REPORT

2024 State of Website Privacy Report

Privacy regulation and enforcement is continuing to get stricter. Find out how many of the most visited websites have compliance risks and discover the reasons why. 

Thank you. Please check your email to download the report

By submitting this form, you confirm that you have read and understood Privado’s Privacy Policy.

Table of Contents listing sections from Introduction to Appendix with corresponding page numbers.Bar chart comparing median third parties integrated with top websites in the US and Europe, showing US averages of 31 total, 17 advertising, 2 marketing, and 1 user analytics third parties, and Europe averages of 21 total, 6 advertising, 2 marketing, and 1 user analytics third parties. Text explains that top websites use over 20 third parties mostly for advertising, with advertising third parties posing the greatest GDPR and CPRA risks.Text explaining GDPR in Europe, its strict consent compliance law requiring user consent before data collection, and the IAB Transparency and Consent Framework for digital advertising compliance with GDPR.Page from a website privacy report titled 'Privacy regulation is increasing' discussing GDPR, CPRA, and growing global privacy laws.Bar chart showing median GDPR compliance risks for non-compliant websites: 23 total, 18 network request risks, 1 third-party cookie risk, with explanatory text on reasons for non-compliant data sharing.
Table of Contents listing sections from Introduction to Appendix with corresponding page numbers.Bar chart comparing median third parties integrated with top websites in the US and Europe, showing US averages of 31 total, 17 advertising, 2 marketing, and 1 user analytics third parties, and Europe averages of 21 total, 6 advertising, 2 marketing, and 1 user analytics third parties. Text explains that top websites use over 20 third parties mostly for advertising, with advertising third parties posing the greatest GDPR and CPRA risks.Text explaining GDPR in Europe, its strict consent compliance law requiring user consent before data collection, and the IAB Transparency and Consent Framework for digital advertising compliance with GDPR.Page from a website privacy report titled 'Privacy regulation is increasing' discussing GDPR, CPRA, and growing global privacy laws.Bar chart showing median GDPR compliance risks for non-compliant websites: 23 total, 18 network request risks, 1 third-party cookie risk, with explanatory text on reasons for non-compliant data sharing.
Table of Contents listing sections from Introduction to Appendix with corresponding page numbers.Bar chart comparing median third parties integrated with top websites in the US and Europe, showing US averages of 31 total, 17 advertising, 2 marketing, and 1 user analytics third parties, and Europe averages of 21 total, 6 advertising, 2 marketing, and 1 user analytics third parties. Text explains that top websites use over 20 third parties mostly for advertising, with advertising third parties posing the greatest GDPR and CPRA risks.Text explaining GDPR in Europe, its strict consent compliance law requiring user consent before data collection, and the IAB Transparency and Consent Framework for digital advertising compliance with GDPR.Page from a website privacy report titled 'Privacy regulation is increasing' discussing GDPR, CPRA, and growing global privacy laws.Bar chart showing median GDPR compliance risks for non-compliant websites: 23 total, 18 network request risks, 1 third-party cookie risk, with explanatory text on reasons for non-compliant data sharing.

Key Insights

Privado tested the most visited websites in the US and Europe and found an alarming trend: 75% websites are not privacy compliant. Discover the reasons why and what privacy teams can do to minimize risk.

1

Fines are increasing in the US and Europe for not honoring consent on websites.

2

75% of the most visited websites in the US and Europe are not privacy compliant

3

76 of the 100 most visited websites in the US do not honor CPRA opt-out consent signals 

4

74 of the 100 most visited websites in Europe do not honor GDPR opt-in consent requirements 

5

Non-compliant websites in US average 3X more compliance risks than those in Europe

6

Privacy teams lack visibility over website data flows to properly mitigate privacy risk
Green background with text 'THE STATE OF WEBSITE PRIVACY' and a faint large '2024' on the right side, plus a small Privado logo in the bottom right corner.

Get the full report

This report covers privacy compliance rates for top websites, benchmarks for third-party data sharing, and best practices for privacy professionals to minimize consent compliance risk.

Thank you. Please check your email to download the report

By submitting this form, you confirm that you have read and understood Privado’s Privacy Policy.

FAQs

For any further questions, send us a message at hello@privado.ai

How was the compliance data gathered for this report?

Gray plus sign inside a circle on a white background.Minus symbol inside a circle, representing a subtract or remove icon.

Using Privado’s automated consent monitoring technology, Privado scanned the 100 most visited websites in the US and Europe in September of 2024 to test for compliance with CPRA and GDPR respectively. Privado’s consent monitoring solution simulates each possible user consent action in the applicable location and checks the cookie and network request activity against the regulatory requirements.

Download the report to learn more about the compliance testing methodology.

What privacy regulations were evaluated when determining compliance?

Gray plus sign inside a circle on a white background.Minus symbol inside a circle, representing a subtract or remove icon.

For the US, Privado tested the websites for compliance with CPRA (California Privacy Rights Act), which amended the California Consumer Privacy Act (CCPA). Privado specifically tested for “Do Not Sell or Share” compliance, meaning personal data must not be shared with advertising third parties if users opt out.

For Europe, Privado tested the websites for compliance with GDPR (General Data Protection Regulation). Privado specifically tested whether websites shared personal data with third parties if users opt out or take no action on the consent banner.

Download the report to learn more about the compliance checks used in the analysis.

Which websites were tested for compliance?

Gray plus sign inside a circle on a white background.Minus symbol inside a circle, representing a subtract or remove icon.

Privado the tested the 100 most visited websites in the US and Europe according to highest organic search traffic as measured by ahrefs.com in September 2024. Separate top 100 lists were created for the US and Europe.

Download the report to see which websites were included in the analysis.

Can I share the data and insights from this report?

Gray plus sign inside a circle on a white background.Minus symbol inside a circle, representing a subtract or remove icon.

Yes. This report is meant to be shared.

What does Privado do?

Gray plus sign inside a circle on a white background.Minus symbol inside a circle, representing a subtract or remove icon.

Privado syncs privacy compliance with software development by providing full visibility and continuous governance for how personal data is processed. Privado’s privacy code scanning platform automates data mapping and assessments without questionnaires by continuously monitoring data flows across websites, apps, backend systems, and third parties. By identifying privacy risks during and after software development, Privado bridges the gap between privacy and engineering teams and reduces risk at scale.