An evaluation of the top 100 e-commerce sites in the U.S., from Thanksgiving through Cyber Monday examined how consumer data was collected, shared and sold during the peak 2022 holiday shopping season. The study, conducted by Lokker, revealed a significant data privacy risk for consumers, particularly as Data Privacy Week kicks off.

Adobe Analytics reported that U.S. consumers spent just over $35 billion online during the five-day period beginning on Thanksgiving and continuing through Cyber Monday. In a separate analysis, Lokker, found that social media companies and data brokers also went on a shopping spree during this same time period, collecting consumers’ personal data.

With a flurry of recent class action lawsuits and state Attorneys General actions, as well as increased regulatory enforcement with laws such as the California Privacy Rights Act and Virginia's Consumer Data Protection Act recently going into effect, the financial and reputational impacts for businesses of not protecting consumers’ information are significant. Given this, companies must be aware of the cookies, pixels and trackers on their websites that are gathering and sharing consumer data without consumers’ consent.

Social media sites mined shopper data

Online trackers, such as hidden third-party JavaScript, collect data from users, often without their permission and share it with other businesses. Lokker’s analysis found that Facebook tracked users on over 60 of the top shopping websites, Pinterest on 35 and TikTok on 22. Snapchat and Twitter were also found on 19 and 18 of these websites, respectively. While consumers shopped, these social media companies were collecting information about what sites and pages they visited, what products they searched for, users’ locations and more.

Cookies & recording tools tracked consumer behavior

Browser cookies are widely used during consumers’ shopping experiences to track their online behavior. The analysis discovered over 3,000 cookies across the 100 e-commerce websites it analyzed. Google’s Doubleclick ad network led the way with the most cookies (on 77 sites), closely followed by Microsoft (on 59 sites), Verizon (on 58 sites) and Adobe (on 50 sites), with Experian and Oracle not far behind (on 46 sites and 42 sites, respectively). Twenty-one different website session recording tools that were implemented across the top e-commerce sites were also found to be watching consumers’ online activities, interests and behaviors.

The “Grinch” is collectively big tech, big data and big finance

The top 10 online trackers on the websites analyzed over the holiday period included Google, Facebook, Microsoft, Verizon, Adobe, Experian, Oracle, Pinterest, Taboola and TransUnion.

Click here for more information on the analysis.