Data Privacy Day — 67% of the top 1,000 U.S. B2C websites are not compliant with EU privacy laws, a new Zendata report shows
Content

Our Newsletter

Get Our Resources Delivered Straight To Your Inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
We respect your privacy. Learn more here.

Today, on #DataPrivacyDay, people internationally are making efforts to improve and educate businesses and consumers on data privacy. But how do we know where to improve if we don’t know where we stand? The truth is, the U.S. is still struggling to comply with EU privacy laws (GDPR).

Contact Us For More Information

If you’d like to understand more about Zendata’s solutions and how we can help you, please reach out to the team today.

In the spirit of advancement for all, Zendata used it’s proprietary software to analyze the top 1,000 U.S. websites and see which regulations they failed to follow. Here’s what we found:

Top websites are failing in three main categories: communication, transparency and new forms of tracking.

Nearly every website (82%) has complex privacy policies that are difficult to understand for the general consumer, and 41% are ambiguous about why they collect consumer data. Back in 2008, it would have taken 244 hours a year for the typical American internet user to read all of the privacy policies for the websites they visited. Today, it’s a seemingly impossible task that is increasingly hard because of the length, terminology and ambiguous language that is used.

A general disregard towards transparency is popping up across U.S. websites: 43% do not contain an option to opt-out of having your data sold, another half (55%) don’t have a cookie message on the first load, and one-third (31%) not only don’t have a cookie message on the first load, but also have ad trackers present on their site.

On top of all this, there is a rise in high device fingerprinting. Nearly half (44%) of the top U.S. websites use this data tracking tech to keep tabs on their visitors’ browsing behavior.

Why it matters:

While the GDPR is a European privacy law, if you offer goods or services to EU residents and capture personal identifiable information, you are required to comply with the regulation. Outside of legal issues, there are a number of risks businesses face:

Millions in added costs: Any company that fails to comply with these regulations is subject to fines of $80K-$120K. And in the case of a breach, companies will pay millions upfront, with longer tail costs to follow. Unfortunately, the average privacy compliance tools are at about $60k, with added costs for staffing and running these tools, which is also costly for small and medium businesses.

Loss of valuable customers: A new group of customers called Privacy Actives is on the rise, and could be another important factor to consider. While consumers are generally casual with their data, according to a recent Cisco survey of 2,600 adults, 32% are considered privacy actives. They are actively switching to new providers because of data or data-sharing policies.

Privacy actives are high value customers, as they tend to be more educated, affluent, and early tech adopters, and 90% said that the way a company treats their data reflects how they’re treated as customers. This group is growing quickly. Nearly another third of consumers (29%) care strongly about their privacy and are “willing to act,” (i.e. stop visiting websites with problematic privacy policies) but have not done so yet. They are one step away from becoming privacy actives.

Growth in trust and revenue: There is an upside to investing in data privacy, and those companies that are making changes are seeing benefits. A 2019 report by GDPR found that 80% of companies with a privacy-driven approach saw a positive impact on the organisation’s reputation and brand image with an increase in trust, with 75% seeing an increase in revenue.

The U.S. has some catching up to do, but the fact that Data Privacy Day is happening shows that influencers, regulators and businesses alike are doing what’s necessary to raise awareness and make improvements. Our goal is to join in this effort and help even the smallest companies pinpoint holes in their privacy policies and compliance measures — in a matter of minutes.

More about the data collection process:

Zendata used its proprietary software to scan the top 1,000 U.S. websites during December 2021.

Websites with privacy policies that are “difficult to understand” were determined by a proprietary machine learning model which takes into account privacy policy length, structure of the website, description of data uses, readability of the page, sentence length and lexical diversity.

Key findings:

  1. 43.22% do not contain option to opt-out of having data sold
  2. 54.94% do not have a cookie message on the first load
  3. 31.72% do not have a cookie message on the first load but have ad trackers present on the site
  4. 22.99% do not have a cookie message on the first load while having more than 10 ad trackers
  5. 13.68% do not have a cookie message on the first load with ad trackers and do not have the option to opt-out of having data sold
  6. 3.91% have at least 1 non-HTTP page
  7. 43.79% have high device fingerprinting
  8. 82.07% have complex privacy policies (i.e. difficult to understand)
  9. 41.38% have ambiguous data collection purposes

Our Newsletter

Get Our Resources Delivered Straight To Your Inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
We respect your privacy. Learn more here.

Related Blogs

What California's AB 1008 Could Mean For Data Privacy and AI
  • Data Privacy & Compliance
  • September 12, 2024
Learn About California's AB 1008 And How It Could Impact Your Business
The EU-U.S. Data Privacy Framework: Safeguarding Transatlantic Data Transfers
  • Data Privacy & Compliance
  • August 22, 2024
Discover Everything You Need To Know About The EU-US DPF
How Easy Is It To Re-Identify Data and What Are The Implications?
  • Data Privacy & Compliance
  • August 22, 2024
Learn About Data Re-Identification And What It Means For Your Business
Understanding Data Flows in the PII Supply Chain
  • Data Privacy & Compliance
  • July 1, 2024
Maximise Data Utility By Learning About Your Data Supply Chain
Data Minimisation 101: Collecting Only What You Need for AI and Compliance
  • Data Privacy & Compliance
  • June 28, 2024
Learn About Data Minimisation For AI And Compliance
Data Privacy Compliance 101: Key Regulations and Requirements
  • Data Privacy & Compliance
  • June 28, 2024
Learn Everything You Need To Know About Data Privacy Compliance
How Zendata Improves Privacy Policy Compliance
  • Data Privacy & Compliance
  • May 30, 2024
Learn About Privacy Policies And Why They Matter
Data Anonymization 101: Techniques for Protecting Sensitive Information
  • Data Privacy & Compliance
  • May 16, 2024
Learn The Basics of Data Anonymization In This Short Guide
Data Pseudonymisation 101: Protecting Personal Data & Enabling AI Innovation
  • Data Privacy & Compliance
  • May 15, 2024
Learn More About Data Pseudonymisation In Our Short Guide
More Blogs

Contact Us For More Information

If you’d like to understand more about Zendata’s solutions and how we can help you, please reach out to the team today.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.





Contact Us Today

If you’d like to understand more about Zendata’s solutions and how we can help you, please reach out to the team today.

Data Privacy Day — 67% of the top 1,000 U.S. B2C websites are not compliant with EU privacy laws, a new Zendata report shows

April 9, 2022

Today, on #DataPrivacyDay, people internationally are making efforts to improve and educate businesses and consumers on data privacy. But how do we know where to improve if we don’t know where we stand? The truth is, the U.S. is still struggling to comply with EU privacy laws (GDPR).

Contact Us For More Information

If you’d like to understand more about Zendata’s solutions and how we can help you, please reach out to the team today.

In the spirit of advancement for all, Zendata used it’s proprietary software to analyze the top 1,000 U.S. websites and see which regulations they failed to follow. Here’s what we found:

Top websites are failing in three main categories: communication, transparency and new forms of tracking.

Nearly every website (82%) has complex privacy policies that are difficult to understand for the general consumer, and 41% are ambiguous about why they collect consumer data. Back in 2008, it would have taken 244 hours a year for the typical American internet user to read all of the privacy policies for the websites they visited. Today, it’s a seemingly impossible task that is increasingly hard because of the length, terminology and ambiguous language that is used.

A general disregard towards transparency is popping up across U.S. websites: 43% do not contain an option to opt-out of having your data sold, another half (55%) don’t have a cookie message on the first load, and one-third (31%) not only don’t have a cookie message on the first load, but also have ad trackers present on their site.

On top of all this, there is a rise in high device fingerprinting. Nearly half (44%) of the top U.S. websites use this data tracking tech to keep tabs on their visitors’ browsing behavior.

Why it matters:

While the GDPR is a European privacy law, if you offer goods or services to EU residents and capture personal identifiable information, you are required to comply with the regulation. Outside of legal issues, there are a number of risks businesses face:

Millions in added costs: Any company that fails to comply with these regulations is subject to fines of $80K-$120K. And in the case of a breach, companies will pay millions upfront, with longer tail costs to follow. Unfortunately, the average privacy compliance tools are at about $60k, with added costs for staffing and running these tools, which is also costly for small and medium businesses.

Loss of valuable customers: A new group of customers called Privacy Actives is on the rise, and could be another important factor to consider. While consumers are generally casual with their data, according to a recent Cisco survey of 2,600 adults, 32% are considered privacy actives. They are actively switching to new providers because of data or data-sharing policies.

Privacy actives are high value customers, as they tend to be more educated, affluent, and early tech adopters, and 90% said that the way a company treats their data reflects how they’re treated as customers. This group is growing quickly. Nearly another third of consumers (29%) care strongly about their privacy and are “willing to act,” (i.e. stop visiting websites with problematic privacy policies) but have not done so yet. They are one step away from becoming privacy actives.

Growth in trust and revenue: There is an upside to investing in data privacy, and those companies that are making changes are seeing benefits. A 2019 report by GDPR found that 80% of companies with a privacy-driven approach saw a positive impact on the organisation’s reputation and brand image with an increase in trust, with 75% seeing an increase in revenue.

The U.S. has some catching up to do, but the fact that Data Privacy Day is happening shows that influencers, regulators and businesses alike are doing what’s necessary to raise awareness and make improvements. Our goal is to join in this effort and help even the smallest companies pinpoint holes in their privacy policies and compliance measures — in a matter of minutes.

More about the data collection process:

Zendata used its proprietary software to scan the top 1,000 U.S. websites during December 2021.

Websites with privacy policies that are “difficult to understand” were determined by a proprietary machine learning model which takes into account privacy policy length, structure of the website, description of data uses, readability of the page, sentence length and lexical diversity.

Key findings:

  1. 43.22% do not contain option to opt-out of having data sold
  2. 54.94% do not have a cookie message on the first load
  3. 31.72% do not have a cookie message on the first load but have ad trackers present on the site
  4. 22.99% do not have a cookie message on the first load while having more than 10 ad trackers
  5. 13.68% do not have a cookie message on the first load with ad trackers and do not have the option to opt-out of having data sold
  6. 3.91% have at least 1 non-HTTP page
  7. 43.79% have high device fingerprinting
  8. 82.07% have complex privacy policies (i.e. difficult to understand)
  9. 41.38% have ambiguous data collection purposes