IAB Europe’s heavily scrutinized Transparency and Consent Framework was designed to help companies respect people’s privacy and comply with European privacy law, the General Data Protection Regulation. But earlier this year, ad security monitoring company Confiant detected an ad tech company exploiting the framework to collect information on potentially millions of people in the U.S.
“What makes this case especially odd is that it was taking place in the United States, which is not a GDPR jurisdiction. And TCF is a framework for GDPR compliance,” said Kaileigh McCrea, a privacy engineer at Confiant.
McCrae declined to name the company behind the exploit — which Confiant has dubbed “Voldrakus” — beyond describing it as a small ad tech company based in Eastern Europe. She did, however, detail the mechanics of the exploit and explained how the data collected by the company — including devices’ geolocations, battery levels and motions — could be used to target people working in corporate buildings and government offices with misinformation and malware.
However, the risks extend beyond this specific exploit. Voldrakus provides an example of how a privacy framework can be co-opted and, as a result, put other companies at risk of violating privacy laws.
“The brand is responsible for any type of tracking technology that is on its site,” said Daniel Goldberg, partner and chair of the privacy and data security group at law firm Frankfurt Kurnit Klein & Selz. He added, “The brand is the gatekeeper. So Voldrakus somehow or another is able to get data from the site, and so under the law, very technically speaking, the brand could be held liable for the data that is collected and pass to Voldrakus.”
For more about the Voldrakus exploit, watch the video below.
How — and why — Candy Crush is in the midst of a 10th anniversary brand refresh
In the years since Activision Blizzard acquired the Swedish game studio King in 2016, employees at the gaming giant have started to internally refer to their company as “ABK” — that is, Activision Blizzard King. But the corporation’s recent financial reports indicate that “KAB” might be a more accurate abbreviation.
Independent agency Goat invests in influencer strategy for clients as it expands in the U.S.
Everyone is after influencers to up their marketing game. But the secret to success, Goat contends, is in viewing influencers as performance media and using data to deliver clients guaranteed outcomes.
Marketers bring Web3 to the FIFA World Cup with augmented reality, NFTs and virtual worlds
The month-long tournament, which begins this weekend, will be the first World Cup since it took place in Russia in 2018 long before “Web3” entered the global lexicon. Now, official and non-official sponsors are hoping to harness the hype with a range of NFTs, virtual worlds, augmented reality tools and other trendy tech.
SponsoredHow brands are measuring incremental performance on CTV
Connected TV is unique among other advertising channels because it combines linear television’s storytelling capabilities with digital marketing’s targeting and measurement. As more marketers leverage CTV advertisements to reach relevant and engaged audiences, they also want to understand the real value they are generating with their investment. Incrementality reporting and measurement allow advertisers to measure […]
U-Haul diversifies its social strategy to tell people it’s more than moving trucks
In recent years, U-Haul's in-house agency has been working to "better leverage social media for brand loyalty."
Member ExclusiveDigiday+ Research: Instagram wins over Facebook for role in brands’ holiday marketing
Brands differ on how they use each marketing channel during the holidays -- even when it comes to sibling social media platforms Facebook and Instagram, Digiday+ Research found.