Several major technology companies are allegedly placing advertising cookies in users’ browsers even after those users decline tracking, according to new research from privacy organization webXray. The audit examined California web traffic in March and found that 194 advertising services ignored legally recognized Global Privacy Control signals, which are intended to communicate a consumer’s request not to have their data sold under the California Consumer Privacy Act. Regulators have previously fined companies for failing to honor these signals, including Sephora in 2022 and Disney earlier this year.
The report claims Google failed to honor opt‑out requests in most cases, with network traffic allegedly showing servers issuing commands to create ad cookies despite user preferences. Google disputed the findings, calling the report a misunderstanding of how its systems function. Microsoft was also cited for a high rate of noncompliance, though the company said some cookies are necessary for operational purposes. Meta reportedly showed similar behavior, with researchers stating its code sets tracking cookies regardless of opt‑out signals. Meta rejected the findings as misleading and said the privacy control governs data sharing, not collection. The research was first reported by 404 Media.
