Posted
I am Dan Frechtling, CEO of Boltive, a software company doing business in California that exposes personal data leakage.
I wish to speak on the ways current technologies and methods used today routinely interfere with Consumer Rights to Opt-Out. As important as it is to address dark patterns, it’s just as important to address dark signals.
Dark signals are consumer opt-outs that fade as they are passed to downstream parties in cross-context behavioral advertising. Consumers choose to opt-out or opt-in, but with dark signals the choice is never received by those buying ads. Dark signals endanger consumer opt-out rights.
Realtime bidding is a technical protocol that powers cross-context behavioral ads. It’s an auction in 200 ms. It plays a worthy role by delivering relevant messages to consumers. But there are vulnerabilities.
Here’s an illustration, starting with a mobile website. For opt-outs to work within real-time bidding, websites must shake hands with supply side platforms, exchanges & networks, then demand side platforms in order to communicate to advertisers. This can involve 50 or more vendors. Leaks can happen anywhere, at any interface between parties. And these third parties make code changes periodically, which can cause leakage.
Critics of real-time bidding say it passes personal information about geolocation, health, religion, sexual preference, and ethnicity.
Because CPRA came about partly to restrain excesses in cross context behavioral advertising, Boltive recently completed a study see how many of the Fortune 100 use opt-out technologies that are both compliant with the law and work with Web protocols like real-time bidding.
Boltive’s auditing tool creates secret shoppers to expose exactly where the leakage is. We found 2/3 of the Fortune 100 use consumer opt-out methods that are either legally unapproved or cause dark signals.
We classified five methods of opting out of data sharing. Industry Consortia, used by 69 firms; Web Forms, by 47 firms; Consent Management Platforms, by 42 firms; Offline, by 11 firms; and User-enabled methods like GPC, accepted by zero firms. Firms are required under CCPA to use 2 or more methods. Here is where they succeed and fail…
1. The industry consortium model, such as the Digital Advertising Alliance and the Network Advertising Initiative with 127 vendors participating, is the most popular. The underlying technology works 98% of the time. But the consortia appear to be voided by two OAG published notices of alleged noncompliance.
2. Online web forms are second most common. They have precedent since consumers use them to opt out of email communications. They are permitted by CCPA in section 135(a) . But they, too, don’t integrate well with real-time bidding when not logged in. Boltive has found 62% don’t delete some or all third party
browser cookies, so personal information is still shared down the chain of vendors.
3. Consent management platforms are the third most common. They are allowed by CCPA. But Boltive software finds these handshakes fail 25% of the time in real-time bidding
4. Offline methods such as phone, and email are fourth most common. These are specifically mentioned in 11 CCR 999.315(a). But they are incompatible with real-time bidding unless the user is logged in to an account with the company, which is extremely rare
5. Lastly, User-enabled methods, also called Global Opt-Out Preference Signals like the Global Protection Control (GPC) and the Advanced Data Protection Control (ADPC) are permitted. But none of the Fortune 100 have adopted them based on our research.
Our research shows 2/3 of the Fortune 100 are not effectively handling consent. And dark signals endanger consumer opt-out rights.
In one example, Boltive found a foreign company known for ad fraud extracting personal data to build profiles of consumers. In another example, Boltive recently found advertising to manipulate public perception of the Russian invasion of Ukraine.
But most of the time, data leakage is unintentional. Usually, companies are acting in good faith. But they and their vendors use opt-out methods that don’t work. We need rules to ensure opt out methods are both legal AND effective.
To address this, CPPA rulemaking must ensure dark signals DO NOT endanger consumer opt-out rights in cross-context behavioral advertising.
Clearly the intent of CPRA goes beyond advertisers and data controllers to downstream partners and data processors. But the statute is not clear in this regard.
The CPPA can clarify “requirements and technical specifications for an opt-out preference signal” in section 185(a)(19)(A) must include accurate transmission of opt-outs to all third parties in cross-context behavioral advertising.
Companies should then be audited for transmission of such opt-outs and action taken by parties in the advertising chain. Only then can consumers feel safe their opt-outs are not misinterpreted as opt-ins.
Without this supervision, dark signals endanger consumer opt-out rights. The rules today are like delivering goods when a stranger presents a payment method but not checking if the payment actually went through.
Furthermore, the CPPA can ensure the audit authority mentioned in section 185(a)(18) includes verifying that opt-outs are authentically passed and received by parties in the advertising chain.
Monitoring the multitude of opt-outs by consumers every day may seem a tall task. Fortunately, businesses or the CPPA can audit using privacy-enhancing software like Boltive’s that requires no installation.
With cloud software it’s possible to orchestrate 100% compatibility, something both online firms and regulators may find of interest.
If rules don’t require opt-out signals to function down the chain, companies may do just enough to meet the letter of the rules, leaving gaps. But if CPPA rulemaking mandates that consumer choices accurately flow through vendors, similar to checking the payment actually goes through, CPRA will ensure dark signals DO NOT endanger consumer opt-out rights.
Boltive Launches New Product Ad Monitor: Revolutionizing Ad Insights with AI-Powered Discovery Engine
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 2: What Regulators Want Us To Do – The Value of Proactivity
Go to Post
Text LinkIAPP GPS - Our Thoughts, Part 1: What Regulators Want Us To Know – Busting Common Myths
Go to Post
Text LinkPrioritizing Children's Privacy: Strategies for Ethical Advertising and the Use of AI
Go to Post
Text LinkBusiness Ninjas Podcast - Secure Protection for Advertisers Against Invasive Media
Go to Post
Text LinkBoltive and Slalom Consulting Join Forces to Bolster Data Privacy: A Powerful Alliance Against Emerging Risks
Go to Post
Text LinkAutomating Threat Detection: How Boltive is Harnessing Artificial Intelligence to Reshape Ad Security
Go to Post
Text LinkForbes Article - The Privacy Prescription: Rules Restricting Health Data Use And How To Employ More Holistic Security Measures
Go to Post
Text LinkOur CEO, Dan Frechtling, featured on Leadership Live podcast with Daphna Horowitz
Go to Post
Text LinkWhy Data Privacy is Being Overhauled in 2023: Dan Frechtling featured on the Security Weekly Productions podcast
Go to Post
Text LinkOur Director of Product, Christine Desrosiers, discusses the current state of Ad Tech with Brand Safety Institute
Go to Post
Text LinkGeekwire wrote about the heartening link that brought our CEO and CFO to Boltive.
Go to Post
Text LinkWith U.S. privacy laws in flux, Boltive's Privacy Guard simplifies compliance and empowers consumers with control over their data.
Read MoreEmpowering Brands and Publishers with Advanced AI Technology for Real-Time Ad Compliance and Enhanced Security
Read MoreLearn how BuzzFeed expanded their partnership with Boltive to protect consumers on their mobile app.
Read MoreReview the latest ad security data gathered by Boltive's Ad Lightning product.
Read MoreFrom ad security to data privacy, discover all of the major milestones Boltive has achieved over the years.
Read MoreCatch up on Part 2 of Christine Desrosiers’s thoughts from IAPP GPS as she dives into What Regulators Want Us To Do.
Read MoreFollow along as Boltive team member, Christine Desrosiers, shares her notes from the IAPP Global Privacy Risk Summit.
Read MoreIn this blog post, we’ll delve into the world of deceptive non-compliant ads discussing how our Boltive AI Engine is helping combat this problem.
Read MoreDiscover how the Boltive Object Identification Engine revolutionizes the way we manage tags and cookies, making manual searches a thing of the past.
Read MoreBoltive and CG Infinity have partnered to provide a data privacy solution in a time where privacy regulations are beginning to really ramp up.
Read MoreDiscover the secrets behind cookies, pixels, and tags and gain a deeper understanding of these tools and how they affect your data privacy practices.
Read MoreAs children and teens become more exposed to the dangers of social media and online advertising, regulators are stepping in to help protect them.
Read MoreCatch up on the latest updates from the ScamClub Active Threat that the Ad Lightning product has identified.
Read MoreExplore Boltive’s use of artificial intelligence in the world of ad security and the ability to quickly identify and mitigate unwanted content.
Read MoreRead how Sovrn Holdings leveraged Ad Lightning capabilities to defend against offensive ads.
Read MoreWith new state regulations around consumer data collection going into effect in 2024, top companies are taking action to ensure they are staying compliant.
Read MoreAre health websites sharing personal or sensitive data? Read this report from Boltive and Consumer Reports on our findings.
Read MoreDetected and blocked a reoccurring redirect campaign impacting 50 domains.
Read MoreRedirect campaign targeting both mobile and desktop users with fake update messages.
Read MoreRedirect campaign spanning almost 1,500 sites over the past 7-days.
Read MoreFraudsters hosting obfuscated scripts on AWS & Yahoo platforms, attempted to deliver malicious redirects to over 300 different domains.
Read MoreThis malicious campaign has two methods of triggering the redirect.
Read MoreReview the ad security data gathered by Boltive's Ad Lightning product in this month's Risk Report.
Read MoreCatch up on the latest Active Threats that the Ad Lightning product has identified.
Read MoreWith the TCF v2.2 being released in November 2023 and an updated GPP coming in January 2024, are you prepared to be compliant with these new releases.
Read MoreBoltive CEO Dan Frechtling joins Kelsey McDonald on the WriteForMe podcast "Business Ninjas" to discuss data privacy.
Read MoreThe new partnership provides customers with the ability to build privacy programs that stand up to growing scrutiny in data privacy regulations and evolving privacy threats.
Read MoreCatch up on the latest Active Threats that the Ad Lightning product has identified.
Read MoreThe Boltive team is leveraging the use of Artificial Intelligence to enhance the way publishers identify and mitigate threats.
Read MoreThough there are laws in place to protect health data, there are many compliance loopholes when it comes to data sharing.
Read MoreThough there are laws addressing Children's Data Privacy, there is much room for improvement to protect them.
Read MoreAd Security threats come in many forms - are you prepared to identify and address them?
Read MoreWith new regulations recently released and more coming, are your privacy programs and technologies ready?
Read MoreIn this More Than a Refresh episode the panel takes a deep dive into Digital Privacy. Join along as the group further explore data privacy regulations and how to best combat non-compliance.
Read MoreBoltive CEO Dan Frechtling joins Intuizi's Ron Donaire on The Data Deep Dive to discuss Boltive and how it fits into the Privacy world.
Read MoreTechnology Council Member and Boltive CEO, Dan Frechtling dives into the evolution of data privacy.
Read MoreChristine Desrosiers, our Director of Product, shares an insightful and informative whitepaper on the current state of privacy compliance.
Read MoreDan talks about his journey from marketing to data privacy. He is on a mission to protect consumers from invasive media. He shares his personal story about being tracked online and how the hyper targeting he was victim of started him on his journey to Boltive.
Read MoreToday on That Tech Pod, Laura and Kevin speak with CCPA & CPRA Co-author Rich Arney and Boltive CEO Dan Frechtling.
Read MoreGiven the uncertain macroeconomic climate, the outlook for digital ad spending is spotty at best. Over the last year we have seen that large advertisers are pulling back budgets, and it’s looking like that will only continue this year.
Read MoreOur CEO Boltive, Dan Frechtling, has been accepted into Forbes Technology Council, an invitation-only community for world-class CEOs, CIOs, CTOs, and other technology executives
Read MoreDon’t miss this episode of Leadership Live where Dan Frechtling discusses loss, leadership, and data privacy – what every CEO needs to think about.
Read MoreGet the scoop about why Sephora was recently fined, and why data privacy is being overhauled in 2023
Read MoreAssuming CMPs are infallible could be detrimental to your data privacy efforts, resulting in broken relationships with your consumers, damaged business reputations, and hefty fines.
Read MoreOur Director of Product, Christine Desrosiers, discusses the current state of Ad Tech with Brand Safety Institute
Read MoreBoltive featured in Quirk's Media article on how to comply with changing data privacy regulation
Read MoreGeekwire wrote about the heartening link that brought our CEO and CFO to Boltive.
Read MoreBoltive's Privacy Guard was recently featured in Consumer Reports
Read MoreWe recently published our 2021 Q2 Malware Recap, so take a look at what has been plaguing website publishers and users this quarter.
Read MoreSix months ago, we partnered with Setupad and replaced their legacy ad quality solution to improve their coverage against bad ads.
Read MoreCheck out our our 2021 Guide to Blocking Bad Ads and Ensuring Ad Quality – a comprehensive roadmap that platforms and publishers can utilize to successfully navigate the frontlines in the battle of ad quality.
Read MoreCheck out our recap of the state of ad quality in Q1 2021
Read MoreWe're delighted to tell you about the significant uptick Ad Lightning has seen in platform partnerships in recent months.
Read MoreWe place so much importance on NPS, I wanted to take a few minutes to explain what it is and how we use it at Ad Lightning
Read More2020 was historic, and I don’t mean that in a good way. But there’s always a silver lining, even in the most trying of times.
Read MoreFraudsters were still up to no good in Q4, relying on everything from old standards to newer malicious horizons as their assault on publishers, platforms, consumers, and stakeholders continued full throttle.
Read MoreAd Lightning's video QA tool maximizes publisher ROI by identifying issues before ads go live. Fast, easy, and effective. Learn more at Boltive.
Read MoreThis is what Ad Lightning is providing to the ecosystem with our Look at the Digital Advertising Industry in 2021 – a prescient, thoughtful, practical group of insights that publishers and platforms can use to successfully navigate an uncertain future.
Read MoreWe take a moment to revisit a handful of topics discussed in our 2020 State of Ad Quality report, how they played out during the year, and look at what publishers can do to protect themselves from the bad guys.
Read MoreWe're going to show you some of the most common gaps in the ad quality armor we’ve seen in the ecosystem and discuss what you can do to fill them.
Read MoreChanges to CCPA Put Retargeting in the Regulatory Bullseye
Read MoreCheck out a presentation our CEO, Dan Frechtling, gave at the recent IAPP conference.
Read MoreHaving a Consent Management Platform (CMP) does not let you off the hook if your partners accidently (or intentionally) expose your customers’ data. You need to ensure information sharing consent is given in 4 key areas or you risk brand and profit damage.
Read MoreOnline ads can violate privacy in a number of ways, learn more about how user data may be at risk
Read MoreUnderstand the ad ecosystem and how Privacy Guard's technology provides tailored solutions to detect and resolve privacy issues.
Read MoreLearn more about how Boltive's new tool Privacy Guard delivers key insights you need to keep your consumer data -- and your brand reputation -- safe.
Read MoreGet an overview of the online ad ecosystem, and how Boltive's new tool Privacy Guard can help keep your consumer data -- and your brand reputation -- safe.
Read More63 of F100 Companies Don’t Meet CCPA Standards, 33 Use Methods That Often Fail
Read MoreDid you know 15-30% of consent opt-outs designed to protect personal data routinely fail?
Read MoreAn interview with Rick Arney, board member of Californians for Consumer Privacy (CCP), and co-author of CCPA and CPRA
Read MoreAn interview with Rick Arney, board member of Californians for Consumer Privacy (CCP), and co-author of CCPA and CPRA
Read MoreThe ad ecosystem is like the wild west. Legitimate advertisers and publishers are leaving themselves and their partners exposed to consequences due to non-compliance.
Read MoreThe perception and tolerance of digital advertising is changing.
Read MoreOur forecast of what's to come in 2022
Read MoreWhile 2023 may seem like a long way off, it will come around quicker than you think. It is never too early to prepare - particularly when it comes to updating your data privacy processes to remain compliant.
Read MoreThere has been a lot going on in the world of ad privacy. Here’s what you may have missed this quarter.
Read MoreAs a member of the Coalition of Better Ads, Google has long been an advocate for blocking ads that hamper the user experience. But they took in one step further in fall 2020.
Read MoreCurrent technologies and methods used today routinely interfere with Consumer Rights to Opt-Out. As important as it is to address dark patterns, it’s just as important to address dark signals.
Read MoreOur Privacy Guard solution proves to be a success by identifying critical problems for Fortune 500 brands.
Read More3 To-Dos to Ensure Compliance & Stop Ad Privacy Violations
Read MoreSeveral key takeaways from presentations related to California regulations.
Read MoreWednesday, August 24 marked the end of the quiet period for enforcement of the California Consumer Privacy Act (CCPA).
Read MoreAdvertisers and brands are liable for any unauthorized data sharing in their digital advertising campaigns. Comply with regulations and protect your reputation.
Read MoreThe digital advertising ecosystem is large and complex. And it’s expanding.
Read MoreStay ahead of the game with our article on 5 Ad Security Malware Trends for 2022 and Beyond. Protect your business from evolving threats. Read now on Boltive.
Read MoreWe recently published our 2022 Q1 Ad Quality Report, so take a look at the key trends we’ve identified and how publisher’s are fighting back.
Read MoreWe're fresh out of content!
All the news that's fit to print.