Audit Reveals Major Privacy Violations by Google, Microsoft, and Meta

Severity: High (Score: 66.5)

Sources: oag.ca.gov, www.cybersecuritydive.com, Rss.Slashdot, Darkreading, Therecord.Media

Summary

An independent audit by webXray has found that Google, Microsoft, and Meta are failing to honor user opt-out requests for tracking cookies, potentially violating California's privacy laws. The audit examined web traffic from over 7,000 popular websites in California during March 2026 and revealed that 55% of these sites set ad cookies despite users opting out. Google reportedly ignored opt-out signals 87% of the time, while Microsoft and Meta had failure rates of 50% and 69%, respectively. The findings suggest that 194 online advertising services are not complying with legally defined opt-out signals, which could lead to billions in fines for these tech giants. Each company has disputed the audit's findings, claiming misunderstandings regarding their tracking practices. The California Consumer Privacy Act (CCPA) allows users to opt out of the sale of their personal information, but the audit indicates widespread non-compliance. The implications of this audit could lead to significant regulatory scrutiny and potential legal actions against these companies. Key Points: • Audit found Google, Microsoft, and Meta ignoring opt-out signals for tracking cookies. • 55% of sites studied set ad cookies despite user opt-out requests. • Potential for billions in fines due to violations of California privacy laws.

Key Entities

• Data Breach (attack_type)
• France (country)
• Ireland (country)
• United States (country)
• bing.com (domain)
• Technology (industry)