A lot of people have become numb to the constant tracking of personal data in almost every area of daily life. It’s considered an inevitability, an unavoidable annoyance that is too complicated and bothersome to care about in the midst of a busy workday. What people are doing, already did, might do, thought about doing; what they eat, drink, love and hate; their age, health, buying preferences, religious preferences, ailments and contact details are all omnipresent online. Information is the flywheel that powers most of the internet. And very few know exactly where that data goes or who has it. 

Someone’s online identity, which is arguably a large part of their overall identity, is continuously growing as data is gathered, cross referenced and matched with other data. The end result may be a close approximation of who people really are, or it may be way off the mark. Regardless, it is out there representing individuals online, whether they like it or not. And there lies the risk.

What people don’t see (can’t see) are the hidden trackers and the risks they pose, both to individuals, and to the companies that often inadvertently host them and get sued, or worse, for doing so. Companies place trackers and cookies on their websites that collect user information. Most people don’t know where that information goes (known unknowns). The bigger issue is that for every tracker placed on a website, there are 10X more trackers attached to it. Moreover, these trackers are invisible, and oftentimes invisible even to the websites hosting them (unknown unknowns). In other words, there are 10X more trackers gathering and sharing data than often meet the eye.

The consequences of this data hoarding are often hard to see, but they are very real and often serious. Knowing intimate details about a person gives both spammers and hackers an easy target. The impact ranges from annoying — robocalls, text spam, email spam and constant clickbait ads — to outright criminal conduct — elaborate financial scams, often targeting the most vulnerable, phishing, ransomware attacks, cyberbullying, stalking and harassment. These all rely on knowing enough about someone to fool them or harm them. These are real consequences for real people. 

How did this happen?

The root of the problem is that people build their websites using lots of third-party tools and software (cloud applications). Data brokers and ad platforms take advantage of this fact. These tools often inadvertently enable a backdoor for trackers, which share data with other trackers “fourth parties”, which in turn share data with other trackers "fifth parties”, and so on. The end result is an exponential explosion of trackers that metastasize like viruses accessing data that has put everyone at risk. It has become a free-for-all ecosystem with few rules or guardrails. Who benefits? Ad platforms and the data brokers who collect and resell data. Who loses? Everyone else.

Companies care about their customers and usually do their best to safeguard their data. But what many companies don’t realize is the extent of “sharing” happening on their websites. Companies need better tools to address this threat.

How can organizations protect themselves and their customers?

With gridlock at the federal level, states are taking the lead at safeguarding consumers’ online privacy. With new laws, states have recognized the need to act and protect their constituents. These laws require robust notice and disclosure to consumers about who is accessing, buying or selling their data. They also give consumers actionable steps to protect themselves, such as the right to access their data, the right to edit, and the right to be forgotten. The trouble for companies is that they can’t see or control many of the trackers well enough to deliver these rights to their customers. 

The tools most companies use today are leaving them (and their customers) at risk. This is a problem that can only be solved with real time technology that addresses the underlying structural deficits of how websites are built, and meets the urgent demand of complying with new privacy regulations. 

Asking a user to opt in to hundreds of trackers is not reasonable, and the regulators and private lawsuits have made it clear that this method alone is inadequate. Given the explosion of oversharing online data, recent breach notifications underscore the growing danger that exists in the online world. Gaining control of this sprawling landscape of invisible trackers is imperative to maintaining a safe and secure online economy.