OWASP published Top 10 Privacy Risks for Web Applications:

1. Web Application Vulnerabilities
2. Operator-sided Data Leakage
3. Insufficient Data Breach Response
4. Insufficient Deletion of personal data
5. Non-transparent Policies, Terms and Conditions
6. Collection of data not required for the user-consented purpose
7. Sharing of data with third party
8. Outdated personal data
9. Missing or Insufficient Session Expiration
10. Insecure Data Transfer

Further details are provided on the project website.