Web sites

Study finds major US websites not transparent about data privacy — Redmondmag.com


Study finds major US websites not transparent about data privacy

Companies that run US websites aren’t exactly showing a positive spirit on Data Privacy Day, January 28.

A study announced Friday by privacy solutions provider Zendata revealed deplorable practices in place with the top 1,000 US websites. The background is the European Union’s General Data Protection Regulation (GDPR), which came into force years ago on May 25, 2018.

The GDPR provides financial penalties for data privacy breaches that also apply to US companies when interacting with European Union citizens. Zendata has set GDPR fines between $80,000 and $120,000, but data breaches will cost organizations more and they will bear initial costs of “millions”.

No withdrawal
For the study, Zendata analyzed the top 1,000 US websites (according to data from Crunchbase.com) during the period of December 2021, using its own software for the analyses. Nearly half of the sites (43.2%) did not offer the choice to refuse the sale of their data. The actual use of the data collected was deemed “ambiguous” for 41.4% of these sites.

Website operators have also failed in various ways to alert site visitors to the use of cookies to track their actions. Zendata found that 54.9% of sites did not have a cookie message on first load, and 31.7% of those sites that did not warn users about cookies also used ad trackers.

Website visitors are also tracked by “device fingerprinting,” which was the case for 43.8% of the major US websites surveyed.

Complex privacy policies
Worse still, Zendata’s study found that 82.1% of major websites use complex and difficult-to-understand privacy policies. Zendata researchers did not read these policies, but instead used a scanner and an algorithm to make this decision.

“Websites with ‘difficult to understand’ privacy policies were determined by a proprietary machine learning model that takes into account privacy policy length, website structure, description of data uses , page readability, sentence length and lexical diversity,” the announcement explained.

Reading privacy policies is kind of a failure by design. It was once estimated that it would take an American “244 hours a year” to read the privacy policies of every website visited. This estimate comes from a 2008 study, however. It’s now seen as an impossible task due to the “length, terminology and ambiguous language” used in websites’ privacy policies, Zendata argued.

A privacy-focused approach to websites has a positive effect, both in terms of brand and revenue, according to Zendata, citing a 2019 GDPR study. Zendata sells a service for this purpose, but noted that “the average tools for Privacy compliance costs around $60,000 plus IT support costs, making them expensive for many small and medium businesses.

About the Author

Kurt Mackie is senior news producer for 1105 Media’s Converge360 group.