A lot of people hear “tracker” and think of something annoying but minor. The Sephora case is useful because it makes the issue much more concrete. California said Sephora used third-party tracking tools on its site and app in a way that amounted to selling personal information, then failed to properly honor privacy signals. Sephora ended up paying $1.2 million.
That matters for Cloak because it collapses the distance between abstract privacy fears and ordinary shopping behavior. A person does not need to hand over a social security number for a website to create a regulated data-sharing problem. A stack of ordinary-looking pixels, analytics tools, and adtech scripts can be enough.
The practical lesson is simple: hidden collection is not just creepy. It can change what other companies learn about the shopper and how the shopper is treated later. Once browsing behavior and checkout behavior move into third-party systems, the user loses control long before they understand what happened.
This is one reason privacy products need to show what was blocked and what was reduced. If a normal shopping site can quietly run tracker infrastructure that regulators treat as a data-sale issue, then users need more than a vague promise that the page is safe. They need proof they can inspect.