Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we've discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network requests associated to countries, regions, or domains that I should not be sending data to?”

Laws around international data transfers are constantly in flux and most require us to pay attention to geolocations. In the same way you need to keep track of new technologies and approve or remove them from your site, you also need to monitor the geographic locations of possible data transfers and add them to approved lists or investigate further. You need to know where network requests are coming from because your site will be responding and potentially sending data to those locations.

Once again, we used ObservePoint to run an Audit of OneTrust.com, our example website for this series. We ran a standard 1000-page Discovery Audit and created a consent category to denote “approved” geolocations, in this case, the United States and Canada.

In the summary, you can see that the Audit found 39 request domains and geos that were not on the original approved list.

As you drill into the Request Domains & Geos report by clicking on the “unapproved” card, you can see three countries, France, Ireland, and the Netherlands specifically identified.

Those weren't on the original list of places that data is approved to go.

You might not understand why some of these locations may be showing up, such as France or the Netherlands, so you’ll need to dig in further with your team. But in this case, the domain for the request coming from Ireland (optanpn.blob.core.windows.net) is part of the OneTrust brand, so let’s assume that Ireland is okay. You can just click on the three circles by the “Unapproved” status and add that to a consent category so that Ireland and that specific domain are now “Approved.”

Once that geo and/or domain is added, then any time they show up in the future they will no longer be flagged as “Unapproved.” ObservePoint enables you to continuously curate your geolocations and “Approved” lists so you only get flagged when items are truly out-of-standard, allowing you to focus solely on the critical issues that ensure your website stays in compliance.

If you’d like to see how you could audit your own website to continuously monitor for new or unapproved locations, reach out to get a pre-recorded demo.

Related Posts

GPC Update to ObservePoint’s Full Suite of Privacy Features

In our most recent DataChat Live, we covered ”Cookie Governance from A to Z” with ObservePoint CTO, Dave Smith. Below are the highlights from that discussion.
Read More

Cookie Cheat Sheet

In our most recent DataChat Live, we covered ”Cookie Governance from A to Z” with ObservePoint CTO, Dave Smith. Below are the highlights from that discussion.
Read More

Cookie Governance Highlights

In our most recent DataChat Live, we covered ”Cookie Governance from A to Z” with ObservePoint CTO, Dave Smith. Below are the highlights from that discussion.
Read More

Testing Privacy Compliance

Learn why privacy compliance matters more than ever, how to test find and test cookie preferences in the browser and ObservePoint.
Read More

Cookie Governance From A to Z

Everything you need to know about cookies. What are they, how do they work, are they going away, what do you have to worry about in terms of privacy, and much more.
Read More

Alerts

Alerts allow you to set up thresholds on any metric and have ObservePoint nudge you when you really need to pay attention.
Read More

GPC Update to ObservePoint’s Full Suite of Privacy Features

In our most recent DataChat Live, we covered ”Cookie Governance from A to Z” with ObservePoint CTO, Dave Smith. Below are the highlights from that discussion.
Read More

Cookie Cheat Sheet

In our most recent DataChat Live, we covered ”Cookie Governance from A to Z” with ObservePoint CTO, Dave Smith. Below are the highlights from that discussion.
Read More

Cookie Governance Highlights

In our most recent DataChat Live, we covered ”Cookie Governance from A to Z” with ObservePoint CTO, Dave Smith. Below are the highlights from that discussion.
Read More

Testing Privacy Compliance

Learn why privacy compliance matters more than ever, how to test find and test cookie preferences in the browser and ObservePoint.
Read More

Cookie Governance From A to Z

Everything you need to know about cookies. What are they, how do they work, are they going away, what do you have to worry about in terms of privacy, and much more.
Read More

Alerts

Alerts allow you to set up thresholds on any metric and have ObservePoint nudge you when you really need to pay attention.
Read More