For too long this has been a scandal of public deception, involving massive collusion between controllers, processors, investors, & lobbyists
In July 2024 the Information Commissioner’s Annual Report 2023/2024 reports that 53 of the UK’s top 100 websites were warned that "they faced enforcement action if they did not make changes to comply with data protection law".
David Erdos referenced it in a blog post last week.
Following the warning, according to the ICO, "8 had changed their cookie banners to be compliant and a further four committed to reach compliance within a month".
On 13/11/24 we triggered an ePrivacy compliance scan on the the most popular UK sites ourselves. Our compliance scanner has been in operation since 2011 and is designed to record, amongst other things, all the cookies and other storage items placed in browsers when a user visits several pages of a site without giving their consent to cookies.
Click here to see a detailed graphical display of the scan results
Only one site, the main Government site is fully compliant and even they control a subdomain of their site (for Transport For London) which is not compliant. Over 95% are not even close.
Before the ICO sent out their warning it must have been worse, though its difficult to imagine how!
On average, sites place 46 cookies and 21 other storage items ("localStorage" and "indexedDB") when the sites are visited, before any cookie consent buttons are clicked.
Once placed the cookies are never deleted, so, even if consent is given, effective withdrawal is impossible.
Very few, such as the gov.uk site, incorporates a Consent Management Platform that actually works, and is not just for show.
The 38% sites utilising the most widely used cookie consent tool (from US supplier OneTrust) place over 40% more unconsented cookies than the others on average.
We can check any site fo ePrivacy compliance, and have the tools to make them comply, we at Baycloud have been doing this sucessfully for 12 years.
Contact us if you want your site to comply with the law and avoid supporting big tech surveillance.