Secure your place at the Digiday Media Buying Summit in Nashville, March 2-4
Digiday Research: In the race to comply with digital privacy laws, few sites are making it easy for visitors to opt out of data collection
This research is based on unique data collected from our proprietary audience of publisher, agency, brand and tech insiders. It’s available to Digiday+ members. More from the series →
Both brands and media companies are in the early innings of preparing for immense changes in how they approach the privacy of their site visitors.
But in most of the U.S., it’s barely apparent that the game has started, according to new Digiday+ research. Just a little more than 10% of the sites owned by the largest media companies are giving most American internet users an opportunity to manage what kinds of data those sites can collect and use.
Using a desktop computer located in New York State, Digiday visited sites belonging to the media properties in the Comscore 50. It omitted sites which require a log-in to be used effectively, such as Facebook or LinkedIn. In cases of entities that own or manage ad inventory for large numbers of properties, such as Mediavine or CafeMedia, Digiday examined their largest sites by traffic. The data was collected in July 2021.
The data is not representative of the experience that every American internet user will have. A number of different U.S. states, including California, Maine and Washington, have already passed their own digital consumer privacy laws, and several more state legislatures are considering their own. By 2023, about two thirds of the U.S. population will be covered by a patchwork of different state privacy laws.
Yet even with those changes looming, you wouldn’t know it from looking at top sites.
That picture contrasts with what those same sites are doing in Europe, where regulations require site owners to operate differently; when Digiday used a virtual private network to visit the same sites using an IP address located in the United Kingdom, most all of the sites Digiday examined had a privacy notice and popup.
Yet those sites don’t make it easy to opt out of tracking. Just 11% of the sites Digiday examined offered visitors a one-click way to opt out of tracking. More than 60% of them had policies of implied consent, meaning that site users who did not configure their privacy settings or explicitly opt out were automatically giving the sites permission to continue gathering data on them.
The site visitors who were savvy enough to engage with the sites’ consent management tools weren’t given an easy path to opting out either. Just 15% of the sites immediately gave people an opportunity to opt out after choosing to “manage” their settings.
More in Media
From feeds to streets: How mega influencer Haley Baylee is diversifying beyond platform algorithms
Kalil is partnering with LinkNYC to take her social media content into the real world and the streets of NYC.
‘A brand trip’: How the creator economy showed up at this year’s Super Bowl
Super Bowl 2026 had more on-the-ground brand activations and creator participation than ever, showcasing how it’s become a massive IRL moment for the creator economy.
Media Briefing: Turning scraped content into paid assets — Amazon and Microsoft build AI marketplaces
Amazon plans an AI content marketplace to join Microsoft’s efforts and pay publishers — but it relies on AI com stop scraping for free.