Most of the UK's top websites fail GDPR, claims ImmuniWeb
From hard to follow privacy policies to insecure cookie usage, a large number of sites are still not compliant
A staggering number of the UK's most popular websites are failing to comply with GDPR, according to a report.
A research team from ImmuniWeb selected the 100 most visited websites for each of the 28 European member states, finding that the majority were using non-compliant processes or insecure systems to host and manage user data.
In the UK, 86 of the top 100 websites failed surface-level tests to varying degrees. All 86 were found to be using insecure cookies to handle sensitive user information, while 17% of sites had either missing or hard to reach privacy policies.
However, all 100 of the most visited sites in the UK were using HTTPs and had up-to-date content management systems.
The stats reveal that sites operating across the rest of Europe are more likely to be compliant with GDPR. A study of popular sites in France found 83 of its top 100 were non-compliant, while in Germany this fell to 50. The reasons for this are noticeably different, however, as sites in France and Germany are far more likely (50% and 40% respectively) to have missing or hard to reach privacy policies.
"We can see laudable efforts aimed to improve web application security and adhere to GDPR requirements amid European companies," said Ilia Kolochenko, CEO and founder of ImmuniWeb. "However, there is a long road before the majority of organisations value actual security above paper-based compliance thereby providing their users with the privacy and security they truly deserve.
For the EU as a whole, 51.5% had hard to understand privacy policies and 78.25% showed insecure cookie usage. These are relatively alarming statistic considering GDPR is now one-year-old and it's also an issue that some of the largest tech firms in the world have been accused off.
Last year, the Norwegian Consumer Council deemed the privacy-centric services for companies such as Facebook, Microsoft and Google was "unethical" for leading users to select settings that did not benefit their privacy.
Next-generation time series: Forecasting for the real world, not the ideal world
Solve time series problems with AIFree download
The future of productivity
Driving your business forward with Microsoft Office 365Free download
How to plan for endpoint security against ever-evolving cyber threats
Safeguard your devices, data, and reputationFree download
A quantitative comparison of UPS monitoring and servicing approaches across edge environments
Effective UPS fleet managementFree download