
Understand why CIPA lawsuits are rising and how to minimize privacy risk on your website.
Thank you!
Please check your email to view the guide.
.webp)
In the State of Website Privacy Report 2024, Privado uncovers alarming privacy compliance trends for websites in the US and Europe.
From testing the most visited websites for CPRA and GDPR compliance, Privado found that 75% of websites are not compliant in the US and Europe.
Despite stricter privacy enforcement in Europe, Privado found a surprising 74% of top websites in Europe do not honor opt-in consent as required by Europe’s General Data Protection Regulation (GDPR).
Although top websites in the U.S. had a similar non-compliance rate of 76% for not honoring opt-out consent as required by the California Privacy Rights Act (CPRA), Privado found the median volume of compliance risks to be 3X higher in the U.S.
The State of Website Privacy Report is based on data from Privado’s Web Auditor solution collected in September 2024. Privado decided to launch this solution and release this report in response to increasing privacy fines in both the U.S. and Europe.
Six of the 20 largest GDPR fines since 2018 are due to consent compliance violations on websites, with Amazon receiving the second-largest GDPR fine to date, $888M, for targeting users with ads without proper consent in 2021.
In the US, at least 10 companies since 2022 have been fined for violating consent compliance on websites as regulated by CPRA, the FTC (Federal Trade Commission), or HIPAA (Health Insurance Portability and Accountability Act).
With fines mounting and consumers demanding greater privacy, personal data sharing from websites has become a major legal risk for companies worldwide.
“With modern privacy laws now in place, websites have added cookie banners in an attempt to comply, but the banners are usually misconfigured.” said Privado CEO Vaibhav Antil. “Especially as marketing technology constantly changes on websites, privacy teams need continuous consent testing on websites to ensure compliance.”
To comply with the CPRA amendment to CCPA (California Consumer Privacy Act), websites in the US must block personal data sharing with advertising third parties if the user opts out of data sharing. To comply with GDPR, websites in Europe must block personal data collection and sharing with third parties unless the user provides opt-in consent. Despite increasing privacy fines in the US and Europe, most websites are not honoring the consent requirements in the US or Europe.

Privacy teams typically lack the visibility and controls to track what third parties are integrated with on their websites and whether they are honoring consent requirements. With teams using so many third parties to optimize marketing and website performance, privacy teams need comprehensive solutions to continuously monitor consent and data flows.

Consent management platforms (CMPs) are effective at managing the complexity of implementing consent banners and data flows across websites, but CMPs can’t sufficiently monitor and validate consent compliance. Privacy teams need continuous website monitoring solutions to mitigate privacy risk at scale. The solutions should provide a real-time view of third parties integrated with their websites, each data element being sent to which third parties, and consent banner functionality.
Consent monitoring should be used in conjunction with a consent management platform to implement best-in-class digital tracking governance for websites and mobile apps.
Consent management platforms are critical for collecting, acting on, and recording consent, but they lack the full visibility and governance to ensure personal data doesn’t improperly leak to advertising third parties. Consent monitoring and privacy code scanning enable the complete and continuous visibility and governance needed to ensure compliance with today’s complex web of privacy regulations.
To see the complete findings and recommendations, download the State of Website Privacy Report.
