Most of the UK's top websites fail GDPR, claims ImmuniWeb
From hard to follow privacy policies to insecure cookie usage, a large number of sites are still not compliant
A staggering number of the UK's most popular websites are failing to comply with GDPR, according to a report.
A research team from ImmuniWeb selected the 100 most visited websites for each of the 28 European member states, finding that the majority were using non-compliant processes or insecure systems to host and manage user data.
In the UK, 86 of the top 100 websites failed surface-level tests to varying degrees. All 86 were found to be using insecure cookies to handle sensitive user information, while 17% of sites had either missing or hard to reach privacy policies.
However, all 100 of the most visited sites in the UK were using HTTPs and had up-to-date content management systems.
The stats reveal that sites operating across the rest of Europe are more likely to be compliant with GDPR. A study of popular sites in France found 83 of its top 100 were non-compliant, while in Germany this fell to 50. The reasons for this are noticeably different, however, as sites in France and Germany are far more likely (50% and 40% respectively) to have missing or hard to reach privacy policies.
"We can see laudable efforts aimed to improve web application security and adhere to GDPR requirements amid European companies," said Ilia Kolochenko, CEO and founder of ImmuniWeb. "However, there is a long road before the majority of organisations value actual security above paper-based compliance thereby providing their users with the privacy and security they truly deserve.
For the EU as a whole, 51.5% had hard to understand privacy policies and 78.25% showed insecure cookie usage. These are relatively alarming statistic considering GDPR is now one-year-old and it's also an issue that some of the largest tech firms in the world have been accused off.
Last year, the Norwegian Consumer Council deemed the privacy-centric services for companies such as Facebook, Microsoft and Google was "unethical" for leading users to select settings that did not benefit their privacy.