Online Shopping Cart Secret; How Cookies & Trackers Follow You




In today’s bustling digital marketplace, online shopping has become second nature to many of us in India. Whether you’re browsing for the latest fashion trends, hunting for electronics, or exploring home essentials, the convenience and variety offered online are unparalleled. However, beneath the surface of this seamless shopping experience lies a complex network of cookies and trackers that monitor your every move.

Have you ever browsed for new bags online, only to be bombarded with advertisements for similar bags across every website you visit for days? In the digital realm, online shopping has become a staple for convenience, variety, and often better prices. But, behind the seamless experience of browsing and purchasing lies a complex web of cookies and trackers that follow your every click. While these digital mechanisms are crucial for operational purposes and customization, they also raise notable concerns regarding privacy. This article delves into how these technologies work, their impact on your privacy and the safeguards under Digital Personal Data Protection Act 2023.

Understanding Cookies and Trackers

Cookies: Cookies are small text files that websites place on your device to remember your preferences and actions. The Cookies serve various purposes, such as keeping users logged in, remembering preferences, and tracking user behaviour for personalized experiences and seamless access. The term ‘cookie’ originates from the concept of magic cookies’ in computer science which are which are data packets sent and received unchanged. Digital cookies are embedded with text files that include a distinct pair of a name and its corresponding value.

Trackers: Trackers, on the other hand, are technologies that collect data about users’ online activities across websites and apps, using scripts, beacons, and pixels to gather information like browsing history, search queries, and purchase patterns. By combining user activity from different sources, trackers create detailed user profiles for targeted advertising based on online behaviour.

The Double-Edged Sword: Convenience vs. Privacy

Upon accessing an online store, cookies and trackers are automatically activated to monitor user behaviour. Cookies distinguish between new and returning visitors, customizing the user experience based on past interactions. Trackers monitor activities like product views, time spent on pages, and interactions with product images and reviews to recommend similar products and personalize ads. Cookies also retain items in the shopping cart, allowing users to continue shopping without losing their selections. Trackers send reminders and targeted ads for abandoned carts and help identify fraud during checkout.

The widespread use of cookies and trackers raises significant privacy concerns as companies collect vast amounts of data, including personal information like email addresses, names, and browsing activities, to create detailed user profiles for targeted advertising. While this enhances user engagement, it also gives companies more insight into users’ behaviours and preferences than users themselves. Many trackers are managed by third-party entities, leading to frequent sharing of personal data with unknown parties and increasing the risk of misuse. Data breaches can compromise this information, leading to identity theft or other illegal activities. These issues highlight the need for strong data protection measures and transparency in handling personal data.

Case Study: Zivame Data Breach

Zivame, a leading e-commerce retailer specializing in women’s apparel, suffered a major data breach impacting 1.5 million customers. The hackers responsible for this breach were selling the stolen personal information, such as names, email addresses, phone numbers, and physical addresses, for $500 in cryptocurrency on a Telegram group. This was confirmed by India Today’s Open Source Intelligence (OSINT) team, who verified the legitimacy of the data. To verify the breach, India Today’s OSINT team posed as potential buyers and contacted the data seller. The hacker provided a sample dataset of 1,500 users, which included their personal details. The OSINT team then reached out to some of these users, who confirmed the accuracy of the information, establishing the authenticity of the breach.
The nature of such breaches highlights the ongoing vulnerabilities in cybersecurity for e-commerce platforms and the pressing need for robust data protection measures to safeguard customer information.

Implications Of The Digital Personal Data Protection Act 2023

India’s Digital Personal Data Protection Act, 2023 (“DPDPA”) aims to address privacy concerns and regulate data handling practices with stringent measures for data collection, processing, storage, and withdrawal. Key provisions include the necessity for explicit user consent before data collection and emphasizing data minimization to reduce the risk of over-collection and misuse of personal information. The act mandates robust security measures such as encryption, access controls, regular security audits, and provides the option of withdrawal. Additionally, it grants users rights such as data access, correction, and deletion, allowing them to request information about their data and withdraw such data if no longer needed. Organizations are required to appoint Data Protection Officers (DPOs) to ensure compliance through regular audits and impact assessments.

Implications for Online Shopping Platforms

For shopping apps, the DPDPA imposes significant responsibilities, compelling them to prioritize user privacy and revamp their data collection practices, enhance security protocols, and ensure transparent communication with users. Failure to comply can result in substantial fines and reputational damage. Shopping apps must adapt to these new regulations by revising their privacy policies and implementing stronger data protection measures to safeguard user information, thereby building greater trust and accountability.


Cookies and Trackers are integral to the online shopping experiences, offering convenience and personalization. However, they also pose serious privacy risks, as highlighted by incidents like the Zivame data breach. As consumers, it is crucial to be aware of how our data is being collected and used . As consumers, it is crucial to be aware of how our data is being collected and used. The DPDPA, provides a strong framework for safeguarding personal data, ensuring that businesses operate transparently and responsibly. By adhering to these principles, online shopping platforms can build greater trust with their users, creating a safer and more secure digital environment for all.

Authors: Shalini Bajpai, Ananya Chakraborty & Devanshi Damania


Interns and Paralegals.


As per the rules of the Bar Council of India, we are not permitted to solicit work or advertise. By agreeing to access this website, the user acknowledges the following:

This website is meant only for providing information and does not purport to be exhaustive and updated in relation to the information contained herein. Naik Naik & Company will not be liable for any consequence of any action taken by the user relying on material / information provided on this website. Users are advised to seek independent legal counsel before proceeding to act on any information provided herein.