How an ad tech firm co-opted IAB Europe’s Transparency and Consent Framework to collect fingerprinting data
IAB Europe’s heavily scrutinized Transparency and Consent Framework was designed to help companies respect people’s privacy and comply with European privacy law, the General Data Protection Regulation. But earlier this year, ad security monitoring company Confiant detected an ad tech company exploiting the framework to collect information on potentially millions of people in the U.S.
“What makes this case especially odd is that it was taking place in the United States, which is not a GDPR jurisdiction. And TCF is a framework for GDPR compliance,” said Kaileigh McCrea, a privacy engineer at Confiant.
McCrae declined to name the company behind the exploit — which Confiant has dubbed “Voldrakus” — beyond describing it as a small ad tech company based in Eastern Europe. She did, however, detail the mechanics of the exploit and explained how the data collected by the company — including devices’ geolocations, battery levels and motions — could be used to target people working in corporate buildings and government offices with misinformation and malware.
However, the risks extend beyond this specific exploit. Voldrakus provides an example of how a privacy framework can be co-opted and, as a result, put other companies at risk of violating privacy laws.
“The brand is responsible for any type of tracking technology that is on its site,” said Daniel Goldberg, partner and chair of the privacy and data security group at law firm Frankfurt Kurnit Klein & Selz. He added, “The brand is the gatekeeper. So Voldrakus somehow or another is able to get data from the site, and so under the law, very technically speaking, the brand could be held liable for the data that is collected and pass to Voldrakus.”
For more about the Voldrakus exploit, watch the video below.
-
Digiday+ Research deep dive: YouTube holds strong as a reliable marketing channel for agencies and brands
YouTube might not be considered the most exciting marketing channel out there, but brands and agencies see the platform as a reliable marketing channel that delivers consistent success.
-
Pringles goes all in on social to put college athletes front-and-center for ‘March Mustache’ campaign
Pringles is turning to social media — particularly Instagram — to leverage some of the college athletes playing in the March Madness basketball tournament, with the goal of reaching college basketball fans on second screens.
-
Short-form video needs better monetization, creator funds aren’t the way to do it
Creator funds have almost been like a stepping stone before a more permanent solution is either considered or put into place.
-
SponsoredHow advertisers are leveraging omnichannel attribution and measurement to power CTV
Sponsored by MNTN Connected TV advertising has joined and expanded the larger ecosystem of campaigns that advertisers deploy. As such, omnichannel marketing strategies now encompass television and mobile devices, tablets and other screens such as out-of-home. And as customers engage across these different touchpoints, brands are seeking and moving their measurement and analytics efforts to […]
-
L’Oreal uses social listening, in-house teams to tap into beauty trends ‘at the speed of culture’
The beauty behemoth is turning to in-house teams to accelerate content production that taps into trends within days, rather than the weeks or months of traditional marketing and advertising timelines.
-
With Canva and Adobe’s new updates, the generative AI race enters the brand design space
Canva and Adobe are just two of several major design and visual platforms that are rapidly introducing new generative AI capabilities in the service of brands.
