For companies complying with the upcoming General Data Protection Regulation (GDPR), it’s not just about a user’s name, email address or cookie.
A recent post from Princeton University researchers points to the practice by some websites of running session replay scripts without telling users:
These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.
The study looked at seven of the most popular session replay providers — Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale and SessionCam. Among the top 50,000 sites on Alexa, 482 employed session replay services.
Comments