Cookiebot’s 2019 Report reveals some shocking news that a vast majority of official EU government websites allow commercial third parties to systematically track and monitor EU citizens.
Report Key Findings:
- 89% of official government websites of EU member states contain third-party ad tracking
- 52% of landing pages on national health services contain third-party ad tracking
- 112 ad tracking companies are monitoring EU citizens across EU public sector websites
- 52 different companies track citizens on the French government website
- 63 companies track German citizens on a single public webpage about maternity leave
- 82% of official EU government websites are harbouring Google marketing trackers
Public Health Sites
The most alarming findings of the report concern public health sites, where users disclose sensitive personal data. This type of data is explicitly protected under Article 9 of the GDPR. The report shows that a staggering 52% of EU public health service websites were found to unknowingly facilitating tracking. Once collected, this data can be resold via data brokers to other companies. The biggest violator of the EU countries seems to be Ireland with 73% of landing pages containing trackers. One French webpage about abortion was monitored by 21 different companies and 63 companies were monitoring a single German webpage about maternity leave.
Most Common Perpetrators
The report reveals that Google is responsible for more than twice as much tracking as any other company. This while concerning is not surprising since Google does own three out of the top five tracking domains ( YouTube.com, DoubleClick.net and Google.com) listed on the report. The report also found that Facebook actively employs measures to circumvent Safari 11′ tracker blocking.
Public sector websites don’t rely on revenue from advertising, so why do these ad trackers even have access to user data? Here governments have failed their citizens allowing their data to be exploited within their own digital domains. With the GDPR and the upcoming ePrivacy Regulation, many of these hidden loopholes have come to light, but many probably remain hidden. It’s the job of regulators to earn the trust of data subjects and act upon any instances of privacy violations.