Up to nine in 10 government websites use tracking cookies without consent, study claims

Up to 90 per cent of government websites are said to use tracking cookies without their users’ consent, a new study has claimed.

Researchers examined 5,500 governmental websites from G20 counties – including the UK, the US and France – and in some locations, nine out of 10 official sites used third-party trackers.

The study’s authors say that tracking is a “of great concern as governmental websites increasingly become the only interaction point with the government.”

Electronic governance, or e-governance, refers to the ways in which governments increasingly use the internet to deliver services such as announcements, communication, and other points of service for citizens. It also has the potential to reduce costs for the government and service time for citizens.

For the study, researchers analysed how well government websites complied to data protection laws during the Covid-19 pandemic, when citizens were using the internet to learn new and updated information about Covid.

Nikolaos Laoutaris, Research Professor at IMDEA Networks in Madrid, said: “Our results indicate that official governmental, international organisations’ websites and other sites that serve public health information related to Covid-19 are not held to higher standards regarding respecting user privacy than the rest of the web.”

He added that this is “an oxymoron given the push of many of those governments for enforcing GDPR.”

Researchers analysed the use of different cookies, such as first-party cookies created by the website itself and third-party cookies commonly made by external providers.

They also distinguished between cookie ghostwriting, where the origin is unknown and cookies used for different durations, such as solely for the visit to the website or beyond. The reaesrchers found that most of the G20 websites used at least one type of cookie without the user’s consent.

Japan was the country that used cookies the least across their websites (77.2 per cent) and Saudi Arabia and Indonesia led with 100 per cent use across their official government websites.

Of these cookies, most were third-party cookies and more than 50 per cent of those cookies in 16 of the countries included took more than one full day to expire. In France, cookies often took more than one year to expire, the study claims.

For websites that specifically dealt with Covid-19 information, more than 99 per cent of those analysed in the study added at least one cookie without user consent.

Mr Laoutaris hopes their study will “put more pressure on governments to clean up their own house first and, by doing so, set an example and be more convincing about the importance of implementing the GDPR in practice.”