Websites routinely use “session replay” scripts to monitor and record their visitors’ clicks, scrolling and typing. This type of recording can be fully ethical and legal in if it’s fully disclosed and consented to. But if a website is using a third-party company to record data about Pennsylvanians’ usage of the site without their consent, it can run afoul of Pennsylvania’s Wiretapping and Electronic Surveillance Act.
Here are five websites that, when we visited in November 2022, had session replay scripts on their sites that could be recording the online behavior of site visitors from Pennsylvania:
- Goldbelly (www.goldbelly.com) is a great site to visit if you want to send a burnt almond torte from Prantl’s Bakery or a 4-pack of Pat’s cheesesteaks to a friend across the country. But many would consider its approach to its website visitors’ privacy downright unsavory. When we visited Goldbelly’s website in November 2022, we found scripts from a session replay company FullStory that recorded Goldbelly’s website visitors.
- Biglots (www.biglots.com) When we visited Big Lots’ website in November 2022, we found what might be a Big Problem for those concerned about online privacy: Big Lots’ website was using session replay scripts from a company called FullStory to record its website visitors’ keystrokes and mouse clicks.
- Wilkes University (www.wilkes.edu) It’s not just for-profit corporations that use session replay software to track their users. Wilkes University is a non-profit college in Wilkes-Barre Pennsylvania and when we visited its website in November 2022, there was evidence it used scripts from the session replay company Hotjar to collect information about its visitors’ usage of the site.
- Greekgear.com (www.greekgear.com) Those looking to stock up on fraternity or sorority gear may find an unpleasant surprise if they check the source code for www.greekgear.com: a tracking script from session replay company Hotjar.
- Hansons.com (www.Hansons.com) When we visited its site in November 2022, this windows, roofing, siding, and gutters company was using scripts from session replay company Hotjar to track its users’ behavior online. The website privacy investigator Blacklight also indicates that www.hansons.com loads trackers onto your computer that are designed to evade third-party cookie blockers.
If you’ve visited any of the above website from a computer or mobile device in Pennsylvania, you may have a claim under Pennsylvania’s Wiretapping and Electronic Surveillance Act.
Fill out this form to learn more.