Rogue third parties
It doesn't matter what you think of it, but the internet is for a lot of companies just one big money-farm: they don't care about people's rights, they only care about their own bankaccounts. As a result of that many individuals and organisations develop SDK's (Software Development Kits) for example, to offer them to webdevelopers to implement on their websites. For a webdeveloper that can be very attractive: these companies sometimes offer a percentage of the profit and on top of that: the application seems to look nice and seems to bring an extra dimension to your website. But that doesn't always mean that it's a safe practice: these applications can do many other things behind the screens that you do not see on the front-end, like collecting visitor-data or even worse.
If we could be 100% sure that every webdeveloper exactly knows what these third-party applications do, then there is nothing to worry about, but the reality is different: many webdevelopers are careless and copy-paste scripts just because "some people" on "some forum" say that it's awesome and often unknowingly they put their visitors at risk. This doesn't always mean that the website-user finds himself as a victim of a crime: lots of times their data is being sold to big companies without even being noticed, useless to say that privacy is at stake here. And as I said earlier: it can be worse too.