Global Web, Local Privacy? An International Review of Web Tracking

TL;DR

This study evaluates how different countries' privacy laws impact web tracking levels, revealing that stricter regulations like the EU's GDPR reduce tracking, but global practices often undermine these protections.

Contribution

It provides an international comparison of web tracking across countries and assesses the tangible effects of privacy laws like GDPR on tracking behaviors.

Findings

EU countries have 50.5% fewer tracker connections on average.

Not interacting with cookie banners reduces trackers by 48.5%.

EU privacy laws have a measurable impact on reducing web tracking.

Abstract

Web tracking by ad networks, social networks, and other third parties is privacy-invasive. To protect users' privacy an increasing number of countries are adopting new privacy laws. However, a major reason why their application on the web is so challenging is that privacy laws are local while the web is global. To that end, we evaluate websites' tracker connections for ten countries for two sets of sites -- the global Common Top 525 and the Country-specific Top 525 sites. We find that Australia and the US (California) -- two of the three opt-out jurisdictions in our study -- have the highest level of web tracking while opt-in jurisdictions generally have lower levels. We also find that the Common Top 525 sites have 50.5\% fewer average tracker connections when accessed from EU countries compared to non-EU countries. Further, simply not interacting with cookie banners decreases trackers by 48.5\% for Germany, as measured for a sample of 36 Common Top 525 sites. These results suggest that the General Data Protection Regulation and the ePrivacy Directive have a tangible effect in reducing tracking. As 28\% of Common Top 525 sites show cookie banners in all ten countries, our results suggest a moderate Brussels effect. However, against the backdrop of global US ad tech practices, EU law primarily acts as a Brussels shield. Generally, we think that strong enforcement of privacy laws is key to increase user privacy on the web.