LOKKER: Serious online consumer data privacy risks in S&P 500, vertical industries
LOKKER, provider of online data privacy and compliance solutions for enterprises, today launched its latest research report, Online Data Privacy Report March 2024. LOKKER’s research analyzed 3,419 U.S. websites across four industries including healthcare, technology, financial services and retail businesses. Additionally, the study looked at the S&P 500.
The findings showed significant consumer data privacy risks, with 2% sharing data directly with Russia or China In general, the report found that companies are not equipped with the right tools to track, monitor and remediate web privacy risks.
These risks coincide with President Biden’s recent executive order targeted at protecting consumers’ personal data from foreign adversaries, and an increasing number of lawsuits against companies for privacy violations, which they often do not realize they are committing.
LOKKER’s research identified three critical areas of risk to organizations and their consumers: 1) unauthorized consumer data collection through third-party trackers, tags and pixels and how they are fueling the data broker ecosystem, potentially exposing consumers’ data to foreign rivals; 2) how privacy tools are often failing to meet the requirements of emerging laws; and 3) the escalating complexities of protecting consumers’ data privacy online.
“LOKKER’s research sheds light on critical issues that businesses often underestimate,” said Ian Cohen, founder and CEO of LOKKER. “Unauthorized data collection through third-party trackers and related technologies is far more pervasive than most people realize. We all build websites with third-party tools, and they use other third-party tools, and so on. Many of these are essential and necessary. However, this web of interconnected technologies produces dozens to hundreds of URLs collecting data on a single webpage and is the engine that powers the data broker market. Moreover, data collection on websites and ad tech happens in real time; existing privacy tools are not real-time, and therefore not getting the job done. As a result, we’re seeing a dramatic increase in privacy violations, lawsuits and fines.”
Key findings in LOKKER’s latest research report include:
The threat of data brokers sharing consumer data with foreign adversaries
- 12% of websites across all industries researched have the TikTok pixel (9% of S&P 500, 25% of retail, 7% of technology, 6% of financial services and 4% of healthcare companies). While still relatively low compared to Meta or other social media companies, TikTok and the information it collects is of increasing concern in Washington, D.C., in the context of data sharing and China. The pixel allows additional profiling of users to fuel data broker activity.
- 2% of websites collect data via web trackers that originate from China, Russia or Iran.
- 47% of websites have the Meta Pixel (55% of S&P 500, 58% of retail, 42% of financial services and 42% of technology companies).
- 33% of healthcare companies researched utilize the Meta pixel on their websites. This is despite lawsuits, breaches, fines and FTC warnings to 130 healthcare organizations against the improper use of web trackers collecting sensitive health data.
Existing privacy tools need to improve
- 67% of websites across all industries researched feature a consent banner, suggesting an increased desire to protect consumers (88% of S&P 500, 67% of retail, 67% of technology, 63% of financial services and 59% of healthcare companies).
- However, the research reveals these tools frequently fail to function as intended. 98.5% of websites load cookies upon page load, averaging 33 cookies before the consent banner appears. These often include non-essential trackers, leaving users unable to reject cookies before loading.
- Findings additionally revealed:
- Consent banners frequently misclassify or overlook cookies and trackers.
- There's no standardized distinction between performance, analytics and advertising trackers.
- Technologies like browser fingerprinting, which identifies consumers through their unique browser settings, are often excluded from consent tools.
- There are major shortcomings in scanning for new web trackers because these trackers and tags often change daily.
- The dynamic nature of the web means tracker changes may go unnoticed by consent tools, resulting in users unwittingly consenting to undesired data collection.
With a patchwork of state and federal laws expanding, compliance becomes increasingly complex, accompanied by a surge in regulatory actions and lawsuits
- 5% of websites across all industries researched are at risk of VPPA lawsuits, which are those that have the Meta pixel or other social media trackers on pages containing video players (10% of S&P 500, 5% of technology, 4% of retail, 4% of financial services and 3% of healthcare companies).
For LOKKER’s complete report that discusses these risks and their impacts further, as well as ways organizations can address online data privacy threats, visit https://lokker.com/online-data-privacy-report-march-2024/.