In April 2019 the Internet Society’s Online Trust Alliance released its 10th annual Online Trust Audit & Honor Roll. The Audit looks at the security and privacy practices of over 1,000 of the top sites in various sectors. The news and and media sector, comprised of the top 100 news and media sites according to US traffic to their websites, improved its privacy practices in 2018. Like most sites, however, there is still room for improvement in privacy statements.
In 2017 less than half (48%) of news and media sites made the Honor Roll. In 2018 that number went up significantly to 78%, largely due to improvements in privacy statements. Privacy is scored in two ways in the Audit, we look at trackers on each site and we score the privacy statements across over 30 criteria.
One area where news sites did not improve was in the use of trackers on their site. Out of all the sectors news and media scored the lowest in trackers with a score of 39 (out of 45). Part of the reason for this is the news and media sector relies on advertising revenue, which often requires the use of trackers to serve ads.
On the positive side, news and media fared well in the use of tag management systems and privacy solutions, with 69% of news and media sites using these technologies. Tag management systems and privacy solutions help manage third-party data collection and data sharing in real time.
On the bright side, however, news and media sites did improve their privacy statements. On statements, news and and media scored near the top with a score of 32 out of 55, second only to the consumer section.
Second, news and media sites improved their sharing language. Overall, 60% of news and media sites had language that they do not share user data with third parties, up from 53% in 2017. In addition, most (85%) news and media sites indicated that they hold those they do share data with to the same standards they hold themselves.
Finally, this year’s Audit tracked some aspects of GDPR (which went into effect in spring 2018) in order to gauge adoption of certain GDPR principles. To be clear, at the time of this Audit’s data collection many of the sites were not required to follow GDPR as they are largely U.S.-based organizations.
Since this Audit’s data collection period, more regulations have been put in place around the world, such as the California Consumer Privacy Act (CCPA), that mirror many of the principles OTA measured. Here news and media did not fare as well. For example, one GDPR requirement is that privacy statements be easy for most consumers to read and understand. Here the news and media sector fared the worst with just 8% being easy to read. On the plus side 70% of news and media sites offered a direct contact for users to address their privacy concerns. (In GDPR parlance this is a Data Protection Officer, but in the U.S. one is not required at the moment.)
It is encouraging to see improvement in the news and media sector’s privacy statements. It is also true, however, that given the shifting privacy regulations around the world these improvements will need to continue if news and media sites want to stay ahead of regulatory changes.
How would your organization do in the Audit? Read the report to see how you’d stack up, and use it to improve your site’s security and privacy. Then view the infographic or watch the recap video to learn more!