"Thought You'd Opted Out of Online Tracking? Think Again"

Websites often offer visitors the option to opt out of data collection. However, according to a team of privacy researchers, opting out is not always effective, as visitor data collection can still occur. Europe's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) require websites and related third parties to get consent prior to collecting and processing personal data. Vendors such as Didomi, Quantcast, OneTrust, and Usercentrics provide what is known as a Consent Management Platform (CMP) to help website administrators meet those legal frameworks. These companies supply the software used by websites to prompt visitors to accept or reject cookies in order to govern the handling of personal information. They claim that their CMPs enable companies to comply with privacy rules in the US, EU, UK, Brazil, South Africa, Singapore, and more. A team of computer scientists from Texas A&M University and the University of Washington developed an auditing mechanism to evaluate the effectiveness of CMP-based opt-out controls and discovered that these platforms do not necessarily guarantee compliance with GDPR and CCPA rules. In a study titled "Opted Out, Yet Tracked: Are Regulations Enough to Protect Your Privacy?" they discuss their findings, which reveal that even when individuals opt out, their data is still collected, processed, and shared. The team's findings indicate that a number of big advertisers may be in violation of the GDPR and CCPA. This article continues to discuss the team's auditing framework that leverages advertisers' bidding behavior to assess violations of data protection regulations. 

The Register reports "Thought You'd Opted Out of Online Tracking? Think Again"