MIT, UCL and Aarhus University researched to study the performance of CMPs and their compliance with GDPR.
The study reveals that the consent management platforms (CMPs) used by UK websites do not explicitly ask for consent as required under the GDPR. Nearly a third of websites were found to be using CMP designs that implied consent based on actions like navigating and refreshing.
56% of the websites were found to be using pre-checked checkboxes agreeing to optional purposes and vendors. The research further revealed that CMP designs lacked a “reject all” button and other bulk and “granular” consenting options on the first page of display.
With 1200 websites in the UK using one of the top five CMPs, regulators could force these CMPs to implement consent compliant designs. This piece says organisations using CMPs should ensure their collection and use of data is “legitimate and defensible”.
[3 minute read]