Should we be worried about our data being leaked when shopping online?
17. 9. 2024
In today's age of internet technology and digital commerce, online shopping is a normal part of many people's lives. Although this form of shopping brings convenience and a wide choice of goods, it also raises concerns about the security of personal data. The issue of data leakage from e-commerce platforms is entirely legitimate and requires careful consideration.

One of the most significant data breaches in e-commerce history was the eBay incident in 2014. Hackers managed to gain access to eBay's customer account database and steal the data of more than 145 million users, including email addresses, passwords and other personal information. This incident caused serious concern among users and led to increased awareness of the importance of data security in the online environment.
Another example is the Target data breach in 2013, when the information of more than 110 million customers, including payment card and personal information, was stolen. This incident showed the vulnerability of even established retail giants and highlighted the need for better data protection.
Perhaps the most resonant in the Czech environment was the leak of around 750,000 user data following the hacking attack on Mall.cz in 2017. From a current perspective, the misuse of millions of customers' data for its own benefit by Chinese marketplace Pinduoduo and similar allegations by another, also Chinese, giant Temu are warning signs.
Security risks when shopping online
So is online shopping safe? When making online purchases, consumers are required to provide a range of personal information, including payment information, address and contact details. This information can be a valuable target for cyber criminals seeking to obtain sensitive data for nefarious purposes such as identity theft, fraud or extortion.
With the growth of e-commerce giants, a new phenomenon is also emerging - the misuse of user data directly by the online store itself - indeed, the examples of Chinese marketplaces above only prove the point. It should be added, however, that typically in the EU, the collection of user/personal data is strictly regulated and above all controlled, so there should be no danger when shopping at verified and well-known online stores.
However, all large eshops are also connected to sometimes dozens of external services, typically to collect data for web analytics, personalisation, marketing campaigns or internal process automation. So isn't there a danger here as well?
Use of data by external services
First of all, it should be said that I can speak primarily for our Zoe.ai service, which is used by merchants in the online space primarily for better personalization of product offerings, i.e. in other words, the e-shop should show you as a customer relevant goods "tailored" to your individual preferences at specific locations.
What do we, as a personalisation service Zoe.ai, need for this? First and foremost, our "data tree" is divided right after arrival into users who "tick" on the cookie selection bar to accept or reject. This plays an important role when recommending products, for example. Furthermore, we only collect data that is generated directly on the e-shop itself. That is, how long you look at a particular page or part of a page, view a particular product image or, conversely, its textual description. This is relevant from our point of view. One can also track mouse movements and, of course, the actual passage through the e-shop in the context of other users.
You should also be aware that you are leaving other user data to the web browser from which you access the e-shop or other website. From there, the tools download data about your device - typically your IP address, device type (mobile/laptop/tablet), its make and model, screen resolution or audio settings. This data is still anonymous because it is just general information like "a car of a specific make, model and year drove down XYZ street at 15:35". However, they can serve as a substitute for cookies to "identify" a customer, for example, purely based on the statistical probability of how many users with a particular device and its settings may be in the online space at any given time. This is called a "device fingerprint". And again, I stress - it is purely anonymous in terms of data and gives no personal information to anyone else.
If you then log in to your user profile or loyalty programme at a particular e-shop, for example, the e-shop will of course identify you and can offer you products based on your last visit or purchase history. But here we are already talking about the fact that in order to create an account, you need to agree to the use of the data you fill in the contact form on the e-shop.
Generally speaking, online purchases can be trusted when using well-known and verified eshops or marketplaces, ideally in the EU or the USA, as these cannot afford to accept an external service that hacks into their users' personal data. We know this very well from our own example, when opening a new cooperation, each eshop asks us carefully about the extent of the use of customer data and its anonymization. This is a good thing, and it reinforces confidence in the fact that in the online space, shopping can be not only significantly easier, but also safer.
Let's talk
To arrange a demonstration with one of our experts, or to request a free consultation with one of our e-commerce specialists, please contact us. We will demonstrate how Zoe.ai can help you and your e-commerce store become more profitable.