Not accepting cookies doesn't work; it turns out that Google and Microsoft are still collecting data on users.
When you go to a website, a window usually pops up asking you to accept cookies or choose which ones you don't want. Some users click "OK" without knowing what data is being collected, while others refuse all options to keep their privacy safe. But new research shows that in 86% of cases, some browsers, like Google Chrome, don't listen to users when they ask websites not to track them.
WebXray, a non-profit group, did a forensic audit that looked at the web traffic of a number of well-known sites. They found that 194 advertising services kept using tracking cookies even after users said they didn't want to be tracked.
WebXray looked into the internet traffic for thousands of popular California websites and found that 55% of these pages broke the California Consumer Privacy Act (CCPA). The audit also showed how browsers use technical methods to get around privacy settings.
One such mechanism is Global Privacy Control (GPC): when activated by a user, their browser sends the sec-gpc:1 header, which websites are legally obligated to respect under California law as a valid request not to share personal data. However, a WebXRay audit revealed the following flaws:
● Google's failure rate is 86% because its advertising services systematically ignore the sec-gpc:1 signal when received and respond with an order to create an advertising cookie "IDE" for two years.
● As for Meta, its failure rate is 69% because the tracking pixel part lacks the necessary code to verify the GPC signal, which leads to it being activated automatically and tracking events being recorded regardless of privacy settings.
● As for Microsoft, its failure rate is 50%, because its tracking network, like Google's, receives the GPC signal but automatically returns a MUID tracking cookie for one year.
In conclusion, webXray reveals that the vast majority of cookie notices do not protect users and even fail to prevent tracking by browsers.
Regulators in California say that ignoring the General Terms of Service (GTS) is a punishable offense, although recent enforcement actions by the California Consumer Privacy Act (CCPA) have resulted in hefty fines for companies that fail to properly process opt-out requests.
According to 404 Media, California's privacy audit estimates that these ongoing violations could cost the industry as a whole cumulative financial liabilities of up to $5.8 billion.