Large-scale web tracking and cookie compliance: Evaluating one million websites under GDPR with AI categorization

With the increasing prevalence of web-tracking technologies, including tracking cookies, pixel tracking, and browser fingerprinting techniques, there is a pressing need to analyze their impact on user privacy. Despite the growing interest in the scholarly literature, large-scale, fully automatic evaluations of website compliance with privacy regulations remain scarce. In this paper, we present new algorithms, methods, and an AI categorization model designed for massive, fully automatic analyses of web-tracking and cookie compliance and usage with and without valid user consent. Utilizing the recently published Website Evidence Collector (WEC) software from the European Data Protection Supervisor (EDPS), these algorithms are applied to assess over one million websites from Tranco’s top list under European GDPR regulation. A novel 22-category multilabel AI model for website categorization provides content-based context to compliance results, achieving 96.56% accuracy and an F1 score of 0.963. Results reveal that nearly half of the websites utilize tracking cookies, while over half employ pixel tracking without user consent, thus highlighting significant differences between websites’ content categories. Additionally, our analysis demonstrates how web-tracking power is concentrated among just a few companies, with the top 10 tracking firms being responsible for most compliance violations related to obtaining valid user consent. This paper serves as a foundation for ongoing large-scale web-tracking analyses, essential for understanding trends over time and evaluating the effectiveness of privacy regulations.