The holiday season has come and gone, with lots and lots of shopping happening in the meantime. The one-two punch of Black Friday & Cyber Monday saw another year of massive growth in 2023, with sales in the U.S. alone topping well over $20 billion on the two days combined, an increase of 7% from 2022. The increase isn’t only an American phenomenon either, as global sales on Black Friday 2023 hit nearly $71 billion.

Brick and mortar stores have seen more success the farther we get from COVID-19 peaks, but e-commerce continues to be the main driver of holiday shopping growth. 

And why wouldn’t it be? You can hit more retailers for the same discounts all from the comfort of your own home. Videos of doorbusters and shoppers fighting over televisions are long gone. In fact, e-commerce has become so convenient that the majority of holiday season shopping happens after Black Friday and Cyber Monday.

While a longer shopping season brings more revenue and eyes to sites across the internet, it also brings a host of data privacy problems that either didn’t exist or were minuscule before COVID that will only heighten as AI becomes more prevalent across the web.

A 2023 Pew Research Center survey found that 52% of Americans said they were more “concerned” about the effects of AI than they are “excited” about it. Given how many holiday shoppers are now being followed around the internet by ads for things they already bought, it is no surprise that people are weary about how companies use their data in the face of more and more powerful technological advances.

Seeing your data used for targeted ads and AI-powered algorithms to profile you is unpleasant enough, but having your data in the hands of hundreds of companies is also a risk. Data breaches, both minor and significant, are increasing in frequency year over year.

So what can the average person do to protect their data and themselves? 

Data Privacy and You

If you want to take the safest route, use a VPN or a browser that incorporates privacy by design principles like Brave.com. Even using incognito or private modes of the most popular browsers does not prevent your data from winding up in the hands of sites and advertisers, as those private modes only refrain from saving your own search history and do not protect your identity online.

But those strategies only help shield you in the moment, but if you didn’t use a VPN or privacy-oriented browser this holiday season, not all is lost. 

You can still scrub your digital footprint now, after the shopping is done, with the help of your data rights.

A core of the EU’s General Data Protection Regulation as well as the 13 state-level data privacy regulations within the U.S., consumers across all of Europe and over 40% of America have rights to access and request that companies delete their personal data from record. 

Data subject requests (DSRs) are increasing as more and more people learn that they have these rights, with a 2023 EY Law survey finding 60% of companies handled more DSRs in 2023 than any other year.

MineOS’s adjacent B2C platform, which helps people discover which companies hold their data and then initiate deletion requests to those companies, finds that DSR requests annually spike in December and January (hence this article). 

But good data privacy practices extend far beyond consumers alone.

Data Privacy and Companies

The heart of data privacy and its checkered history lies with the companies and organizations that are collecting and processing the data of thousands, or in some cases millions, of people. 

How companies can more effectively govern data and respect their users’ data rights is a harder and larger question than how a single person can protect their own, but technology has stepped up to offer solutions.

The problem historically is that handling even a single data subject request is not an intuitive process when done manually, because companies have so much data that finding any specific data can be challenging. 

That’s one of the reasons Gartner has found that fulfilling a single DSR costs companies roughly $1400. 

Why so expensive? MineOS has found through years of firsthand experience that the average DSR requires companies to locate and delete (the majority of data subject requests are to delete data, rather than other options such as to confirm its possession, correct it, or receive a copy of it) data from nine different data systems. 

That means manpower and time combing through dozens of data systems to ensure the process is done right. When a company receives DSRs daily or even weekly, these costs add up.  

After the holiday season, when most companies will see more DSRs than any other point in the year, efficiency becomes essential. Responding to and fulfilling Data Subject Requests is a compliance requirement under GDPR and American state laws like California’s Consumer Privacy Act, and most data privacy regulations give between 30 and 45 days to complete a DSR, so there is little time to waste. 

The best way to get on top of these data compliance requirements is through automation. Too many businesses are trying to manage compliance manually or with minimal integration to save money, but with the amount of data organizations process nowadays and the complexity of the average company’s data ecosystem, that is no longer a feasible solution. 

With AI development throwing the data landscape into deeper disarray, data governance tools for data mapping, DSR handling, and consent management will continue rapidly growing in popularity and use to help companies responsibly oversee data and facilitate consumer requests faster and quicker than ever before.

Given that the tools to do this like MineOS are out there, if an organization still isn’t mindful of data governance and working toward managing compliance better after the holiday shopping season, it is behind the curve and failing its customers.