Report: U.S. Web Sites Not Protecting Your Private Data

According to a study announced Friday by privacy compliance solutions vendor Zendata, many Web sites were found to have woeful data protection practices in place.

The context is the European Union's General Data Protection Regulation (GDPR), which went into effect years ago on May 25, 2018.

The GDPR specifies financial penalties for data privacy infractions that also apply to U.S. companies when they interact with European Union denizens. Zendata pegged the GDPR fines at the $80,000 to $120,000 range, but data breaches will cost organizations more and they'll bear upfront costs in the "millions."

No Opt Out
For the study, Zendata analyzed the top 1,000 U.S. Web sites (per data) during the Dec. 2021 period, using its own software for the analyses. Almost half of the sites (43.2 percent) didn't offer a choice of opting out of having one's data being sold. The actual use of the collected data was deemed as "ambiguous" for 41.4 percent of these sites.

Web site operators also failed in various ways to alert site visitors about the use of cookies to track their actions. Zendata found that 54.9 percent of the sites lacked a cookie message on the first load, and 31.7 percent of these sites not alerting users to cookies also used ad trackers.

Web site visitors also are getting tracked by "device fingerprinting," which was the case for 43.8 percent of the top U.S. Web sites studied.

Complex Privacy Policies
Perhaps worst of all, Zendata's study found that 82.1 percent of the top Web sites used complex privacy policies that were difficult to understand. Zendata researchers didn't read through these policies, but instead used a scanner and algorithm to make that determination.

"Websites with privacy policies that are 'difficult to understand' were determined by a proprietary machine learning model which takes into account privacy policy length, structure of the website, description of data uses, readability of the page, sentence length and lexical diversity," the announcement explained.

Reading privacy policies is sort of failure by design. It was once estimated that it would take "244 hours a year" for an American to read the privacy policies of all the Web sites visited. That estimate comes from a 2008 study, though. It's now deemed to be an impossible task due to the "length, terminology and ambiguous language" used in Web site privacy policies, Zendata contended.

A privacy-driven approach by Web sites leads to a positive effect, both in terms of brand and revenue, according to Zendata, citing a 2019 GDPR study. Zendata sells a service toward that end, but noted that "the average privacy compliance tools are at about $60k," plus IT support costs, making them costly for many small-to-medium businesses.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • SharePoint Embedded Becomes Generally Available

    After a six-month preview, SharePoint Embedded, an API-based version of SharePoint that developers and ISVs can use to embed Microsoft 365 capabilities into their apps, is now generally available.

  • Copilot in Microsoft 365 Getting Agents, Extensions and Team (Not Teams) Support

    Microsoft is adding more functionality to its Copilot AI assistant aimed at improving business collaboration, processes and workflows for Microsoft 365 users.

  • Microsoft Giving Startups Templates To Build AI Apps

    A new perk for businesses enrolled in the Microsoft for Startups Founders Hub program aims to fast-track their ability to build AI-powered applications.