A new study has found only 11.8% of the most popular Consent Management Platforms (CMPs) used on UK websites meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent.
The researchers’ scraper was used to determine whether a consent form met GDPR and eDirective requirements.
The rules say consent must be explicit. So, for example, users must click a button rather than just hop straight through to the website; all aspects of consent must be equally easy to reject as to accept; and pre-ticked boxes are not allowed.
Of the 10,000 websites scraped that used a CMP form, the researchers found that implicit consent is present on a third of websites. The researchers also found that CMPs make rejecting all tracking “substantially more difficult than accepting it.”