Nike, H&M, The North Face among apps sharing sensitive data, study finds

Apparel retailers including Nike, The North Face, and H&M are sharing personal customer data such as user generated images and sexual orientation with third parties, according to a recent study by Incogni.

The data privacy firm examined the data sharing practices of some of the most popular clothing apps from 59 countries, amounting to 180 apps in total.

According to Incogni, to claim benefits offered by clothing apps, customers sometimes unknowingly share personal and sensitive information including, in some instances, sexual orientation and health information, as well as contact details.

In total, 45 out of 180 apps collect photos — including Nike, H&M, Victoria’s Secret, and Moncler — while 12 apps collect videos, nine collect search history (these included Victoria’s Secret and Puma), and six apps collected information on sexual orientation (including Nike, Boots and Zalando).

Incogni’s researchers collected information found in the data safety sections of the Google Play Store pages of the identified apps on December 19^th, 2023. This data was aggregated on country and regional bases for some analyses.

Among these apps, 24 share photos with third parties, two shared sexual orientation. The highest number of data points are collected and shared from customers in Australia, Europe, and North America.

One brand, the popular outdoors clothing firm, The North Face, was found to be sharing almost all the customer data it gathers.

The research also suggests that 20% of clothing apps  – including Nike and H&M make it into the top ten list of apps which collect the most data.

Incogni, which offers data broker removal tools, noted that while it’s reasonable to expect some personal-data collection and even data sharing when making a purchase online, data such as the customer’s sexual orientation or contacts list is not relevant.

The firm was particularly concerned by the fact such data is not only collected but also shared with third parties.

“While we understand that some of these data points are collected to improve the shopping experience or process orders, some seem to go beyond what’s necessary to provide the service,” said Darius Belejevas, head of Incogni.

“This is especially concerning given the presence of some questionable data-sharing practices and the increasing number of data breaches. Collected data, including sensitive information, might end up in the public domain in the aftermath of a breach.”

“We urge consumers to be cautious about the data they share and call for greater transparency in app data-collection practices,” he added.

The data used in the study is available here: Public dataset.

To read more stories on big data click here