laptop user using a credit card online

How safe is your personal data over the Black Friday weekend?

Black Friday is now the premier shopping event of the year here in the UK. Forget the weekend before Christmas and the Boxing Day sales; most retailers now see Black Friday as their big chance to hit their targets and “make bank” for the year.

Despite some backlash against Black Friday in recent years, and some retailers opting not to participate, many consumers can’t get online or to the shops quickly enough.

However, danger is potentially lurking for those of you who prefer to capitalise on Black Friday deals from home.

While most of us equate online risks to hacking, viruses, and other forms of malicious activity, your favourite shopping platforms could also be putting you at risk.

What types of data do eCommerce sites collect?

It depends where you shop!

While, in some cases, you will have the option not to share specific details, the chances are that the places you shop online are still collecting significant volumes of data on you. While not all data collection is risky – knowing what you like so you can get personalised offers is actually quite helpful – a significant volume of data collection is simply unnecessary.

Even if you checkout as a guest without creating an account, as a minimum, an eCommerce platform is collecting your name, address, payment card details, and maybe your phone number.

If you create an account, you might also share your social media profiles, occupation, clothing size, and various other details.

And that’s the stuff you know about! They may also be collecting things like your IP address, tracking how you interact with their website, and many other data points.

Check out the below table (click to enlarge), produced by VPNoverview, which highlights the data many of the UK’s most popular eCommerce platforms commonly collect.

Click to enlarge
Credit: vpnoverview

How worried should I be about eCommerce data collection?

As with the data collection itself, it depends on what it’s being used for.

Everyone will have their own opinions on what data collection is necessary and what they’re happy to provide. A good rule outside of providing details essential for buying, like payment details and your address, is to only provide things you wouldn’t mind being in the public domain. So if you’re happy with the world knowing your Instagram handle but less so about everyone knowing what you do for a living or how many kids you have, adapt accordingly.

If certain retailers make specific fields mandatory and you don’t want to share the data in question, you can always choose to shop elsewhere.

How to keep your personal data safe over the Black Friday weekend

While an eCommerce retailer falling victim to a data breach is beyond your control, there is plenty you can do to minimise what you share with these sites and reduce the risk of being affected if they are hacked:

  • If you set up an account, choose a unique password. If a website is hacked and cybercriminals can extract usernames, email addresses, and passwords, one of the first things they’ll do is try those same credentials on other websites. By creating a unique password for every site, you’ll minimise the risk of being affected by such activity.
  • Only buy from retailers you trust. As well as a wealth of offers and discounts, Black Friday also sees smaller retailers competing for a slice of what consumers spend. While some deals may seem attractive, it’s best to stick to buying from retailers you trust. Cybercrime gangs have been known to set up networks of scam websites ahead of Black Friday, advertising incredible deals that are actually just a front for stealing your payment credentials.
  • Don’t share details you don’t need to. These days, many eCommerce sites allow you to set up a full-on profile as if they’re a social networking site. There’s no reason for an eCommerce platform to need you to upload your image, tell them how much you earn, or link your social media accounts to it. Only share details necessary for completing transactions and consider buying elsewhere if unnecessary details are deemed mandatory.
  • Disable and delete cookies. This doesn’t have much impact from a cybercrime perspective, but if you’re uneasy about how websites track you, it’s a step worth taking. When you get a cookie pop-up on your screen, don’t just “Accept All.” Instead, open the options and reject all but necessary functional cookies. This stops those websites from tracking you elsewhere online. Give yourself a fresh start by opening your browser settings and deleting all cookies, and then managing what you accept in future.

If your data is used without your permission, you could be entitled to compensation

If your personal data is collected or used without your permission, regardless of the circumstances or whether you suffer financial loss, you could be entitled to compensation.

If you believe your data and privacy rights have been compromised, LawPlus may be able to help.

Contact us now for a free, no-obligation assessment of your potential data breach claim. If we believe you have grounds for a claim, you may instruct us to proceed with a claim on your behalf on a no-win, no-fee basis.