Abstract
The privacy laws and regulations that govern the collection, sharing, and selling of online data are changing. In the U.S., California adopted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), and twelve other U.S. states have adopted similar laws. Industry has responded by developing technical standards for collecting and disseminating consent information, such as the IAB CCPA Compliance Framework. While publishers are adopting this framework and the IAB is extending it to cover privacy laws in other U.S. states, recent work has observed that opt-out signals are not being honored under the framework. In this study, we take a deep dive into the IAB CCPA Compliance Framework to measure end-to-end flows of consent information and better understand why opt-out signals are not being honored. Using data crawled from top websites under different experimental conditions, we examine overall adoption of the framework, the flow of consent information from publishers to third parties and between third parties, and finally the reach of opt-out signals. Our results uncover numerous issues with the adoption and implementation of the framework that prevent users' consent choices from being honored by third parties.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
