- webXray audit finds Google, Microsoft and Meta ignoring signals from global privacy watchdog
- Despite legal requirements in California and other states, 55% of sites continue to set advertising cookies after they opt out.
- The report highlights Google’s 86% failure rate, Microsoft’s one-year tracking cookie, and Meta’s continuous event logging; potential liability of $5.8 billion expected
Big tech companies like Google, Microsoft, and Meta completely ignore people’s explicit requests not to be tracked or to sell their browsing data to third parties. This is according to a new forensic audit recently conducted by webXray, a search engine for analyzing Internet tracking, traffic and content.
Earlier this year, webXray released the March 2026 California Privacy Audit, which reported that even when users explicitly invoked Global Privacy Control (GPC), 194 online advertising services still set tracking cookies.
GPC is a browser signal that tells website users that they do not want their data sold or shared. Although it is a technical standard, some U.S. laws require companies to follow it. For example, laws such as the California Consumer Privacy Act or the California Privacy Rights Act have made GPC legally binding, with regulators across the country asserting that a valid GPC signal should be treated as an opt-out request.
Article continues below
Major liability risk
According to Cybernews, GPC today has legal authority in four US states, and even in those territories – some companies ignore it completely.
As part of its work on the California Privacy Audit, webXray analyzed “thousands” of popular websites in California and found that more than half (55%) were setting advertising cookies despite users’ opt-out. Among them is Google, with a failure rate of 86%.
When a user invokes GPC, the company would create a two-year “IDE” advertising cookie. Microsoft, on the other hand, returns a one-year “MUID” tracking cookie, while Meta logs tracking events regardless of the user’s privacy settings.
So far, none of the companies named in the report have commented on the findings.
But that could happen soon, as the report’s authors believe there are grounds for class-action litigation here. In fact, they project an overall potential liability exposure of $5.8 billion across the entire industry.
Via Cybernews
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
