Tech Giants Accused of Ignoring Cookie Opt-Outs, Preferring Fines Over Compliance

A comprehensive audit conducted by webXray has uncovered widespread non-compliance regarding online privacy, suggesting that major technology firms are intentionally ignoring user requests to reject tracking cookies. The findings indicate that industry giants view the financial penalties for violating privacy laws as a manageable cost of doing business rather than a reason to modify their behavior.

The Cost of Doing Business

The report highlights a troubling trend where ad tech companies continue to deploy tracking mechanisms despite receiving explicit opt-out signals from users. webXray estimates that rather than adhering to regulations, companies are effectively budgeting for potential fines. The auditor projects that the industry could face roughly $5.8 billion in penalties, a sum apparently deemed less costly than losing out on valuable user data.

Specific allegations point to distinct patterns of behavior among the top players:

• Google: The search giant reportedly ignored 86% of user opt-out requests, with tracking remaining active on 77% of analyzed sites. Potential fines are estimated at $2.31 billion.


• Microsoft: The company’s ad network disregarded approximately half of rejection signals, tracking users on 35% of client sites.


• Meta: The social media leader’s tracking code appeared to lack any mechanism to check for opt-out signals. While fewer sites detected the signal, 69% of those that did still ignored user preferences.

Technical Failures or Deliberate Bypass?

The rise of cookie consent banners was a direct response to privacy regulations, designed to give users control over their personal data. However, webXray’s March 2026 audit found that these safeguards are often performative. In the sample studied, 55% of websites set tracking cookies even after a user explicitly declined them, and 78% of consent banners failed to enforce the user's choice.

Timothy Libert, webXray’s founder and a former Google privacy engineer, noted that corporate leadership often blurred the lines between regulatory taxes and fines. This perspective suggests a mindset where paying for non-compliance is treated as an operational expense.

Industry Response

Google, Microsoft, and Meta have all pushed back against the audit's conclusions. They argue that the report mischaracterizes their technical implementations. Microsoft stated that certain cookies are essential for core site functionality, while Meta contended that their systems allow websites the discretion to manage consent signals, shifting responsibility away from the ad network itself.