Legal icons and a laptop computer.

Have you ever searched online for dog food or a patio furniture, and all of a sudden you’re being ad served those very products on various platforms across all your devices?

Thanks to web tracking, retailers and advertisers can target you with highly customized advertisements based on your online activity. Knowing that your movements are being watched so closely may seem unsettling, but there are things you can do to limit web tracking and maintain privacy if that’s a priority for you.

What is web tracking?

Web tracking is a ubiquitous practice that businesses and advertisers use to collect, store and analyze data about how users behave on their websites. This includes gathering information about what you looked for, how long you remained on each web page and any actions you may have taken while you were there.

For example, if you visited a retailer’s website and searched for new beach towels, the business now knows that you are interested in this product and can target advertisements to you on their own web pages and on other websites.

Web tracking also helps retailers remember what you may have put in your shopping cart, which they then use to target you with emails reminding you to complete your purchase.

Common methods for tracking on the internet

Internet cookies

One of the most common tracking methods involves using HTTP cookies, which store small files on your browser with your user data. Cookies help retailers remember a user’s preferences and customize what content they deliver to them. First-party cookies help with functionality on the site, while third-party cookies can follow you around the internet and target content to you from website to website.

IP tracking

Retailers and advertisers often use IP address tracking to figure out a user’s geographic location and other key demographic information. This can help them refine their targeted advertising strategies.

Why regulators care about website tracking

Regulators are keeping a watchful eye on website tracking due to privacy concerns. While it’s not illegal for retailers and advertisers who are compliant with relevant consumer and data privacy laws to track user data, regulators are focused on ensuring users provide consent before their information is captured by businesses.

With data breaches on the rise, regulators are also concerned that sensitive user data may get caught up in cyber crimes and put users at risk of identify theft or extortion.

Another risk is the potential for user data to be used to advance unfair pricing practices or predatory marketing to vulnerable consumers.

Data privacy regulations

Regulators both in the US and around the world have enacted laws to protect consumers and their data. While there is no federal privacy legislation in the US, many states have their own privacy laws, including California and Colorado.

California

  • California Consumer Privacy Act (2020): The first data privacy law in the US, this legislation gives California residents control over how their private data is collected and used. It also requires businesses to disclose how they use consumer data.
  • California Privacy Rights Act (2023): This legislation built upon the 2020 law to provide consumers with even more control over their data, including the right to ask businesses to correct inaccurate personal data, the right to allow businesses only to use your data for essential services, the right to opt out of having your personal data sold, and the right to opt out of having technology make automated decisions about significant life events, such as healthcare or hiring.

Colorado

  • Colorado Privacy Act (2023): This law gives Colorado residents rights over their personal data, including accessing, deleting, correcting and opting out of targeted marketing efforts. This legislation applies to businesses handling large amounts of consumer data.
  • Amendments for 2026: The amendments effective in 2026 expand Colorado’s privacy framework to include the Colorado Artificial Intelligence Act.  The changes target the use of AI systems for significant decision-making, ended the grace period for curing privacy violations, added a Universal Opt-Out Mechanism (UOOM ), and added new protections for minors and biometric data.

Ethical tracking: Honoring opt-outs

Once the floodgates have opened, targeted marketing emails can quickly overwhelm consumers’ inboxes. That’s why regulators are working to make it easier to opt out of online marketing.

One way is through UOOMs. These enable consumers to use a single setting on their browsers to let businesses automatically know their marketing preferences for their personal data.

Object-oriented Programming System (OOPS) technology also supports consumer privacy by providing another way to opt out of online marketing by changing a single browser setting.

A growing number of states, including California, Connecticut and Colorado, have legislation that requires businesses to honor these Global Privacy Control (GPC) settings, which adds another layer of convenience for consumers looking to control how their data is used by marketers.

Website compliance risks

Although web tracking legislation has been on the books for many years, it continues to remain in the spotlight as technologies evolve and consumers seek new ways to ensure their private data is protected.

Savvy marketers are looking to avoid pitfalls that may put them at risk, such as using tracking pixels before a consumer has consented to web tracking, making it difficult to opt out of tracking and using background tracking pixels that are unknown to web visitors. As legislation evolves, some businesses may not even realize they are breaking any rules.

Businesses that are out of compliance can face significant fines, regulatory investigations and lawsuits. In fact, in places like California, they can be fined thousands of dollars for each instance of an alleged violation. That’s why maintaining awareness of current regulations and proactively aligning policies and practices with data privacy laws is critical for any business.

Cyber coverage for site owners

Web tracking compliance is not optional for businesses that operate online, and it’s critical that they take the measures necessary to comply with the data privacy regulations that are in place to protect the private data of consumers.

Beyond regulatory compliance, cyber insurance coverage offers another level of protection to businesses looking to reduce their exposure related to consumer data privacy. Partnering with a cyber insurance professional can help businesses ensure they have the right protection in place, both to safeguard their customer data and for their own peace of mind.
Learn more about cybersecurity and best practices for prevention

Related topics & resources

Why you might need cyber coverage
Types of cyber-attacks
Do privacy regulations impact you?
More cybersecurity resources

Product, coverage, discounts, insurance terms, definitions, and other descriptions are intended for informational purposes only and do not in any way replace or modify the definitions and information contained in your individual insurance contracts, policies, and/or declaration pages from Nationwide-affiliated underwriting companies, which are controlling. Such products, coverages, terms, and discounts may vary by state and exclusions may apply.

The information included here is designed for informational purposes only. It is not legal, tax, financial or any other sort of advice, nor is it a substitute for such advice. The information may not apply to your specific situation. We have tried to make sure the information is accurate, but it could be outdated or even inaccurate in parts. It is the reader’s responsibility to comply with any applicable local, state or federal regulations. Nationwide Mutual Insurance Company, its affiliates and their employees make no warranties about the information nor guarantee of results, and they assume no liability in connection with the information provided.