My Authors
Read all threads
[THREAD] #GDPR and #ePrivacy directive require #consent for tracking. EU websites rely on IAB #cookie banner providers to implement consent, but what happens behind the cookie banner interface? Our study @CelestinMatte @Cristianapt finds 54% of them are non-compliant. (1/11)
Many websites rely on third-party cookie banner providers, called Consent Management Providers (CMPs), that implement the IAB Europe Transparency and Consent Framework (TCF): iabeurope.eu/transparency-c… (3/11)
Websites should wait for a user’s decision before storing the user’s consent in the browser. We automatically identified 175 websites out of 1,426 that contain IAB Europe cookie banners storing user's positive consent even before the user has made any choice! (4/11)
Website owners should allow users to opt out of tracking and should provide options to refuse. This is not the case on 38 of the websites we tested! On this French website, the banner exposes users to 565 third party advertisers to silently collect and use her data. (5/11)
According to the EU regulators, and the recent CJEU case (aka “Planet49”), websites should not pre-select options in consent dialogs. On 236 websites, the banner gives users a choice, however some of the choices are pre-selected and set to “accept”. (6/11)
If the user doesn't pay attention to this website and clicks "Save and close", then 47 different third party advertisers are allowed to use the collected data for any purpose. (7/11)
Shockingly, some cookie banners do not respect the choice the users made. On 39 websites banners store a positive consent even if the user has explicitly opted out! This practice can be considered deceptive as it results in accepting data collection against users' will. (8/11)
On this website, the user believes she opted out of tracking, but in fact the banner registered her positive consent for 544 third party advertisers, who can now use the collected data for any of the purposes defined in the framework. (9/11)
Our browser extension for Firefox and Chrome (hopefully, coming soon on add-on stores) called "Cookie Glasses" allows users to verify that the consent stored by CMPs corresponds to their choice: github.com/Perdu/Cookie-G… (10/11)
Conclusion: 305 websites violate GDPR and/or ePrivacy directive:
- 175 websites store a positive consent of the user before any choice
- 38 websites do not allow the user to opt out
- 236 websites have pre-selected choices
- 39 websites do not respect the user’s choice (11/11)
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Nataliia Bielova 👣

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!