Ad-tech related concerns about perceived Google, Facebook “skew” in considering privacy, cookies to be given airing at Aug. 6 advisory board of W3C
The World Wide Web Consortium (W3C), which is hosting discussions about how browser software and other protocols might enhance user privacy control over advertising, is moving to consider concerns about alleged process “skew” favoring the likes of Google, Facebook and Apple.
The W3C’s Advisory Board will have on the agenda of its Aug. 6 virtual meeting an item to hear from British tech entrepreneur James Rosewell, who says to Private Beat that “over the last 10 years there are a number of dominant marketplace players who have also dominated the W3C.” Roswell, who spoke about his concerns with Privacy Beat, co-authored a public email entitled: “W3C AB governance and trust choices.”
AB refers to the “Improving Web Advertising Business Group of the W3C. The email says the co-signers are concerned about how privacy, standard interfaces and cross-publisher web advertising are being discussed.
“We believe that the W3C governance process aims to represent all stakeholders of the web,” the email says. “Unfortunately, as the web has grown in size, a disparity in organizational size now threatens this governance process.” It calls for unspecified urgent amendments to the governance of the advertising business group, and has made a detailed proposal.
The 20 signers of the email represent a mix of companies in advertising technology, agencies, and brands, with ad-tech predominant. However, Roswell said he would not characterize the appeal as coming primarily from ad-tech companies. He says ad-tech interests are more aware of what’s going with web standards on than are, say, publishers.
“If we are going to change the web and change it quite fundamentally, especially the economics, then the balance of power that is already skewed in favor of a handful of oligopolies, we need to be very careful about the changes,” Roswell told Privacy Beat.
The W3C is an unincorporated collaboration that operates within a series of contracts among it and four international education institutions, including MIT, where it is based in Cambridge, Mass. It has a small staff, headed by CEO Jeffrey Jaffe. Jaffe is chair of the Advisory Board which will hear from Roswell’s group on Aug. 6.
AD TECH | IDENTITY
- With IDFA gone, it’s time for a new identity strategy, Epsilon exec says | Loch Rose, Epsilon via AdWeek.com
In advertorial, ZeoTap urges adopt of “universal ID” | ZeoTap via DigiDay.com
MediaMath Goes Live Globally with LiveRamp’s IDL | Travis Clinger, VP Strategy, LiveRamp
Ad tech is in denial about Apple’s new app IDFA privacy rule | Lara O’Reilly, DigiDay.com
What Do Apple’s Privacy-Focused IDFA Changes Mean For Facebook? | Allison Schiff, AdExchanger.com
What’s behind the hype about Customer Data Platforms? | Pamela Parker, MarketingLand.com
Acxiom Launches A Solution To Connect Direct And Digital Audiences | Alison Weissbrot, AdExchanger.com
Consumers in Europe OK cookies more than in United States | David A. Zetoony, Bryan Cave Leighton Paisner law firm | (2018 study cited)
Publishers are wary of the latest attempt to standardize GDPR compliance | Lucinda Southern, DigiDay.com
Reviewer’s list of favorite ad blockers and browser privacy extensions | Thorin Klosowski, WireCutter/NYTimes
Sovrin Foundation seeking board members | Sovrin Email
Does your organization need customized privacy compliance solutions? ITEGA can help.
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
U.S. government and tech scramble after EU court seeks to push enhanced privacy across the Atlantic; how to balance privacy with government spying?
The U.S. government and U.S. corporations that move customer and employee data back and forth with Europe are now scrambling after a long-anticipated decision by the European Union’s highest court struck down a most-favored trans-Atlantic data-exchange pact.
The European Court of Justice’s decision this week could affect more than 5,000 U.S. companies that transfer EU residents’ information to servers in the United States. Reuters’ Foo Yun Chee and Marine Strauss wrote the decision “effectively ends the privileged access companies in the United States had to personal data from Europe and puts the country on a similar footing to other nations outside the bloc, meaning data transfers are likely to face closer scrutiny.”
Added Yahoo Finance writer Edmund Heaphy: “The core of the issue was on the contradiction between US law, which requires social media firms to hand over user data to national security agencies, and both the charter and the GDPR regulation, which give every EU citizen substantial data privacy rights.
It was the second time since 2015 that a “Privacy Shield” was found wanting by the European Court Justice. The key problem — U.S. law doesn’t protect foreigners’ data from surveillance by U.S. spy agencies. Research by the Future of Privacy Forum found more than 250 European companies also participate in the Privacy Shield mechanism.
“This is a bold move by Europe,” Jonathan Kewley, co-head of technology at law firm Clifford Chance, said in comments to Yahoo News UK. “What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted but those in the US cannot.” Kewley said the outcome could be that more customer data remains stored in Europe, which is what happened after “Safe Harbor” — predecessor to “Privacy Shield” was annulled in 2015.
The was filed by privacy activist Max Schrems after former US National Security Agency contractor Edward Snowden revealed in 2013 revealed U.S. surveillance. Schrems praised Thursday’s decision. “It is clear that the US will have to seriously change their surveillance laws, if U.S. companies want to continue to play a role on the EU market,” he said. “The Court clarified for a second time now that there is a clash between EU privacy law and US surveillance law . . . the US is now simply put back to an average country with no special access to EU data.”
Some other reactions:
- “This decision cuts off legal means to transfer personal data to the United States and will demand immediate attention by policymakers and U.S. companies doing business in Europe,” Caitlin Fennessy, research director at the International Association of Privacy Professionals told the New York Times. “I think this is the worst-case scenario for US companies,” Hennessy added to CNN. “It’s difficult to understand what legal option companies have. But it will demand immediate action by EU and US policy makers …for guidance and reassurance.” (Hennessy’s own take)
- American Civil Liberties Union lawyer Ashley Gorski said Congress must now act to rein in the National Security Agency’s warrantless spying.
- “This should be a wake up call to both the U.S. Congress and the U.S. Intelligence Community that stronger privacy protections must be built into intelligence surveillance authorities,” said Alexandra Givens, president and CEO of the nonprofit DC-based Center for Democracy & Technology. ““People outside the U.S. have rights that U.S. surveillance law and practice must honor. Surveillance reform has long been a human rights imperative; now, it is an economic imperative as well,” she added.
- “The European Union’s highest court today made clear—once again—that the US government’s mass surveillance programs are incompatible with the privacy rights of EU citizens,” the Electronic Frontier Foundation’s Danny O’Brien wrote on the EFF.org website.
- Johnny Ryan, the Irish-based ad-tech privacy advocate who works for browser-maker Brave Inc., said the decision means “companies can no longer send personal data to the United States unless they can first prove that it will be protected to the same standard as it is in the European Union.” He continued: “When one considers the divergence of data protection between EU and US, it becomes clear that this may be difficult or impossible.”
- Alexandre Roure, a senior manager at Computer & Communications Industry Association, said the decision “creates legal uncertainty for the thousands of large and small companies on both sides of the Atlantic that rely on Privacy Shield for their daily commercial data transfers.
So what’s next? An effort by U.S. interests to come up with something new.
While the court invalidated Privacy Shield, it said an alternate legal approach involving “standard contractual clauses” (SCC’s) could be used by company’s on a case-by-case basis. For example, Microsoft said it handling of EU subject data in its Azure Cloud services were in compliance using SCC’s.
CNN reported that European Commission Vice President Věra Jourová said EU and US officials have already been working on alternatives, including possibly updating the Privacy Shield agreement. Jourová added that it will take time to analyze the decision and understand its implications. “We will continue our work to ensure the continuity of safe data flows,” she said, “We strongly believe that in the globalized world of today it is essential to have a broad tool box for international transfers while ensuring a high level of protection for personal data. We are not starting from scratch.”
For his part, U.S. Commerce Secretary Wilbur Ross said his agency was “deeply disappointed” with the ruling. He said: ““We are still studying the decision to fully understand its practical impacts,” he stated. “We have been and will remain in close contact with the European Commission and European Data Protection Board on this matter and hope to be able to limit the negative consequences to the $7.1 trillion transatlantic economic relationship that is so vital to our respective citizens, companies, and governments.”
STATE OF SURVEILLANCE
COVID 19 AND PRIVACY
- Massachusetts Could Become First State to Ban Facial Recognition | Adrianne Appel, BloombergLaw.com
- Brands Should Brace for More States to Adopt Privacy Legislation | Rachel Winocov, AdWeek.com
- Suits allege Microsoft, Amazon, Google violated Illinois biometric law | Taylor Hatmaker, TechCrunch.com
- Amazon, Google, Microsoft sued over photos in facial recognition database | Steven Musil, CNet.com
- Law-school prof says Maine ISP privacy law is bad policy | Daniel Lyons, Boston College, via American Enterprise Institute
QUOTES OF THE WEEK
News Corp. ad-tech exec says Big Tech and independent ad-tech increasingly at odds, “superprofiles” problematic
“The relationship of independent ad tech with Big Tech is definitely moving from frenemy territory to a more adversarial relationship, where there is little trust left. Independent ad tech has experienced too many seemingly small product changes that have enabled anti-competitive behavior on the part of Big Tech that have hurt their businesses. It started in ad-tech pipes and has slowly moved into browsers and OSS under the auspices of user privacy.
“For publishers, I believe many of us have grown weary of all our conversations with Big Tech where they tell us how much they love journalism and want to support it, and then they proceed to make a new product change that negatively impacts us . . . .
“I do think we can make a more privacy-safe advertising ecosystem by limiting data coming in through the bid request so bad actors can’t thrive. But allowing Big Tech to create superprofiles off their user base and target ads using that data, no matter what kind of relationship they have with the user, is way more problematic . . . we don’t want to get pushed into data collection practices that don’t meet with our standards as a publisher.”
– Stephanie Layser, vp of advertising tech for News Corp., publisher of The Wall Street Journal
and owner of FOX News, in a Q-and-A discussion
with Rachel Winicov
of AdWeek.com, posted online July 15, 2020.