Researchers Matthias Götze (TU Berlin), Srdjan Matic (IMDEA Software), Costas Iordanou (Cyprus University of Technology), Georgios Smaragdakis (TU Delft), and Nikolaos Laoutaris (IMDEA Networks) have presented a paper at the Web Science Conference: "Measuring Web Cookies in Governmental Websites," in which they investigate governmental websites of G20 countries and evaluate to what extent visits to these sites are tracked by third parties.
The results reveal that in some countries up to 90% of these websites add third-party tracker cookies without users' consent. This occurs even in countries with strict user privacy laws.
The study
Previous studies have shown the widespread use of cookies to track users on websites on an unprecedented scale but this had not been studied so far on government sites.
The researchers considered studying the behavior of government websites and their compliance or non-compliance with data protection laws during the COVID-19 pandemic, a time when citizen information was provided through official websites of international organizations and governments. "Our results indicate that official governmental, international organizations' websites and other sites that serve public health information related to COVID-19 are not held to higher standards regarding respecting user privacy than the rest of the web, which is an oxymoron given the push of many of those governments for enforcing GDPR," says Nikolaos Laoutaris, research professor at IMDEA Networks.
A total of 5,500 websites of international organizations, official COVID-19 information, and governments of G20 countries were analyzed: Argentina, Australia, Brazil, Canada, China, France, Germany, India, Indonesia, Italy, Japan, Mexico, Russia, Saudi Arabia, South Africa, South Korea, Turkey, UK, and the U.S..
Methodology: types of cookies
There are several types of cookies. "Two primary types of cookies: first-party cookies that are issued by the visited website, and third-party ones which are typically created by external parties embedded in a webpage," says Srdjan Matic, Researcher at IMDEA Software.
This paper also distinguishes between cookies by their duration: session cookies active only during the visit to the page or persistent cookies of short, medium or long duration.
Results: G20 government websites
Most of the websites of the G20 countries created at least one cookie without the user's consent. Japan is the country with the lowest percentage of websites with cookies, with 77.2%, and South Korea, Saudi Arabia, and Indonesia lead the ranking with almost 100%.
Credit: IMDEA Networks Institute
With respect to the third-party cookies, the paper differentiates between generic third parties (TP) and third-party cookies originating from known trackers (TPT). Overall TP cookies range from 30% in the case of Germany, up to 95% for countries such as Russia. Germany is the only country where this percentage decreases significantly, with only 9% of official websites including a TPT cookie.
Credit: IMDEA Networks Institute
In 16 of the 19 analyzed countries more than half of the TP cookies last at least one day.
Credit: IMDEA Networks Institute
In the figure below, cookies are grouped on their expiration time into first-party (FP), third-party (TP), and third-party tracking cookies (TPT). France and China lead the ranking with around 70% of TP and TPT cookies expiring after more than one year.
Credit: IMDEA Networks Institute
Results: International organizations websites
The study shows that around 95% of the websites of international organizations set cookies and around 60% of these websites use at least one third-party (TP) cookie. Matic explains that " it seems that there is no special care in designing those webpages since 52% of websites of international organizations set at least one TPT cookie."
Results: COVID-19 Websites
More than 99% of the websites analyzed in the COVID-19 information study add at least one cookie without the user's consent. In contrast, there is a lower presence of third-party (TP) cookies, at around 62%.
As Laoutaris points out, with this publication the research team aims to "put more pressure on governments to clean up their own house first and, by doing so, set an example and be more convincing about the importance of implementing the GDPR in practice."
- Karlston
- 1
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.