The APDCAT warns of the risks of losing control of personal data with e-commerce

The Catalan Data Protection Authority (APDCAT) warned on Tuesday, coinciding with the celebration of World Consumer Rights Day, of the risks to privacy that online shopping may pose, a sector that is increasingly the rise, which has doubled in recent years.

On the one hand, the dangers can be seen in the hands of third parties, cybercriminals who take advantage of the proliferation of online stores to deceive consumers, hijack or encrypt store data to demand ransom, and other forms of cybercrime. Precisely, security incidents in e-commerce have not stopped growing. Counting phishing attacks alone, it is estimated that over 3.5 billion fraudulent emails are sent every day, causing 90% of data leaks. Specifically, in 2021, globally, more than 10,000 domains were detected supplanting online stores.

On the other hand, the consequences of the voluntary transfer of personal data to the store, to get a customer card, to enter a raffle, etc. must also be taken into account. The terms of this assignment must be ascertained beforehand, to prevent the data from being used by third parties without their knowledge.

In addition, the configuration of cookies when entering the website is determined, because they monitor the activity of users and can be used to create profiles. These profiles can be used to show personalized advertising, among other things, in order to influence the behavior of consumers. Therefore, the use of cookies may violate privacy, which is why consumers must give their consent to the online store in order to use them.

To raise public awareness of these threats in online shopping, APDCAT has released an informative video with tips to prevent practices that could affect the rights and freedoms of users.

The security of online shopping has to do with the confidentiality of the data, the authentication of the identification, the integrity of the data and the non-alteration of the data, and the guarantee of purchase. The use of digital certificates, quality seal of the establishment and payment gateways with a double security system are key elements in preventing the loss of control of personal data.