A growing number of websites, visited by millions of consumers every day, use what is known as “session replay software,” which allows a company to record everything a user does on a site.
It has been compared to a website operator who “looks over the user’s shoulder” while the user is on the website. It sounds aggressive, but privacy experts are divided on whether it poses a threat.
Patricia Thain, CEO of Private AI, a company that edits and replaces personally identifiable information (PII), says the technology has been around for years but is only now gaining traction.
“There is currently no clear law that prohibits the use of session replay technology, which is why we are seeing consumer lawsuits,” Thane told ConsumerAffairs. “As people become more concerned about data privacy, they will begin to question any collection of their information, even potentially including personal information, without express consent.”
Paul Bischoff, a privacy advocate at Comparitech, a technology research firm, says websites that use the technology say they only use the data to help them improve their users’ online experience.
“In the past, session replay was mainly used for troubleshooting and diagnostics. It’s useful for finding obstacles where users get stuck or confused, he told us. “But some apps and sites have used it for analytics and marketing purposes.”
Consumers must be informed
In fact, California and Florida, as well as 11 other states, have all-party consent laws that require all parties to a conversation or interaction to consent to the recording. Pennsylvania has perhaps the strictest statute, as it expressly requires prior consent before any recording of user interaction.
Reason for concern?
As more and more websites adopt this practice, Ian Cohen, CEO and founder of LOKKER, a provider of data privacy and compliance solutions for businesses, says consumers need to be aware that their online activity is being tracked, and in some cases is recorded
“Consumers should be concerned, but there’s not much they can do,” Cohen told ConsumerAffairs. “First, they won’t know that these tools are working ‘behind the scenes’ of their site visit. Second, even if a company discloses that it uses these tools, consumers are unlikely to be able to opt out and continue using the site.”
Does this practice pose a danger to web users? Cohen says yes, but not really from a website that uses data to customize user experience. Rather, he says the danger may come from potential data leaks that could expose web users to “significant harm,” including identity theft and financial fraud.