This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
header image

Legal Enforcement for Consent

After analyzing consent compliance on 5,000 websites, we found that several vendors are under litigation due to improper CMP setup or failures of the tool.

Our 2024 Data Privacy Trends Report explores how businesses are reacting to Universal Opt-Out Mechanisms (UOOMs) such as Global Privacy Control (GPC). These mechanisms are designed to allow consumers to easily tell businesses not to sell or share their personal data for advertising.

But here’s the catch: We found that 75% of websites ignore GPC requests. This means that these businesses continue to deploy tracking cookies, and be it inadvertently, they are violating consumer preferences in terms of their privacy requests. This is likely because businesses may think they are compliant, but the current technology they have in place is not configured properly– or it does not support GPC. Alternatively, they are unaware of this requirement or are unprepared for upcoming legal changes.


After analyzing consent compliance on 5,000 websites, we found that 75% of websites do not comply with GPC requests– even with existing consent tools. This means most businesses are not honorings people’s do-not-sell privacy requests.

2023 Volume of Do-Not-Sell Requests per 1M Identities

DNS per million identities cahrt

This discrepancy emphasizes the complexities of the current consent technologies that are on the market. Customers have been stuck using a disparate set of tools, and that’s why there is a need to shift how businesses approach data consent. That’s why DataGrail is redesigning and rethinking consent mechanisms to integrate GPC requirements and address emerging privacy considerations.