Another consumer privacy issue in the age of GDPR: Session replay scripts
A Princeton University study finds that such tracking of user browsing can collect and distribute a lot of confidential info.
For companies complying with the upcoming General Data Protection Regulation (GDPR), it’s not just about a user’s name, email address or cookie.
A recent post from Princeton University researchers points to the practice by some websites of running session replay scripts without telling users:
These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.
The study looked at seven of the most popular session replay providers — Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale and SessionCam. Among the top 50,000 sites on Alexa, 482 employed session replay services.