The findings of a new study presented today at the “Web Science Conference” show that up to 90% of these websites put third-party tracker cookies without users’ consent in some countries. Indeed, this occurs even in jurisdictions with stringent protections for user privacy.
The research
Although this has not yet been investigated on government websites, previous studies have demonstrated the extensive use of cookies to track people on websites on an unprecedented scale.
During the COVID-19 pandemic, when information about the public was shared through the official websites of international organizations and governments, the researchers thought about looking into how government websites behaved and whether or not they followed data protection laws.
According to Nikolaos Laoutaris, Research Professor at IMDEA Networks, “our results indicate that official governmental, international organizations’ websites and other sites that serve public health information related to COVID-19 are not held to higher standards regarding respecting user privacy than the rest of the web, which is an oxymoron given the push of many of those governments for enforcing GDPR.”
There were a total of 5,500 websites examined, including those of international organizations, the official COVID-19 information, and the governments of the G20 countries (Argentina, Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Italy, Japan, Mexico, Russia, Saudi Arabia, South Africa, South Korea, Turkey, UK, and the USA).
Method: Different kinds of cookies
There are many types of cookies. “There are first-party cookies, which are those created by the visited website itself,” explains Srdjan Matic, Research Assistant Professor at IMDEA Software, “while third-party cookies are those commonly created by external agents through content embedded in the website. In addition, there is the cookie ghostwriting, in which an external entity creates the cookie on behalf of another party and therefore its origin is unknown.”
This study also differentiates between cookies based on their duration: session cookies, which are only active during the time of the page visit, and persistent cookies of short, medium, and long duration.
G20 sites
Most of the G20 countries’ websites that were examined install cookies without the individual’s consent. Japan has the fewest websites that use cookies (77.2%), while South Korea, Saudi Arabia, and Indonesia top the list with rates that are nearly 100%.
Figure 1 shows the percentage of official websites (number in parenthesis) that each G20 nation has less than one cookie.
The article examines the number of third-party cookies (TP) and third-party tracking (TPT) cookies among the cookies discovered. Together, they add up to somewhere between 30 and 95 percent in Germany and Russia, respectively. Only in Germany does this number go down by a large amount, with only 9 percent of official websites having a TPT cookie.
Figure 3 shows the percentage of governmental websites in each G20 nation that use third-party (TP) and third-party tracker (TPT) cookies.
In 16 of the 19 countries that were looked at, more than half of TP and TPT cookies last longer than a day.
Figure 5 shows the percentage of TP and third-party trackers (TPT) cookies for the G20 nations.
The cookie expiration times are broken down into first party, TP, and TPT by nation in the table below. For TP and TPT contracts lasting longer than a year, France tops the list of nations.
Figure 7 shows the G20 countries’ cookie expiration dates for first-party (FP), third-party (TP), and third-party trackers (TPT) cookies.
Websites of international organizations
According to the report, around 60% of the websites of international organizations use at least one third-party (TP) cookie, and approximately 95% of these websites set cookies. According to Matic, “there are no special measures to neutralize third-party cookies on these websites since 52% of the websites of international organizations set at least one cookie associated with a tracker (TPT)”.
COVID-19 Websites
In the COVID-19 information research, more than 99% of the websites examined add at least one cookie without the user’s permission. Third-party (TP) cookies, on the other hand, are less prevalent, accounting for about 62% of all cookies.
According to Laoutaris, the study team’s goal with this paper is to “put more pressure on governments to clean up their own house first and, by doing so, set an example and be more convincing about the importance of implementing the GDPR in practice”.
Image Credit: Getty
You were reading: How Much Do We Really Know About Privacy On Government Websites?