An inspection carried out by the European Data Protection Supervisor (EDPS) on the websites of major EU institutions and bodies revealed data protection and data security issues in seven out of the ten websites inspected.
The inspection revealed that several of the websites were not compliant with the Regulation or with the ePrivacy Directive and did not follow the EDPS Guidelines on web services. One of the issues encountered was third-party tracking without prior consent. This is especially problematic in cases where the third-party concerned operates under a business model based on the profiling and subsequent behavioural targeting of website visitors. Other issues encountered included the use of trackers for web analytics without visitors’ prior consent and the submission of personal data collected through web forms using non-encrypted connections.
Each of the institutions concerned has received recommendations from the EDPS on how to ensure their websites are fully compliant with data protection rules and the relevant institutions have reacted swiftly to start rectifying the problems identified.