IAB Europe’s heavily scrutinized Transparency and Consent Framework was designed to help companies respect people’s privacy and comply with European privacy law, the General Data Protection Regulation. But earlier this year, ad security monitoring company Confiant detected an ad tech company exploiting the framework to collect information on potentially millions of people in the U.S.
“What makes this case especially odd is that it was taking place in the United States, which is not a GDPR jurisdiction. And TCF is a framework for GDPR compliance,” said Kaileigh McCrea, a privacy engineer at Confiant.
McCrae declined to name the company behind the exploit — which Confiant has dubbed “Voldrakus” — beyond describing it as a small ad tech company based in Eastern Europe. She did, however, detail the mechanics of the exploit and explained how the data collected by the company — including devices’ geolocations, battery levels and motions — could be used to target people working in corporate buildings and government offices with misinformation and malware.
However, the risks extend beyond this specific exploit. Voldrakus provides an example of how a privacy framework can be co-opted and, as a result, put other companies at risk of violating privacy laws.
“The brand is responsible for any type of tracking technology that is on its site,” said Daniel Goldberg, partner and chair of the privacy and data security group at law firm Frankfurt Kurnit Klein & Selz. He added, “The brand is the gatekeeper. So Voldrakus somehow or another is able to get data from the site, and so under the law, very technically speaking, the brand could be held liable for the data that is collected and pass to Voldrakus.”
For more about the Voldrakus exploit, watch the video below.
Member ExclusiveFuture of TV Briefing: TikTok’s other creator monetization program
This week’s Future of TV Briefing looks at the role TikTok's Branded Missions program plays in keeping creators on the platform as YouTube readies its short-form video revenue-sharing program.
How Philadelphia Cream Cheese is finding its place on Reddit
Hoping to tap into honest, authentic conversations, Philadelphia Cream Cheese is investing in Reddit ads for the first time.
Why Tractor Supply Company made its TV ad to look like TikTok
Tractor Supply Company, a retailer founded in 1938, is using 100% of its marketing spend for this quarter on Paramount's TV channel. The company's new "TikTok style ad," debuted on the premiere of Yellowstone on Nov. 13, is part of a push to build brand awareness.
SponsoredPublishers are adapting advertising strategies for a privacy-first world
Tina Iannacchino, senior publisher director, Seedtag So much of the attention around the death of third-party cookies and its impact on the digital advertising industry is focused on the implications for brands and consumers, which is far from the complete picture. The digital publishing industry in the U.S. is massive and set to be shaken […]
As purpose-driven ads face challenges this holiday, could podcasting provide a lift?
Purpose-driven marketing may face growing challenges this year as consumers wrestle with inflation and the ad market gets more competitive.
Amid record-breaking Thanksgiving weekend e-commerce growth, there was an uninvited guest – bot traffic
A record 196.7 million Americans shopped online and offline from Thanksgiving Day through Cyber Monday — a lift of 17 million from 2021 — per NRF.