New metric: Vendors After Opt-out

Diagnose metrics assess privacy compliance risk on your digital properties across a wide range of criteria. From detecting all cookies found on your websites and what vendor is dropping them, to flagging cookies with long lifespans and vendors performing possible fingerprinting, Diagnose metrics surface the specific third parties bringing privacy risk to your business so you can take action. 

Under almost all of the U.S. state privacy laws, first parties must provide the ability for consumers to opt out of targeted advertising — and, under CPRA, they have some accountability for ensuring it is carried out. However, it’s extremely difficult to know whether downstream partners are honoring user’s choices. 

Our new Diagnose metric, Vendors After Opt-out, reports on vendors who are found firing even after a user has opted out of targeted advertising. It also flags vendors who are not yet signed up to the Multi-State Privacy Agreement (MSPA). With these features, Vendors After Opt-out helps you meet first-party accountability requirements under the ever-growing list of different U.S privacy laws.

Ensure that user opt-out requests are honored downstream

While the specific UX and text requirements differ between states, almost all current U.S. state privacy laws provide users with the right to opt out of their data being processed for targeted advertising purposes. While you may already be providing a way for your users to opt out such as via a link on your homepage, if those requests aren’t being respected by vendors operating on your site, they could still hold you responsible as the one processing that request. 

The Vendors After Opt-out metric helps you go beyond the surface to understand whether user opt-outs are being respected downstream. More importantly, it pinpoints the specific vendors that are not honoring user choice so you know where to begin fixing the problem. 

Adapt to new US privacy laws as they go into effect

Keeping up with the ever-changing landscape of privacy laws can be a daunting task. Especially in the U.S. where there is no comprehensive federal privacy law and new states are passing their own laws at a quickening pace. Already 7 more state privacy laws are set to go into effect between 2024 to 2026.

With state-level scanning, Diagnose is future-proofed to meet the demands of the evolving U.S. privacy landscape. Vendors After Opt-Out scans can be set up for any of the 50 U.S. states, making it easy to expand your compliance monitoring practices to states as they become relevant to your business.

Address gaps in contractual agreements

The IAB’s Multi-State Privacy Agreement (MSPA) is a contractual framework made to help players across the digital marketing ecosystem comply with state privacy laws in the U.S by automatically creating contractual relationships amongst signatories. 

California, specifically, requires that contractual agreements are set up with all downstream processors, but this can be difficult to accomplish at scale. 

To simplify your contractual obligations, we’ve included an MSPA label as part of the Vendors After Opt-out metric. This means you can filter for vendors which are both firing after opt-out and not signed on as participants of the MSPA, and thus potentially missing necessary contracts. 

While firing after opt out doesn’t always mean that the vendor shouldn’t be permitted, our recommendation is to scrutinize those that do, based on regulatory guidelines. 

Learn more

Head to our help center to read our documentation. Or contact us for a demo.

Visualize your vendor supply chain

Want to map the entire tech ecosystem of your website? Use Vendor Trace in Diagnose to understand everything from the big picture all the way down to the journey of a single vendor. Vendors After Opt-out is just one of the many compliance metrics available to overlay on top of your visualization to pinpoint areas of risk.

Watch our webinar on demand to see it in action.