May 25th marked the first anniversary of the entry into force of the new General Data Protection Regulation (GDPR). Over the past year, users have had to adapt to the changes brought about by the new regulations , becoming accustomed to the appearance of consent windows and emails from different organizations seeking their acceptance of the new privacy regulations.
But have the websites most visited by users also adapted? According to a study by PrivacyCloud , a company dedicated to developing software and providing services for managing personal data, 83% of the most visited websites have privacy policies that are abusive to users.
This study, which uses as a sample the 100 most popular websites (excluding websites with adult content and pirated content) according to the Alexa reference ranking, reveals that only 14 of the 100 websites most visited by Spaniards have adapted their use of cookies to the GDPR during the year that the regulation has been in force.
The use of cookies requires prior consent with specific mention of their recipients and purposes.
Cookies are small files that allow a device to be identified when browsing the Internet. Their use to facilitate user tracking across multiple web pages, or to enrich databases with user profiles, requires prior consent with specific mention of their recipients and purposes.
Although cookies are regulated by the LSSI (Information Society Services Act), the GDPR has redefined the threshold of valid consent required , with mere browsing or the use of pre-selected boxes being insufficient.
The study indicates that 86% of the websites analysed fail to comply with the duties of bolivia phone number transparency and basic information imposed by the GDPR or, in the case of 63% of the total, the aforementioned need for express consent.
On the other hand, 99% fail to comply with the obligation to allow the user to directly reject cookies with the same ease with which they are accepted, while 9% equate the transfer of data (through acceptance) with an access fee.
In addition to the recent accumulation of private complaints , data protection agencies have initiated significant ex officio actions in the field of digital advertising and Internet user profiling.
«To date, we have witnessed a kind of denial of evidence by website operators or digital advertising systems, shifting the burden of the new regulations to the user with intrusive requests for consent and greater inconvenience. If before the GDPR we had a sufficiently annoying cookie banner, now we assume that ruining 50% of the user experience with a pop-up window that cures us is a good idea. The GDPR points in the opposite direction: if the user does not understand it and does not freely accept it, it is no longer valid . We have to get used to living without profiling cookies and without buying and selling audiences, allowing the user to expose the data they want based on the capacity of a company to transform it into a differentiated service», explains Sergio Maldonado, CEO of PrivacyCloud.
The best option for companies to be able to freely access user data in compliance with the regulations is for the clients themselves to voluntarily provide it. In this sense, PrivacyCloud offers WeRule , an app that allows users to contact organizations to directly decide what data they provide and to whom they provide it .