- webXray audit finds Google, Microsoft and Meta ignoring Global Privacy Control signals
- Despite legal requirements in California and other states, 55% of websites still set opt-out advertising cookies
- Report highlights Google’s 86% error rate, Microsoft’s one-year tracking cookie and Meta’s continuous event logging; potential $5.8 billion commitment is expected
Big tech companies like Google, Microsoft and Meta completely ignore people’s explicit requests not to be tracked or to have their browsing data sold to third parties. This is according to a new forensic audit recently conducted by webXray, a search engine for analyzing Internet tracking, traffic and content.
Earlier this year, webXray published the March 2026 California Privacy Audit, in which it said that even when users explicitly invoke Global Privacy Control (GPC), 194 online advertising services still set tracking cookies.
GPC is a browser signal that tells websites users don’t want their data sold or shared. Although this is a technical standard, there are certain US laws that require companies to comply with it. For example, laws such as the California Consumer Privacy Act or the California Privacy Rights Act have made GPC legally binding, with regulators in the country saying that a valid GPC signal must be treated as an opt-out request.
The article continues below
Greater liability exposure
According to Cybernews, the GPC has legal authority in four US states today, and even in those areas – some companies ignore it completely.
While working on the California Privacy Audit, webXray analyzed “thousands” of popular websites in California and found that more than half (55%) set advertising cookies despite user opt-outs. Among them is Google, with an error rate of 86%.
When a user invokes GPC, the company allegedly creates a two-year “IDE” advertising cookie. Microsoft, on the other hand, returns a one-year “MUID” tracking cookie, while Meta records tracking events regardless of the user’s privacy settings.
So far, none of the companies called out in the report have commented on the findings.
However, they may soon, as the report’s authors believe that there is a basis for a class action here. In fact, they project a potential total liability exposure of $5.8 billion across the industry.
Via Cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
