Barcelona (EFE).- The most visited websites in Spain break privacy laws and track their users with techniques little known to the public beyond ‘cookies’, such as ‘web beacons’, according to a study in which Researchers from the Oberta de Catalunya (UOC) and Girona (UdG) universities have participated, as well as the Cybersecurity Research Center of Catalonia (Cybercat).
According to this work, which is published by the scientific journal ‘Computers & Security’, only a small percentage of the 500 most visited websites in Spain, which range from government pages to streaming or adult content sites, correctly implement the requirements which establishes the General Data Protection Regulation (RGPD) approved by the European Parliament in 2016.
Researchers have used new methods of automated analysis of tracking techniques and compliance with Internet privacy regulations to discover, not only the misuse and non-consented use of ‘cookies’, but tracking techniques unknown to the average user, such as ‘web beacons’ (invisible or spy pixels, or web beacons) or technologies that are based on the browser’s fingerprint.
The European regulation, which in Spain took the form of an organic law for the protection of personal data and guarantee of digital rights in 2018, is designed to protect the privacy of citizens, but, six years later, according to the researchers, “the implementation regulation progresses unevenly”.
“We conclude that there is still a long way to go to correctly implement the requirements established by the General Data Protection Regulation on websites,” explained Cristina Pérez-Solà, a researcher at the UOC’s Computer Science, Multimedia and Telecommunications Department.
“Many of the web pages analyzed inform the user of the use of ‘cookies’, but either they do not wait for the user’s consent to use them or they acquire this consent incorrectly”, the researcher has assured.
They also detected the use of almost seven web media tracking cookies and eleven web beacons, small pieces of code inserted into the page that are used to invisibly collect certain types of web traffic information.
In addition, 10% of the pages analyzed use browser fingerprinting techniques, which are also difficult to detect, according to the study.
“In general, all these techniques have the objective of registering the behavior of users on the Internet to create profiles that can later be used to adjust the advertising that will be displayed or the prices that will be offered for services or products”, highlighted Pérez-Solà. , who has worked with Albert Jové (UOC), and David Martínez and Eusebi Calle (UdG).
The study concludes that only 8.91% of websites that collect user consent correctly apply it successfully in practice.
The researchers developed their own method based on four algorithms and an index, the ‘Websites Level of Confidence’, with which to assess the state of regulatory compliance.