Member Exclusive

Digiday Research: In the race to comply with digital privacy laws, few sites are making it easy for visitors to opt out of data collection

disguise

Both brands and media companies are in the early innings of preparing for immense changes in how they approach the privacy of their site visitors. 

But in most of the U.S., it’s barely apparent that the game has started, according to new Digiday+ research. Just a little more than 10% of the sites owned by the largest media companies are giving most American internet users an opportunity to manage what kinds of data those sites can collect and use. 

Using a desktop computer located in New York State, Digiday visited sites belonging to the media properties in the Comscore 50. It omitted sites which require a log-in to be used effectively, such as Facebook or LinkedIn. In cases of entities that own or manage ad inventory for large numbers of properties, such as Mediavine or CafeMedia, Digiday examined their largest sites by traffic. The data was collected in July 2021. 

The data is not representative of the experience that every American internet user will have. A number of different U.S. states, including California, Maine and Washington, have already passed their own digital consumer privacy laws, and several more state legislatures are considering their own. By 2023, about two thirds of the U.S. population will be covered by a patchwork of different state privacy laws. 

Yet even with those changes looming, you wouldn’t know it from looking at top sites. 

 

That picture contrasts with what those same sites are doing in Europe, where regulations require site owners to operate differently; when Digiday used a virtual private network to visit the same sites using an IP address located in the United Kingdom, most all of the sites Digiday examined had a privacy notice and popup. 

Yet those sites don’t make it easy to opt out of tracking. Just 11% of the sites Digiday examined offered visitors a one-click way to opt out of tracking. More than 60% of them had policies of implied consent, meaning that site users who did not configure their privacy settings or explicitly opt out were automatically giving the sites permission to continue gathering data on them. 

 

The site visitors who were savvy enough to engage with the sites’ consent management tools weren’t given an easy path to opting out either. Just 15% of the sites immediately gave people an opportunity to opt out after choosing to “manage” their settings. 

https://digiday.com/?p=421076
Digiday Top Stories