities.

What’s to come? We asked the experts

Statistics are not all that our report has to offer. You’ll also find there quotes from 4 specialist contributors giving their insight into the current (and future!) state of affairs. The list of experts includes:

  • Aurélie Pols, Privacy Engineer & founder of Competing on Privacy
  • Dr Johnny Ryan, FRHistS, Brave
  • David Clarke, Founder of GDPR Technology Group and Cyber Security advisor
  • Maciej Zawadziński, CEO of Clearcode and Piwik PRO

We asked them what they thought were the biggest events of 2018 and what to expect in 2019. Sound interesting? Check out the full report to see the results, the biggest trends we saw and what our panel of experts think we’ll see in 2019.



Karolina Lubowicka

Senior Content Marketer and Social Media Specialist

An experienced copywriter who takes complex topics of data privacy & GDPR and makes them understandable for all. LinkedIn Profile

See more posts by this author


David Street

Writer, marketer and data+stats specialist with a left and a right brain | LinkedIn profile

See more posts by this author

Core – a new plan for Piwik PRO Analytics Suite

Privacy-compliant analytics, built-in consent management and EU hosting. For free.

Sign up for free