Nieman Foundation at Harvard
HOME
          
LATEST STORY
How I cheated the Apple Podcast charts for $5
ABOUT                    SUBSCRIBE
May 14, 2018, 7:01 p.m.
Business Models

European news sites are among the worst offenders when it comes to third-party cookies and content

Major news sites in seven countries averaged 81 third-party cookies per page, compared to 12 for other popular websites.

The forthcoming General Data Protection Regulation on May 25 is pushing publishers to take a hard look at just how dependent their outlets have become on cookies and third-party trackers they load on their own sites in order to collect data from their visitors.

News sites actually load more third-party content and set more third-party cookies than other top websites, according to a new study of websites across seven European countries from the Reuters Institute.

News sites in those countries averaged 40 different third-party domains per page and 81 third-party cookies per page, compared to an average of 10 and 12, respectively, for the group of top websites in those countries. (Among sites that run some kind of advertising, the study found that news sites on average load four times as many third-party domains compared to other top websites.)

U.K. news sites were, on average, the most bloated of the bunch:

The prevalence of cookies and third-party tracking varies across news sites that rely on different revenue sources, and thus have different incentives and advertising needs.

Public media sites, most of which depend on neither subscription revenue nor advertising, share the least data with third parties. German news sites are generally more restrained than their U.K. counterparts. Compare the news site for the popular daily Bild, for instance, to the Daily Mirror site in the U.K., and BBC News to German public broadcaster ARD/Tagesschau:

Researchers were able to compare all the third-party requests made on a selection of news sites (based on relative reach and prominence in their respective countries), as well as the 500 overall most popular sites in Finland, France, Germany, Italy, Poland, Spain, and the U.K., by using an open-source tool called webXray, which monitors and then records third-party content that loads on a given page in Chrome. webXray can identify about 400 different types of third-party services, 270 of which showed up in the Reuters analysis.

Surprise, surprise: Google services are on most of the pages the researchers analyzed (followed distantly by Facebook):

GDPR takes aim at the collection of identifiable data on internet users that the users have not knowingly consented to, and levies heavy fines for non-compliance, meaning news sites should have due diligence on what’s loading on their pages…like, yesterday. In their study, the Reuters researchers have included handy rundown of types of third-party content that a site might be carrying and the purposes of each, many of which are not inherently problematic. But just to give you a taste of the range: Loading images from hosting services like AWS? Run Google Analytics? Load ads via Google’s DoubleClick network? Have a Facebook “Share” widget? Include Taboola/Outbrain recommendations on your page? That’s all part of this.

So what are news organizations to do about their sites, with GDPR coming into effect in a little over a week? Researchers Timothy Libert and Rasmus Kleis Nielsen offer a helpful matrix for understanding relative privacy risk of each type of content loaded, as it applies to users:

News organizations should be able to make some simple improvements to protecting users’ privacy pretty easily (see especially, the “low risk,” “low effort to replace” items):

For sites focused on improving privacy especially in light of the GDPR, content which ranks ‘low’ on the effort scale could be prioritized for migration. Hosted JavaScript files, fonts, and images all have low-to-medium privacy risk, and in some cases changing a single line of code may provide immediate privacy gains.

Similarly, social media buttons frequently set cookies and may link browsing data directly to users’ profiles, representing a high privacy risk. While social media companies provide code to enable sharing, it is possible to implement widgets on a first-party basis which facilitate social sharing. Even if social media companies would prefer sharing to happen with their widgets, they have no interest in preventing sharing.

The full study is available here.

Photo of cookie crumbs by Dean Shareski used under a Creative Commons license.

POSTED     May 14, 2018, 7:01 p.m.
SEE MORE ON Business Models
SHARE THIS STORY
   
 
Join the 45,000 who get the freshest future-of-journalism news in our daily email.
How I cheated the Apple Podcast charts for $5
Plus: How your favorite shows are covering the midterm elections, The Washington Post named its daily host, and the Spiro Agnew content you’ve been craving.
Younger generations are actually better at telling news from opinion than those over age 50
The kids, it turns out, are alright.
What happens when Facebook goes down? People read the news
Without a News Feed to scroll through, more people head directly to news sites for their information fix.