Microsoft, Google like to track users even after an opt-out
Users can hardly protect themselves from tracking by the big tech companies. Because they simply ignore the users’ existing opt-out decisions, as a sensitive investigation now shows.
Cookies are simply set
An independent data protection audit accuses large technology companies such as Microsoft, Meta and Google of massive violations of California data protection law. According to the analysis by the company WebXray, this could potentially result in billions in fines, as user decisions regarding tracking are often ignored, reports the US magazine 404media. The research analyzed traffic from more than 7,000 high-traffic websites in March. In 55 percent of cases, advertising cookies were set even though users had expressly objected. The basis for the assessment is, among other things, the so-called Global Privacy Control (GPC), a standard that signals to websites that a user does not wish to be tracked. The California CCPA requires companies to respect such opt-out signals.
The assessment for Google is particularly critical: in 87 percent of the cases examined, the opt-out signal was ignored. According to WebXray, this is technically easy to prove because servers actively set cookies despite the appropriate labeling. Microsoft and Meta also performed poorly: Microsoft is said to have violated the guidelines in around half of the cases, Meta even in 69 percent of the page views checked. At Meta, the auditors particularly criticize tracking codes that are activated automatically without any consideration of user settings.
Companies are not aware of any guilt
WebXray founder Timothy Libert, who previously worked at Google, sees this as a structural problem. Companies have little incentive to strictly adhere to the rules, as fines are often taken into account. “In a sense, penalties have replaced taxes,” he explained. The aim of the investigation is therefore also to give supervisory authorities a more detailed insight into the actual processes – in the hope that the legal regulations will be tightened accordingly.
Another point of criticism concerns the so-called consent management platforms (CMP), i.e. cookie banners. These are intended to give users control over their data, but according to the audit, they often fail. Even systems certified by Google have shown high error rates of up to 91 percent. The companies affected rejected the allegations.
Google spoke of a “fundamental misunderstanding” of how its products work. Meta and Microsoft also emphasized compliance with legal requirements and taking data protection seriously. According to WebXray, many of the problems can be solved technically easily, for example by consistently suppressing cookies when opt-out signals are detected. However, without stricter enforcement of the rules, violations are likely to remain commonplace.
