They take your data across borders you didn't authorize.
Data transferred to jurisdictions violating stated policy. The vendor claims EU data stays in EU, but network evidence shows requests to US-based CDNs, analytics endpoints, or data brokers. Cross-border data flows create regulatory exposure for the site owner.
How This Escalates BTI-C Findings
Escalates cross-domain sync (C08) and exfiltration findings (C03, C16) into jurisdictional violations. Data that crosses borders without disclosure triggers GDPR, CCPA, and potentially PIPL enforcement.
Related Advisories
No published advisories reference this code yet.
Investigations are ongoing.
Blackout uses security frameworks to protect AGAINST vendors, not FOR them. We do not notify vendors. We do not provide remediation windows. If you're using a vendor flagged by this code, the advisory is your evidence.
Permanent URL: deployblackout.com/bti/codes/X06