Would You Shop Here? Then Why Do You Accept It Online?

You walk into a store, ready to browse. But before you take a step, a security guard snaps a photo of your face.

Weird.

Then, as you move through the aisles, you notice something even stranger. A salesperson is following you. Not just watching, writing things down.

Every product you touch? Noted.

How long you stare at an item? Timed.

Even the things you ignore? Tracked.

You head to the checkout, feeling uneasy. But before you can pay, the cashier says,

Oh, we already sent your shopping history and photo to 247 partners. Don’t worry about it.

Excuse me, what?

You storm out, vowing never to return. No one would accept this in a physical store.

And yet, this is exactly what happens when you visit a website.

Welcome to the Internet, Where You’re the Product

Online, the salespeople are invisible, but they’re there. Watching. Tracking. Collecting.

In the old days, websites used third-party cookies to follow you around. Annoying, yes, but at least you could block them. Now, they don’t even need cookies.

Instead, they use server-side tracking, a sneaky method where data is sent straight from the website’s server to Big Tech’s databases, skipping your browser and active choices entirely.

It means:

• They don’t need your permission to collect your data.
• You can’t see or control what they’re taking.
• And once they have it, they sell it to whoever pays.

The biggest player in this game? Google.

Google’s “Privacy” Theater: The Consent Mode 2.0 Illusion

At WordCamp Asia, Google had a booth teaching agencies how to test for third-party cookies and their privacy sandbox, as if that’s the real problem.

It’s not. It’s a distraction.

The real issue is Google’s tracking ecosystem, a well-oiled machine designed to collect your data, no matter what.

Here’s how it works:

• Google Tag Manager (GTM) loads on millions of websites.
• If a website enables server-side GTM, it sends your data straight to a private cloud, avoiding browser-based blockers.
• Google Ads and Analytics feed off this data, building detailed profiles, even when users think they’ve opted out, once the data is shared, it can not be revoked.
• Data Brokers and Profiling SaaS solutions feed off the same data, often without a shadow of consent.
• Google’s Consent Mode 2.0 claims to “respect” privacy, but it still collects data before you even say yes.

This isn’t compliance. It’s circumvention.

And here’s the kicker: this is illegal under the ePrivacy Directive. Article 5(3) clearly states that no data can be collected from a user's device without prior consent - collecting it first-party and sharing it after the fact does not make it legal.

But with weak enforcement, Google and data brokers continue to collect, track, and profit from our personal information, without real consequences - when enforcement is close to catching up, they just change the technology used to gain another few years of data collection without consequences.

GDPR “Simplifications”: Who Really Benefits?

There’s talk of simplifying GDPR, making it easier for small businesses to comply.

On one hand, this is good news, compliance should not be a burden for SMEs.

But here’s the problem: Big Tech doesn’t struggle with compliance. They manipulate the system.

When rules are relaxed, small businesses don’t win, Big Tech does. They use their power to push the limits, while SMEs simply try to survive.

We should support simplifications that reduce bureaucracy for businesses, but only if they fully respect consumer data rights.

It’s not about banning data collection. It’s about simple respect.

If a customer gives permission, collect their data.

If they don’t, leave them alone.

That’s how consent works.

Children’s Data: The Darker Side of Tracking

We worry about our children spending too much time online. About algorithms shaping what they see, keeping them addicted to content.

But the real danger runs deeper.

Much of the data that fuels these algorithms comes from everyday websites and eCommerce stores.

Tracking pixels, Google Tag Manager, and server-side data sharing silently send children’s data to Big Tech and data brokers.

Once collected, it doesn’t just feed recommendation engines, it also fuels fraud and scams.

• Criminals buy data from data brokers to target the most vulnerable individuals.
• Scam networks use behavioral profiles to predict who is most likely to fall for fraud.
• Cybercriminals exploit personal data to manipulate, deceive, and steal.

And the worst part? None of this data should have been collected in the first place.

We lock our front doors to keep our kids safe.?

Yet, online, our children’s personal information is bought and sold daily, behind our backs.

It’s Time to Reclaim Our Privacy

We wouldn’t accept this level of surveillance in the real world.

So why are we allowing it online?

It’s time to demand real enforcement of privacy laws. Not watered-down rules that favor Big Tech.

• To users: Take control of your data. Use privacy-respecting tools. Support businesses that respect consent.
• To businesses: Respect your customers. If they say no to tracking, honor it.
• To politicians: Simplify compliance, but not at the cost of consumer rights. GDPR and ePrivacy Directive need stronger enforcement, not loopholes.

We are at a turning point.

If we don’t reclaim our privacy now, we risk normalizing a future where no one owns their personal data, except Big Tech and data brokers.

We owe it to ourselves.

We owe it to our businesses.

And we owe it to our children.

The fight isn’t against data - it’s for the right to choose.

Reclaim Your Privacy. Now.

Ronni K. Gothard Christiansen

CEO & Technical Compliance Expert, AesirX.io?

Check The Online Stores You Shop At?

72% of all websites scanned so far have been found to share data with third parties without the user's knowledge.

?? Test any online store or site for hidden trackers and data-sharing risks with our free Privacy Scanner: https://privacyscanner.aesirx.io/