The recent Cyber Weekend was a boon for online mining of consumer data, with major social media players using cookies to track users’ activity across the internet, including of course ecommerce websites, often without permission, then sell the data to advertisers.
Data privacy firm Lokker studied activity across 100 top ecommerce sites as ranked by SimilarWeb based on total traffic, from Thanksgiving through Cyber Monday. It found that Facebook tracked users on over 60 of the top sites, Pinterest on 35 and TikTok on 22, with Snapchat and Twitter active on 19 and 18 top sites, respectively.
Lokker found over 3,000 cookies across the 100 top ecommerce sites it analyzed, with Google’s Doubleclick ad network dropping them on 77 sites, followed by Microsoft (59 sites), Verizon (58 sites), Adobe (50 sites), Experian (46 sites) and Oracle (42 sites). The company also identified 21 different website session recording tools used, collecting data on consumers’ activities, interests and behaviors.
The top 10 companies tracking shoppers on the ecommerce sites Lokker analyzed were Google, Facebook, Microsoft, Verizon, Adobe, Experian, Oracle, Pinterest, Taboola and TransUnion.
Jeremy Barnett, chief customer officer for Lokker, said retailers need to take responsibility for protecting consumer data to ensure a safe web experience on their site. “They need to be aware of what’s running behind the scenes on their site from third parties, who may be harvesting their customers’ information,” Barnett said.
He added companies could be running afoul of new privacy laws enacted by several states in 2023, including California, Colorado, Connecticut, Virginia and Utah.
Even with third-party cookies presumably going away in 2024, as Google and Apple saying they will finally be prohibited, bumping up the value of first-party data, a wealth of consumer information amassed until then will still be stored and available to social media players, ad tech platforms and advertisers, Barnett said.
“You may not be identified as an individual, but your cookie ID stays with you,” he said. “If you’re logged out of Pinterest, for example, but have a Pinterest ID, once you log back in, you’re re-identified. That lasts for years. Even though the cookie is deleted from the browser, the ID persists on the network side, storing web activity.”
Barnett added Google itself will be a major beneficiary of the cookie sunset, as it will still be tracking user activity while advertisers and ad tech players will be much more limited. This is especially relevant, he said, in light of the Department of Justice’s lawsuit Tuesday against Google, seeking to break up its ad tech business over allegations of monopolistic power.
“Google is promising to disallow third-party cookies in its Chrome browser, but it’s only a benefit to them,” Barnett said. “It will shut off the economic benefit to so many other ad tech providers. If you’re a Chrome user and don’t get a third-party cookie, only Google gets the information about your website activity. It’s a double-edged sword for privacy. You need to get rid of third-party cookies, but Google still has access to all your web browsing activity, consolidating their power within all those networks.”