Skip to main content
About

Privacy Controls and Exposures

  • Updated

Privacy Controls

Privacy controls are proactive measures a website takes to increase transparency and user control over data collection processes. Our scanning engine detects the presence of certain controls including various privacy policy disclosures and opt in/out consent mechanisms. This may provide insights into the privacy posture of your websites, so long as such websites align in their use of collection and adherence to your privacy policy.

Privacy Policy Disclosures

Our scanning engine aims to automatically locate and extract the privacy policy on your website to confirm the presence of key disclosures. While we do not analyze the entirety of your privacy policy, we do look for the following:

  • Regular Updates: Many privacy policies include a "Last Updated" date, which may be required by modern data privacy laws. This signals to users that privacy is an active area of investment, thereby improving user trust.
  • Contact Details: Accessible and valid contact information (email, phone number, and physical address) allows users to exercise their rights.
  • Opt-Out Mechanisms: A clear, user-friendly method for users to opt out of data collection or sharing. We do not consider mechanisms that allow opt-out of marketing emails here.
  • User Rights: A detailed section outlining user rights, such as the right to access, rectify, or delete their data, in accordance with global regulations.
  • Clear Disclosures: We verify that your policy explicitly discloses the use of both generic tracking technologies, such as cookies, and specific, named trackers like Google Analytics and Meta Pixel.

A sample analysis of the Privacy Policy is as follows:

Consent Mechanisms

Consent mechanisms are tools a website can deploy to obtain and record a user's choices about their personal data. Along with the implementation of other privacy controls required by applicable laws, regulations and industry best practices, these consent mechanisms  may serve to reduce your overall privacy risk exposure. Please note that we only detect the presence of these consent mechanisms, not whether they are functioning as they should. Our evaluation includes:

  • Cookie Consent: The presence of a cookie banner that enables cookie compliance.
  • "Do Not Sell" Links: Presence of a ‘Do Not Sell’ link that allows users to opt out of the sale of their personal information, as required by the California Privacy Protection Agency (CPPA) and other U.S. state laws.
  • Global Privacy Control (GPC): An assessment of whether your website reports honouring the GPC signal, a standardized browser setting that communicates a user's privacy preference across multiple websites.

 

Privacy Exposures

Privacy exposures are factors that can increase a website's privacy risk exposure. Our platform identifies and reports on some of these exposures.  This includes tracking technologies and data flows to external domains known for data collection. Understanding these exposures is a critical component for managing and mitigating potential privacy pitfalls, such as privacy-related litigation and regulatory fines.

Tracking Technologies

We identify and categorize key tracking technologies present on your website, providing potential insight into the type of data being collected and the potential privacy implications. This includes:

  • Analytics: Tools like Google Analytics and Meta Pixel that collect data on user behavior, page views, and traffic sources.
  • Session Replay: Intrusive tools like Fullstory that record user sessions, including mouse movements, clicks, and form interactions, which can inadvertently capture personally identifiable information (PII).
  • Geolocation Trackers: These technologies pinpoint a user's physical location, often by leveraging IP addresses, Wi-Fi data, or GPS information. This practice carries a heightened privacy risk due to the sensitivity of location data, which can be subject to specific regulations and a higher level of scrutiny.

Third-Party Domains

We identify all external domains from which a website loads content. The presence of numerous third-party domains is a key indicator of potential privacy risks. Our analysis involves:

  • Tracker Detection: We check these domains against a list of known web trackers.

The number of trackers and their association with data brokers are potentially critical factors in assessing a website's overall privacy risk exposure, which could involve potential litigation.

Related articles

Powered by Zendesk