Privacy

How an ad tech firm co-opted IAB Europe’s Transparency and Consent Framework to collect fingerprinting data

October 24, 2022  •  2 min read  •  By Tim Peterson

IAB Europe’s heavily scrutinized Transparency and Consent Framework was designed to help companies respect people’s privacy and comply with European privacy law, the General Data Protection Regulation. But earlier this year, ad security monitoring company Confiant detected an ad tech company exploiting the framework to collect information on potentially millions of people in the U.S.

“What makes this case especially odd is that it was taking place in the United States, which is not a GDPR jurisdiction. And TCF is a framework for GDPR compliance,” said Kaileigh McCrea, a privacy engineer at Confiant.

McCrae declined to name the company behind the exploit — which Confiant has dubbed “Voldrakus” — beyond describing it as a small ad tech company based in Eastern Europe. She did, however, detail the mechanics of the exploit and explained how the data collected by the company — including devices’ geolocations, battery levels and motions — could be used to target people working in corporate buildings and government offices with misinformation and malware.

However, the risks extend beyond this specific exploit. Voldrakus provides an example of how a privacy framework can be co-opted and, as a result, put other companies at risk of violating privacy laws. 

“The brand is responsible for any type of tracking technology that is on its site,” said Daniel Goldberg, partner and chair of the privacy and data security group at law firm Frankfurt Kurnit Klein & Selz. He added, “The brand is the gatekeeper. So Voldrakus somehow or another is able to get data from the site, and so under the law, very technically speaking, the brand could be held liable for the data that is collected and pass to Voldrakus.”

For more about the Voldrakus exploit, watch the video below.

https://digiday.com/?p=472202
Trending in Privacy
Most Read

More in Marketing

View More
Brands in Culture

How Formula One’s ‘huge surge’ in the U.S. is capturing the attention of marketers and publishers

September 26, 2023  •  3 min read  •  By Kristina Monllos

With three Grand Prix races in the U.S. this year – Miami this past May, Austin in October and Las Vegas in November – the interest from U.S. marketers in Formula One has increased this year, according to agency executives, who say they expect that growth to continue next year.

Member Exclusive

Digiday+ Research deep dive: Brands, retailers use Facebook less, even as it drives revenues, branding

September 26, 2023  •  6 min read  •  By Julia Tabisz

A Digiday+ Research survey found that brands and retailers report using Facebook less over the last few years, all while the platform’s value to their revenues and brands has increased.

Member Exclusive

Marketing Briefing: Marketers ‘optimistic’ after WGA strike’s potential resolution, but aren’t expecting ad dollars will return just yet

September 26, 2023  •  5 min read  •  By Kristina Monllos

The timeline for a return to business as usual – whatever that may mean now – is yet to be determined.

DIGIDAY+

Get access to tools and analysis to stay ahead of the trends transforming media and marketing

My Account

Visit your account page to make changes and renew.

logo
© 2023. All rights reserved