Shocking Study Reveals Most Government Websites Serve Tracking Cookies Without Consent
However, the same can’t be said for many websites, where simply loading a webpage can expose visitors to various trackers that install cookies in their web browsers. Unlike an app store, where users can choose which applications to install, many websites automatically install third-party tracking cookies without a users knowledge or consent. Fortunately, there are various ways to block or clear third-party cookies, but most users are unaware of these methods or don’t even know about the presence of tracking cookies in the first place.
Sadly, governments are contributing to the prevalence of third-party trackers on the internet. A new study published by the IMDEA Networks Institute shows just how common it is for government websites to install third-party cookies in visitors’ web browsers. The study makes a distinction between third-party (TP) cookies and third-party tracking (TPT) cookies, because not all third-party cookies are “set by domains that are known to be tracking users for data collection purposes.”
Most of the third-party cookies installed by government websites are known tracking cookies, except in the case of Germany, where under 10% of third-party cookies are associated with domains that are known to track users. The researchers also found that, depending on the country, 20% to 60% of the third party cookies installed by government websites remain in visitors’ browsers without expiring for a year or more. That’s a long time for a tracker installed without your knowledge or consent to remain active.
Beyond specifically tracking cookies, the researchers measured the number of trackers of any kind present on government websites. The Russian gov.ru has the most trackers out of any government website analyzed by the researchers, numbering 31 trackers in total. However, Brazil and Canada aren’t far behind, with 25 trackers present on both investexportbrasil.gov.br and nac-cna.ca. The US government website with the most trackers is hhs.gov, which has 13.
The researchers point out that both third-party tracking cookies are automatically installed in visitors’ web browsers without their consent. However, the researchers guess that web developers and administrators likely include third-party content without intending to add trackers to their websites. A great many websites now rely on third-party resources and include social content that come with trackers built-in.
The researchers conclude the study with the following closing statements: “Our work demonstrates how difficult it is to apply data protection laws in practice, and we hope that it can help in clearing governmental websites and similar webpages that serve public services from tracking services. With our study, we also aim to increase awareness of potential tracking when visiting official websites, and we argue for the need for new tools and systems for continuous measurement and transparent reporting to improve the privacy of public online services.”