PRIVACY BEAT: Corporate America focuses on challenge and opportunity of privacy in moves by Business Roundtable and IBM

Privacy Beat

Your weekly privacy news update.

1. Corporate America focuses on challenge and opportunity of privacy in moves by Business Roundtable and IBM; but its bid to gut CCPA is opposed by Common Sense

The impact of public concerns about privacy is now obvious at the highest level of corporate America.  Fifty-one big-company CEOs are urging Congress to preempt states like California and adopt a federal privacy policy.  

In a letter this week to congressional leaders, The Business Roundtable touted its Dec., 2018 “framework” for a U.S. federal privacy policy and urged them to preempt California’s privacy law with federal legislation. LETTER TEXT) One key analyst said the framework features resemble in some respects the language in the European Union’s General Data Protection Regulation (GDPR). Amazon CEO Jeff Bezos was among signers of the letter, along with CEOs of IBM, AT&T, Bank of America, Comcast and JPMorgan Chase, Macy’s, Walmart and Proctor & Gamble. 

Not everyone backed the big-business pitch, however. Absent were Facebook, Google, Microsoft, Uber, Verizon, T-Mobile US, Intel, Cisco and Oracle. The non-profit children’s media advocacy group Common Sense, in a letter, urged Congress to keep the California law in force. “All eyes are on California when it comes to data privacy. California legislators did right by kids, families and consumers by keeping the law which goes into effect in 2020 largely intact. It’s no surprise that after failing to gut the California Consumer Privacy Act tech giants are now rallying Congress to pass a federal law to preempt it,” said Common Sense CEO James Steyer in a statement.

Meanwhile, IBM: 

  • Made privacy a centerpiece of its newest mainframe announcement (more below)

  • Saw one of its executives elected chairman of the technical steering committee for the open-source, blockchain-pioneering HyperLedger project of the Linux Foundation. IBM employees comprise 6 of 11 members of the board.  

  • Commissioned and released a Harris Poll about consumer privacy attitudes. The survey of 1,000 adults found “consumers are demanding to understand and have control over where their data goes,” IBM said.  IBM even interviewed “Catch Me If You Can,” author Frank Abagnale. (FULL HARRIS REPORT)

The new IBM mainframe platform is called z15.  “Beyond performance, data privacy is the big selling point of the z15,” wrote Timothy Green at The Motley Fool. Green says IBM mainframes process 87% of all credit-card transactions, 29 billion yearly ATM transactions and 4 billion annual flight reservations. 

IBM’s release said the z15 can “manage the privacy of customer data across hybrid multi-cloud environments” including “who gets access to data via policy-based controls, with an industry-first capability to revoke access to data across the hybrid cloud.” 

So many people have told us this newsletter is valuable.
Please support the continued work of ITEGA to foster a digital marketplace that respects privacy and identity.


2. Cookie-consent regimes seen as failing GDPR rules in paper by four academic researchers due in November

The cookie-consent notices that are on the bottom of European websites do not meet requirements of the GDPR and if they did, only a tiny fraction of users would agree to be tracked, according to preliminary academic research to be presented at Nov. 11 computer-science conference in London. 

“Our studies have implications for future regulations and the design of consent notices that encourage users to actively make an informed choice,” the researchers say in an abstract of the draft paper. The researchers from the University of Michigan (Florian Schaub) and Ruhr-University Bochum in Germany conducted three studies with more than 80,000 unique users on a German website. The paper is entitled, “ (Un)informed Consent: Studying GDPR Consent Notices in the Field.” 

“Our results…indicate that the privacy-by-default and purposed-based consent requirements put forth by the GDPR would require websites to use consent notices that would actually lead to less than 0.1% of active consent for the use of third parties,” the researchers write in their draft conclusion. 

In her story on the draft report, reporter Natasha Lomas wrote that it showed “widespread manipulation of a system that’s supposed to protect consumer rights.” The studies looked at how consumers interact with different designs of cookie pop-ups, Lomas wrote, and studied how consumers are “nudged” with positioning and colors toward giving consent. The researchers conclude that if consent to drop cookies was being collected in a way that’s compliant with the EU’s existing privacy laws only a tiny fraction of consumers would agree to be tracked.

Over half of cookie consent notices (57%) were discovered utilizing “dark pattern” techniques, to influence a user into consenting, said another account of the draft report. Some of the techniques include highlighting the “agree” button and presenting a less visible button for “more options”.

3. CCPA in flux? Sacramento reaches bill deadline; stay tuned to see what happened — likely not much

Friday (Sept. 13) was a self-imposed deadline of the California Legislature to pass or kill bills and send them among to Gov. Gavin Newsome. Earlier in the week there were some amending adjustments, but no major changes over the last couple of months, suggesting the law may go into effect Jan. 1 reasonably intact. 

“When the CCPA goes into effect, and individuals and reporters will go to companies and say, ‘What do you know about me?’ I think that will be a game-changer,” Mary Stone Ross, an expert in consumer privacy who co-authored the law, told

Mintz, Levin attorney Cynthia J. Larose, who is based in Boston but has been writing on her client blog with key actions in Sacramento, said the California Senate this week amended AB-846 (non-discrimination in customer loyalty programs) to restrict the manner in which personal information collected through loyalty programs may be sold. She said the business must obtain express consent of the consumer to sell the information to a specific third party after the business discloses the “terms” of the sale, and the third party must only use the information “for the purposes of identifying the consumer as an eligible member of the [loyalty program].”  The third party is also restricted from retaining or otherwise using or disclosing the personal information. 


Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

4. Manage your own “identity”? “DIDs” step closer to becoming an official W3C web standard​​

Originators of Internet technology are constantly working on “standards” for the way things work and the principle venue for th work is through the World Wide Web Consortium, or W3C.  Administratively based in at MIT in Cambridge and in Switzerland, the W3C has dozens of volunteer “working groups.” It has been responsible for technical standards on email, domain names — all kinds of details for the web.  

As of Sept. 5, W3C has chartered a “Decentralized Identifier Working Group” and given it two years, until Sept. 30, 2021 — to come up with identifier standards.  The move is important because there is no current standard to allow individuals to control attributes of their online identity themselves.  The DID Working Group seeks to invent one.  

Explains Evernym’s Alex Andrade-Walz: “DID documents are standard data files that contain the cryptographic public keys and other metadata needs to initiate trusted interactions with the person, organization, or thing identified by the DID.

5. Newspaper publishers press Congress for antitrust exemption to bargain with Google and Facebook

Some major newspaper publishers resorted to face-to-face lobbying of key members of Congress in an ongoing bid to be able to legally collude in fighting Google and Facebook. 

Leaders from The Los Angeles Times and San Diego Union-Tribune, Tribune Publishing Company, News Corp, Star Tribune, Gannett, The Post and Courier in Charleston and Philadelphia Media Network were said by Axios to have met lawmakers one-on-one to rally support for the News Media Alliance’s anti-trust safe harbor bill and to educate members about the economic plight of the newspaper industry.


6. EU updates: Not all companies are giving GDPR compliance high priority, firm’s poll finds

Significant percentages of European Union-based companies are no longer giving compliance with GDPR their highest priority, according to a poll of 250 decision-makers by a security-software supplier, Egress. 

Egress revealed that the greatest area of continuing GDPR-compliance investment in the past 12 months was implementation of new processes to governing sensitive data, but even then this was only cited by 28% of respondents.

Other areas named as top spending priorities included the auditing of what data is collected and why (18%), the employment of dedicated data protection officers (also 18%), new cybersecurity technology (17%), and user education and training (just 7%).

In other European privacy news this week, the British Information Commissioner’s Office released technical guidance on how to manage data protection if there’s no Brexit deal. 

  • And Bloomberg Business reported that the Privacy Shield rules, which govern the exporting of consumer data from Europe to the United States by more than 5,000 companies is getting a careful examination by regulators.


Simply put, our poll results indicate that consumers are flat-out dissatisfied with the way many businesses are handling their data. Eighty-four percent of those surveyed agree that they have lost all control over how personal information is being used by companies, and nearly two-thirds strongly agree that companies should be doing more to protect them against cybersecurity threats.

–  IBM news release, summarizing results of a Harris Poll commissioned by the company and made public Sept. 12.




Striking The Balance Between Convenience And Privacy: Here’s What Consumers Want (Forbes)

Google open-sources its technology for anonymizing data (Tech Radar)

Facebook Warns iOS 13 And Android 10 Users About Real-Time Location Tracking (Forbes)

Understanding Updates to Your Device’s Location Settings (Facebook)

Special report: The end of anonymity? (
Facebook’s Privacy Loss May Bolster Federal Big Tech User Suits (Bloomberg Law)


What State-by-State Data Privacy Laws Mean for the Future of Programmatic (Adweek)

Ad fraud costing $22.4 billion globally says GroupM (Fox Business News) 

Firefox is stepping up its blocking gain (ArsTechnica)

Is your website at risk for ad fraud? (Steve Guenther, Alliance for Audited Media)

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2019 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp