State privacy laws, such as the California Consumer Privacy Act (CCPA), require companies to implement opt-out solutions and honor applicable privacy requests. But if you have implemented an opt-out, how do you know it actually works?
Is it configured properly? How do you validate that your opt-outs work as intended? Even more fundamentally, what are the technical criteria you need to apply to make that determination?
Implementing opt-outs is easy. Implementing them to do what you want, however, is hard.
Implementing opt-outs is almost impossible to do correctly the first time. Opt-out buttons or forms may visually display an opted-out state to users, but the backend technology driving the opt-out is entirely different from the frontend technology users experience. This requires deep, targeted assessment.
To make things even more difficult, the only way to know whether your opt-out works is to either use specially-instrumented devices or network traffic analysis and perform before-and-after tests. In our view, none of the automated “cookie-scanning” solutions and similar tools available on the market even comes close to performing reliable validation/testing of opt-outs.
The time to test and validate your opt-outs is now.
We test and validate opt-outs using Norton Rose Fulbright’s in-house technical testing tool, NT Analyzer. NT Analyzer is a practical tool suite that relies on network traffic analysis for managing privacy compliance for mobile apps, websites and IoT. The tool detects and tracks the full range of data, including personally identifiable information, that is collected and shared.
Businesses can only determine the effectiveness of their opt-outs by analyzing the full-range of transmitted data.
Request a demo of the tool here to talk mobile and website testing, state privacy law compliance or video privacy.
Special thanks to Rahul Kapoor for his assistance on this post.