Media companies are the top offenders
Most of America's biggest websites aren't following privacy rules and are sharing and tracking personal information without permission, a report finds.
Among the 100 most-visited U.S. websites, 75 shared or sold personal data to third-party advertisers even after users told them not to, according to a review of websites byprivacy-compliance firmPrivado.
And 70 of the 100 websites placed cookies, which can track browsing habits across different websites and login information, on users who told them not to.
The top offenders are media and e-commerce websites, which comes as no surprise since 53 of the top 100 websites are media, followed by 19 that aree-commerce.
Websites that don't respect user privacy are harvesting personal information to make money through advertisements, but also widely spreading personal information that puts people at agreater risk of data breaches that can result in scammers targeting them, including foridentity theft.
Some companiesunderfire for violating online privacy laws are cosmetic retailer Sephora and alcohol addiction service Monument.
Sephora got fined $1.2 million in 2022 for violating California's privacy lawson how user data was collected,while Monument got fined $2.5 million by the Federal Trade Commission in 2024 for mishandling health records under HIPAA, or the Health Insurance Portability and Accountability Act.
What are the online privacy laws that websites have to follow in the U.S.?
There's no federal online privacy law, but 2018'sCalifornia Consumer Privacy Act and 2020's California Privacy Rights Act, which amended the 2018 law, arecurrently the toughtest privacy regulations that websites have to follow in the U.S.
The laws require that websites "do not sell or share" personal informationwithout consent and, starting in 2024, companies need to give users the option to opt-out of the selling or sharing of their personal data for advertising purposes.
California's laws apply to any website that has visitors from California, which encompasses most U.S. websites because the state is the most populous in the nation.
Privado said that 76of the 100 most-visitedU.S. websites aren't complying with California's privacy laws, including 42media websites and 15e-commerce websites.
Privado said nearly 20 other states have passed their own privacy laws, but California's is the current gold standard and is often stricter than other states.
In April 2024, Congress introduced the American Privacy Rights Act, which could override all state privacy laws, but the bill is a long way from passageand faces an uncertain future.
Photo Credit: Consumer Affairs News Department Images
Posted: 2024-11-14 01:10:05
