Government exaggeration? 9 out of 10 official websites use tracking cookies without consent


Madrid, Spain – Is the government going too far? A new study has found that “Big Brother” may be more popular than you think. Among the countries that make up the G20, researchers have found that the vast majority of government websites add third-party tracking cookies without their users’ consent.

The G20 is an international forum that includes 19 countries and the European Union. The forum focuses on solving problems related to the global economy, climate change mitigation and the development of sustainable technologies. Members include Argentina, Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Italy, Japan, Mexico, Russia, Saudi Arabia, South Africa, South Korea, Turkey, United Kingdom and United States.

The international team notes that in some of these countries, nine out of ten official websites add third-party tracking cookies, even though they have strict user privacy laws. To find out the extent of this problem, the researchers examined 5,500 websites linked to international organizations, governments and official news sites about COVID-19 during the pandemic.

Their study comes at a time when citizens around the world are providing information through government websites at an unprecedented rate.

“Our findings indicate that official websites of governmental and international organizations and other sites that disseminate public health information related to COVID-19 are not held to higher standards for user privacy. than the rest of the web, which is an oxymoron given the push from many of these governments for enforcing the GDPR,” noted Nikolaos Laoutaris, professor-researcher at IMDEA Networks, in a press release.

What types of cookies are hiding on government sites?

“There are first-party cookies, which are those created by the visited website itself, while third-party cookies are those usually created by external agents through the content integrated into the website. In addition, there is the ghostwriting cookie, in which an external entity creates the cookie on behalf of another party and therefore its origin is unknown,” explains Srdjan Matic, research assistant professor at IMDEA Software.

The team also separated its findings according to the duration of these cookies, analyzing which cookies are active only during a person’s visit to a web page and which persist for the short, medium and long term.

Almost all COVID websites add unwanted cookies

The results show that most G20 countries set at least one cookie on a website without user consent. Overall, Japan has the lowest percentage of websites with cookies, but that number still sits at 77.2%. During this time, the team discovered that Saudi Arabia and Indonesia topped the list with cookies on 100% of their official sites. The majority of G20 countries fall between 87-97%, with the US adding unwanted cookies to 93.5% of the 1,239 web pages examined in this study.

CREDIT: Matthias Götze (TU Berlin), Srdjan Matic (IMDEA Software), Costas Iordanou (Universidad de Chipre de Tecnología), Georgios Smaragdakis (TU Delft) and Nikolaos Laoutaris (IMDEA Networks)

Of these cookies, a large proportion are either third-party cookies (TP) or third-party tracking cookies (TPT). Additionally, more than 50% of TP and TPT cookies in 16 out of 19 countries take longer than a full day to expire. Website users in France will find the highest number of cookies that take more than one year to expire.

When it comes to official websites that specifically address the coronavirus pandemic, results show that over 99% add at least one cookie without anyone’s consent.

“There are no specific measures to neutralize third-party cookies on these sites since 52% of the sites of international organizations place at least one cookie associated with a tracer (TPT)”, adds Matic.

Laoutaris hopes the team’s findings will “put more pressure on governments to clean up their own homes first and, in doing so, set an example and be more convincing about the importance of implementing implementation of the GDPR in practice”.

The team presented its findings to the Scientific conference on the web.


Comments are closed.