News

Report: U.S. Web Sites Not Protecting Your Private Data

According to a study announced Friday by privacy compliance solutions vendor Zendata, many Web sites were found to have woeful data protection practices in place.

The context is the European Union's General Data Protection Regulation (GDPR), which went into effect years ago on May 25, 2018.

The GDPR specifies financial penalties for data privacy infractions that also apply to U.S. companies when they interact with European Union denizens. Zendata pegged the GDPR fines at the $80,000 to $120,000 range, but data breaches will cost organizations more and they'll bear upfront costs in the "millions."

No Opt Out
For the study, Zendata analyzed the top 1,000 U.S. Web sites (per Crunchbase.com data) during the Dec. 2021 period, using its own software for the analyses. Almost half of the sites (43.2 percent) didn't offer a choice of opting out of having one's data being sold. The actual use of the collected data was deemed as "ambiguous" for 41.4 percent of these sites.

Web site operators also failed in various ways to alert site visitors about the use of cookies to track their actions. Zendata found that 54.9 percent of the sites lacked a cookie message on the first load, and 31.7 percent of these sites not alerting users to cookies also used ad trackers.

Web site visitors also are getting tracked by "device fingerprinting," which was the case for 43.8 percent of the top U.S. Web sites studied.

Complex Privacy Policies
Perhaps worst of all, Zendata's study found that 82.1 percent of the top Web sites used complex privacy policies that were difficult to understand. Zendata researchers didn't read through these policies, but instead used a scanner and algorithm to make that determination.

"Websites with privacy policies that are 'difficult to understand' were determined by a proprietary machine learning model which takes into account privacy policy length, structure of the website, description of data uses, readability of the page, sentence length and lexical diversity," the announcement explained.

Reading privacy policies is sort of failure by design. It was once estimated that it would take "244 hours a year" for an American to read the privacy policies of all the Web sites visited. That estimate comes from a 2008 study, though. It's now deemed to be an impossible task due to the "length, terminology and ambiguous language" used in Web site privacy policies, Zendata contended.

A privacy-driven approach by Web sites leads to a positive effect, both in terms of brand and revenue, according to Zendata, citing a 2019 GDPR study. Zendata sells a service toward that end, but noted that "the average privacy compliance tools are at about $60k," plus IT support costs, making them costly for many small-to-medium businesses.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.