Hidden third-party tags could be leaving Fortune 100 companies at risk

Crownpeak found more than 1,700 tag redirectson websites belonging to companies in the Fortune 100. These hidden third-party tags leave the sites open to potential data breaches under the GDPR and cause a total average latency of 5.2 seconds, in a world where every 100 milliseconds costs sites 1% of their conversions.

In the study, researchers separated the tags found on Fortune 100 websites into three categories:

• First-party tags – tags added directly to the source code of a web page by the website owner
• Third-party tags – tags which are selected to run and are made to look like first-party tags by the website owner
• Hidden third-party tags – tags which latch onto first-party tags and other third-party tags unintentionally.

It is the hidden third-party tags that give unidentified third parties – possibly even the dark web – access to user data, without their consent and can cause security issues, violate privacy laws, and degrade user experience. However, the greatest risk posed by these tags is that many companies are unaware of the third-party tags their martech implementation might pull onto their sites, and therefore even companies with the strictest of data privacy and protection policies have no control over the data being syphoned by unknown third parties.

The 20 worst performing Fortune 100 websites had a total of 734 hidden third-party tags operating – twice as many as the average website in the study, and a staggering 7.5 times more than the 18 best performing Fortune 100 websites.

Even still the best-performing websites examined were found to have nearly 100 hidden third-party tags, with each tag holding the potential for misuse of customer data. Among the poorest performing Fortune 100 sites, it was found that each first-party tag added an average of 3.4 hidden tags – compared to that of the best performing sites, which added an average of 1.2 – highlighting how difficult it is to control their spread.

The research also uncovered the 20 worst performing Fortune 100 sites showed a total latency of 11.1 seconds, which can have huge repercussions on the user experience and cause companies to lose out on conversions as a result.

“Previous research conducted by Evidon (now part of Crownpeak), found 55% of businesses feared they had suffered some form of data leakage via hidden third-party code running on their site. With the recent influx of data privacy regulations across the globe and with privacy the hot topic for 2019, this new research highlights the crucial need for greater tag management within the industry. Without solid knowledge and control of vendor tags and the relationships they have with other vendors, the sheer number of hidden third-party tags can leave companies vulnerable to privacy-eroding tags,” said Darren Guarnaccia, Chief Strategy and Product Officer at Crownpeak.

“Businesses need to ensure they have intelligent systems in place to assist them in gaining a holistic view of the tags operating on their website and allow the control of such tags. Not only will this help avoid data breaches that leave companies exposed to potentially huge fines of €20 million or 4% of worldwide annual turnover – whichever is greater – under the GDPR, but it will also improve website latency, enhancing the user experience.”