Data Collection and Privacy on Websites
🔹 What kind of data do websites collect?
Technical data: IP address, device, browser, OS — collected automatically.
Behavioral data: Pages viewed, time spent, clicks — used by analytics.
Personal data: Name, email, address — provided by you during registration.
Cookies: Storing login info and habits — used for advertisements.
Location data: Exact or approximate location — via permission or IP address.
Social data: Profile details shared during social login.
Payment data: Card details, billing info — provided during purchase.
⚠️ Important to know
In the EU (and Hungary), this is regulated by GDPR. Consent is required (cookie banners). You have the right to request the deletion of your data.
In summary: Websites know what you do on their site, and who you are/what you like — especially when tracked across multiple sites.
How does this information reach companies?
- Directly: Browsers send it automatically (IP, device).
- Cookies/Tracking codes: Third-party services (Google Analytics, Meta pixel) send data.
- Third-party content: Embedded videos (YouTube) and buttons (Facebook) collect data.
- Social Login: Signing in with other accounts shares profile data.
- Forms: Data goes directly into databases during registration/ordering.
- Data Sharing: Companies buy and sell data among themselves (advertising networks).
- Device Fingerprinting: Creating unique identifiers based on screen size, fonts, etc.
Example: You look at shoes in a webshop → shoe ads appear everywhere (Meta/Google connection).
How is it stored and what is the difference?
📦 Storage
- In databases: Structured data (name, email, purchases).
- In the Cloud: AWS, Google Cloud, Azure — massive amounts with backups.
- Encrypted: Passwords are hashed, sensitive data is encrypted (though not always perfectly).
- For analysis: Copied into other systems (Google Analytics).
⚖️ Legal vs Illegal Data Collection
Legal: Based on legal grounds (consent, contract, legitimate interest), transparent, limited to necessary data, stored securely.
Illegal: No consent, done in secret, excessive data collection, unlawful sharing, weak protection.
🔄 Methods of Acquisition
Legal: Provided by you, after accepting cookies, or based on a contract.
Illegal/Grey area: Deceptive banners, pre-checked consents, data brokers.
| Legal | Illegal |
|---|---|
| You are aware of it | Done in secret |
| You give consent | No consent given |
| Purpose-driven | Unjustified |
| Data is protected | Not protected |
Which companies are involved and how much is data worth?
💰 How much is it worth?
An individual's data is worth very little on its own (a few cents), but in bulk, it's a billion-dollar business. The advertising industry: increases efficiency by 30–69%.
Examples: A political list ~ $500,000; individual profiles range from a few cents to a few dollars.
🏢 Which companies?
Tech giants (Google, Meta, Amazon), data brokers (Acxiom, Experian), advertising networks (Google Ads, Facebook Ads), and political firms (Cambridge Analytica).
🚨 The Cambridge Analytica Scandal
The Cambridge Analytica scandal erupted in 2018: the company harvested the data of 87 million Facebook users through a personality quiz app, which accessed not only the participants' data but also their friends' data.
From this data, they created detailed psychological profiles used in political campaigns to send personalized messages, for example, during the US presidential election and the Brexit referendum.
Due to the scandal, Facebook received a billion-dollar fine, Cambridge Analytica shut down, and the event contributed to the implementation of GDPR. This shows how data can be used for political influence.