Research: LOKKER’s Analysis of the Top 100 U.S. E-commerce Websites Finds Significant Data Privacy Risks for Consumers During the 2022 Holiday Season

Businesses Inadvertently Shared Shopper Data Through Trackers, Pixels and Cookies, Putting Them in Danger of Breaches and Non-Compliance

REDWOOD CITY, Calif., Jan. 24, 2023 /PRNewswire/ — LOKKER, provider of online data privacy and compliance solutions for the enterprise, today released findings from an evaluation of the top 100 e-commerce sites in the U.S., from Thanksgiving through Cyber Monday. LOKKER’s research examined how consumer data was collected, shared and sold during the peak 2022 holiday shopping days. The company’s discoveries raise significant alarms for businesses, particularly as Data Privacy Week kicks off.

Adobe Analytics reported that U.S. consumers spent just over $35 billion online during the five-day period starting on Thanksgiving and continuing through Cyber Monday. While this was happening, LOKKER found that social media companies and data brokers also went on a shopping spree collecting consumers’ personal data.

With a flurry of recent class action lawsuits and state Attorneys General actions, as well as increased regulatory enforcement with laws like the California Privacy Rights Act and Virginia’s Consumer Data Protection Act recently going into effect, the financial and reputational impacts for businesses of not protecting consumers’ information are significant. Given this, companies must be aware of the cookies, pixels and trackers on their websites that are gathering and sharing consumer data without consumers’ consent.

Social Media Sites Mined Shopper Data

Online trackers like hidden third-party JavaScript collect data from users often without their permission and share it with other businesses. LOKKER found that Facebook tracked users on over 60 of the top shopping websites, Pinterest on 35 and TikTok on 22. Snapchat and Twitter were also found on 19 and 18 of these websites, respectively. While consumers shopped, these social media companies were collecting information about what sites and pages they visited, what products they searched for, users’ locations, etc.

Cookies and Recording Tools Tracked Consumer Behavior

Browser cookies are widely used during consumers’ shopping experiences to track their online behavior. LOKKER found over 3,000 cookies across the 100 e-commerce websites it analyzed. Google’s Doubleclick ad network led the way with the most cookies (on 77 sites), closely followed by Microsoft (on 59 sites), Verizon (on 58 sites) and Adobe (on 50 sites), with Experian and Oracle not far behind (on 46 sites and 42 sites, respectively). LOKKER also identified 21 different website session recording tools that were implemented across the top e-commerce sites, watching consumers’ online activities, interests and behaviors.

The “Grinch” is Collectively Big Tech, Big Data, and Big Finance

LOKKER found the top 10 online trackers on the websites it analyzed over the holiday period included Google, Facebook, Microsoft, Verizon, Adobe, Experian, Oracle, Pinterest, Taboola and TransUnion.

“While we shopped online in record numbers this holiday season, our personal information was collected, analyzed, shared, sold and resold through an intricate web of Internet technologies,” said Ian Cohen, founder and CEO of LOKKER. “These trackers, pixels and cookies that run behind the scenes on the websites we visit put our data privacy in significant jeopardy. As many states launch new privacy protections, including California, Colorado, Connecticut, Virginia and Utah, businesses must take control of the data privacy risks on their websites and protect the consumers that visit them. If they don’t, they risk not only losing customers’ trust, but also incurring costly regulatory fines, penalties and legal expenses.”


LOKKER is a Silicon Valley-based data privacy technology company creating software for companies to protect their customers’ sensitive personal information. LOKKER’s Privacy Edge™ platform is a SaaS-based solution that automates detection and mitigation of online threats that lead to major incidents, fines and reputational damage for companies. For more information visit,