Data protection compliance of UK websites

Emprical study on data processing consent; survey of 200 most-popular e-commerce UK websites

The study aimed at understanding the level of compliance with data protection requirements by websites registered in the United Kingdom. It carried out a statistical survey and an empirical study on the practices of online service providers concerning the processing of personal data and, in particular, it analysed the behaviour of UK websites with respect to the sending of unsolicited commercial emails (also known as ‘spam’). Personal data and email address were submitted to a representative sample of UK websites (by means of simulated identities), and quantitative data on ‘spam’ was collected and processed.

Based on the analysis of the elements that ought to be in place to seek and obtain valid consent under EU law, the study unveiled a striking departure between current EU data protection requirements and practice in processing personal data by UK commercial websites. Thus, this study represents the stepping stone for policy debate and legislative intiatives on the use and misuse of personal data on the Internet.

Methodology, findings and conclusions of the study in the framework of EU data protpection law are extensively discussed in the paper of Maurizio Borghi, Federico Ferretti, Stavroula Karapapa, “Online data processing consent under EU law: a theoretical framework and empirical evidence from the UK”.

>> The raw data of the study are available here (pdf):

 Press coverage and presentations