Most cookie consent pop-ups served to internet users in the European Union — ostensibly seeking permission to track people’s web activity — are likely to be flouting regional privacy laws, a new study by researchers at MIT, UCL and Aarhus University suggests. “The results of our empirical survey of CMPs [consent management platforms] today illustrates the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to — or worse, incentivising — clearly illegal configurations of their systems,” the researchers argue, adding that: “Enforcement in this area is sorely lacking.” Their findings, published in a paper entitled “Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence,” chime with another piece of research we covered back in August — which also concluded a majority of the current implementations of cookie notices offer no meaningful choice to Europe’s Internet users — even though EU law requires one. When consent is being relied upon as the legal basis for processing web users’ personal data, the bar for valid (i.e.