Despite stricter privacy enforcement in Europe, Privado found a surprising 74% of top websites in Europe do not honour opt-in consent as required by Europe’s General Data Protection Regulation (GDPR). 

Although top websites in the U.S. had a similar non-compliance rate of 76% for not honouring opt-out consent as required by the California Privacy Rights Act (CPRA), Privado found the median volume of compliance risks to be 3X higher in the U.S.

The State of Website Privacy Report is based on data from Privado’s consent monitoring solution collected in September 2024. Privado.ai decided to launch this solution and release this report in response to increasing privacy fines in both the U.S. and Europe. 

Six of the 20 largest GDPR fines since 2018 are due to consent compliance violations on websites, with Amazon receiving the second-largest GDPR fine to date, $888M, for targeting users with ads without proper consent in 2021.

In the US, at least 10 companies since 2022 have been fined for violating consent compliance on websites as regulated by CPRA, the FTC (Federal Trade Commission), or HIPAA (Health Insurance Portability and Accountability Act).

With fines mounting and consumers demanding greater privacy, personal data sharing from websites has become a major legal risk for companies worldwide.

State of Website Privacy Report Key Findings

• 76% of the most visited websites in the US do not honour CPRA opt-out signals 
• 74% of the most visited websites in Europe do not honour GDPR opt-in consent
• The most visited websites share personal data with an average of 17 advertising 3rd parties in the US and 6 in Europe

“With modern privacy laws now in place, websites have added cookie banners in an attempt to comply, but the banners are usually misconfigured,” said Privado CEO Vaibhav Antil.

“Especially as marketing technology constantly changes on websites, privacy teams need continuous consent testing on websites to ensure compliance.”

Most websites do not honour consent as required by privacy regulations in the US and Europe

To comply with the CPRA amendment to CCPA (California Consumer Privacy Act), websites in the US must block personal data sharing with advertising third parties if the user opts out of data sharing.

To comply with GDPR, websites in Europe must block personal data collection and sharing with third parties unless the user provides opt-in consent. Despite increasing privacy fines in the US and Europe, most websites are not honouring the consent requirements in the US or Europe. 

Privacy teams typically lack the visibility and controls to track what third parties are integrated with on their websites and whether they are honouring consent requirements.

With teams using so many third parties to optimize marketing and website performance, privacy teams need comprehensive solutions to continuously monitor consent and data flows.  

Top websites in the US and Europe typically share data with over 20 3rd parties

Consent management platforms alone do not ensure consent compliance

Consent management platforms (CMPs) are effective at managing the complexity of implementing consent banners and data flows across websites, but CMPs can’t sufficiently monitor and validate consent compliance. Privacy teams need continuous website monitoring solutions to mitigate privacy risks at scale. The solutions should provide a real-time view of third parties integrated with their websites, each data element being sent to which third parties, and consent banner functionality. 

Privacy code scanning and consent management platforms together can ensure privacy compliance

Privacy code scanning should be used in conjunction with a consent management platform to implement best-in-class digital tracking governance for websites and mobile apps.

Consent management platforms are critical for collecting, acting on, and recording consent, but they lack the full visibility and governance to ensure personal data doesn’t improperly leak to advertising third parties.

Privacy code scanning enables the complete and continuous visibility and governance needed to ensure compliance with today’s complex web of privacy regulations.

The post 75% of Most Visited Websites in U.S. and Europe are Not Compliant With Privacy Regulations appeared first on Tech | Business | Economy.

Nishant Bhajaria, who has led privacy engineering teams at Google, Netflix, Meta, Uber, and Nike, has joined Privado to lead its new Privacy Engineering Center of Excellence (CoE). 

As Head of Privacy Engineering CoE, Nishant will advise privacy leaders and Privado customers on how to optimize privacy programs for compliance, software developer efficiency, and customer trust. 

As Privado continues to build out its industry-first privacy code scanning platform (that helps software engineers identify and reduce privacy risks in their code), Nishant will also advise the Privado product team on new solutions that will help bridge the gap between privacy and engineering teams. 

Leveraging Nishant’s experience working with stakeholders across functions, Privado will accelerate its strategy to reduce privacy risk for companies building software that processes personal data. 

Over his career, Nishant has pioneered the technical privacy playbook to scale privacy compliance and turn privacy into a business driver. At Meta, he redesigned internal settings to improve user consent experiences. 

At Uber, he helped the company build consumer trust by building the Uber Privacy Center. When such an endeavor may have been thought to be expensive to build and manage, Nishant efficiently repurposed internal dashboards to power a privacy center that reduced the number of data requests instead of increasing them.

“I’ve been extremely impressed with Privado’s new approach to privacy compliance that promotes innovation, instead of hinders it,” Nishant Bhajaria said.

“For software-driven companies, data flows through their infrastructure like fire through dry grass fueled by code, yet privacy and engineering teams often lack visibility into how their software moves data. Many privacy teams try to fill this gap by asking engineers to complete questionnaires, but these manual assessments do not scale, and never will. 

“Privado has helped address this gap by scanning code to continuously monitor data flows and proactively identify risks. I’m excited to join the amazing team at Privado and help more privacy and engineering leaders implement solutions that enable, rather than block, engineers.” 

Privado CEO Vaibhav Antil explained why the time is now for this hire: “Nishant is an extraordinary leader and one of the pioneers in privacy engineering. His deep experience in managing privacy at the world’s most scrutinized tech companies makes him uniquely positioned to drive our vision forward. 

“We’ve been planning the launch of our Privacy Engineering Center of Excellence for some time, but we knew we needed the right person to lead it. With Nishant’s proven track record in solving complex privacy challenges at scale, we are confident that he will help shape the future of privacy engineering and strengthen our ability to serve our customers.”

Nishant is joining Privado after 10+ years of leading privacy and security engineering teams and 10 years as a software engineer. He leveraged his unique cross-functional privacy engineering approach to mitigate risk at scale for Meta, Google, Netflix, Uber, and Nike. 

He is the author of Data Privacy: A runbook for engineers and an accomplished educator. As an adjunct professor at his alma mater Arizona State University and Portland State University, Nishant teaches courses on data governance and Generative AI. He also teaches on LinkedIn Learning with courses on security, privacy, and career management.  

Nishant’s hire comes as privacy regulation is ramping up in the US. During 2024, the California Attorney General and FTC have already fined multiple companies for non-compliant personal data sharing, and enforcement has begun for two major privacy laws: the California Privacy Rights Act (CPRA) and Washington state’s My Health My Data Act (MHMDA). 

With the added scrutiny on data privacy, companies are grappling with data quality issues and business inefficiencies.  

Privado is keen to help companies proactively address privacy compliance with its privacy code scanning platform that provides full data visibility and continuous privacy governance. With AI enabling new levels of accuracy and automation, Privado believes now is the time for Nishant to help bring privacy code scanning to the enterprise market.

The post Google, Uber, Meta, Netflix Privacy Pioneer joins Privado.ai to Drive Customer Trust, Privacy appeared first on Tech | Business | Economy.