A beacon sent for each click on links on the form's page will tell you how many users left for this or that other page, which is very useful to know and optimize by removing the link and/or bringing its contents to the page itself.

A beacon sent for each form submission attempt will tell you how many users make mistakes while filling in the form, how good the error messages are, and whether the users tend to fix their input or leave.

Bonus points for incrementing an "attempt" hidden field on each submit button click so that you can see how many attempts it takes for all fields to be filled correctly.

Tracking what works and what doesn't can drive a lot of UX improvements, for the immediate and measurable benefit of the user.

But again, no silver-bullet.

How can you tell?

> ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

No. How can you tell, as a user of any random website, that the script your browser is running as part of that page you've opened isn't shipping PII collected from your usage.

> > > > I’ve needed to send off an HTTP request with some data to log when a user does something like navigate to a different page or submit a form.

> > > No need for that. Stop hoarding data!

> > What's wrong with doing something like this? If it contains PII, then I agree, [...]

> How can you tell?

The context is from the perspective of the application developers who wants to log some data (unclear what exactly, hence my comment differentiates between PII or not) when user is leaving. The comment I'm replying to states "stop hoarding data!" but I'm pretty clear that's referring to hoarding PII, not any data. As you're the developer setting up this "send off an HTTP request with some data", it's clear to you if it's PII or not.

Obviously, as a user with JavaScript turned on, visiting a random website, have little to no control over what data exactly is collected and sent. That's basically the point of the web today, where application developers can write arbitrary JS applications that gets executed in the browser sandbox, and hence why it's so popular in the first place.

IP is technically PII in some places. Personally I am not worried if a criminal gets "my" IP in the same way that I am not worried if they have my phone number. I would be worried if they had my name address age bank account info etc, but then I don't give that out freely

That's not the definition of PII. At best, that covers a small subset of PII.

PII means any information that can be used to identify you, either directly or indirectly.

When you access a website combined with which link you opened or which search keywords you used can be used to infer who you are.

How do you tell if a script is not shipping that info to an undisclosed third-party?

That's kind of my very coarse litmus test for PII: If I'm not willing to post it publicly in a rando internet forum, it's probably PII. There are exceptions obviously, and the inverse is not true: I may be willing to publicly post certain PII.