PRIVACY BEAT: Stanford, Omidyar seek to infuse startup entrepreneurs — and investors — with ethics that go along with profits

Privacy Beat

Your weekly privacy news update.

1. Stanford, Omidyar seek to infuse startup entrepreneurs — and investors — with ethics that go along with profits

Three efforts to orient both investors and entrepreneurs around ethics, data privacy and transparency principles are underway.  

The first is an ambitious effort by elements of the U.S. venture-capital industry to find opportunities at the frontiers of privacy, identity and data integrity.  The initiative is called “Race to the Top: A New Business Paradigm for Identity Data”. Organizers are working with investors, entrepreneurs and civil society organizations to write, champion and follow investing principles, measurement tools and company success benchmarks that turn away from the likes of “surveillance capitalism.”  

“As venture capitalists, we seek to invest in companies that design for people, manage for trust and accountability, build products that benefit people fairly, and thereby grow sustainably,” reads the draft preamble to the principles document.

The first working roundtable meeting was in May at the MIT Media Lab and a second convened Sept. 13 at the headquarters of Mozilla in Silicon Valley and a third is set for Oct. 24 in Seattle

As Race to the Top is an initiative of the venture-capital industry,  Omidyar Network is helping support the meetings. The principles, tools and benchmarks are being hashed out. The Information Trust Exchange Governing Association ( is helping, too. 

To apply to participate in the process go to the signup-form page. 

The second effort is underway at Stanford’s Center on Philanthropy and Civil Society (ACS). Aimed at foundations and civil-society nonprofits, it’s called “Digital Impact” and the goal is to create a toolkit to help “manage and govern digital data in ways that advance your mission and respect the rights of people you serve …”

Digital Impact is part of Stanford’s Digital Civil Society Lab headed by Lucy Bernholz, a senior research scholar, and Rob Reich, faculty co-director, both at PACS. 

Finally, Stanford University is also celebrating five years of a program designed to teach budding entrepreneurs ethics. It’s for master’s students in the Stanford engineering school and one of the people helping with it is well-known venture capitalist Heidi Roizen. “Every entrepreneur is going to have their ethics tested, guaranteed,” Roizen told Axios’ Ina Fried in an interview published in Axios’ emailed newsletter.

The program has graduated 60 students, now called Threshold Fellows, Roizen writes in a Medium blog post about the Stanford Technology Ventures Program. In 2010, Roizen was named a Lecturer and Entrepreneurship Educator at Stanford University, where she teaches the course ‘Spirit of Entrepreneurship’ in the MS&E (Engineering) department.


So many people have told us this newsletter is valuable.
Please support the continued work of ITEGA to foster a digital marketplace that respects privacy and identity.


2. Pre-ticked checkbox does not comply with GDPR for signaling consent to cookies, EU’s top court rules

The way most websites advise users about their use of cookies has been deemed illegal in the European Union by a preliminary ruling of the European Union Court of Justice announced Oct. 1.  EU-based websites cannot put up a pre-checked cookie consent dialogue box, according to the ruling by the EU’s highest court. The decision means sites that continue to do so could eventually face major fines. The rule establishes a stricter privacy standard for cookie consent in the EU than in California once the CCPA takes effect.

The decision came in a case referred from Germany involving a lottery site called Planet49.  The decision text  and accompany official news release make three points:

  • Consent to place non-essential cookies (ad-tech cookies are deemed non-essential) must include a “freely given, specific, informed and unambiguous indication” of the data subject’s wishes given by a “clear affirmative action.”  A pre-checked checkbox a user must de-select to refuse consent is “not validly constituted,” the court stated.

  • The court said its decision applies whether or not personal information is collected by the website. 

  • Moreover, the court said the website must give a user information about the duration of operation of cookies and — in a challenge to tradition ad tech — whether or not third parties may have access to those cookies. 

The court’s own press officer wrote: “In today’s judgment, the Court decides that the consent which a website user must give to the storage of and access to cookies on his or her equipment is not validly constituted by way of a pre-checked checkbox which that user must deselect to refuse his or her consent.”

TechCrunch’s Natasha Lomas’ story reviewed the decision and the writer states: “Safe to say, there will be some long faces in the ad industry today.” She added in her story: “As we’ve reported before very many sites and services in Europe have, at best, been playing lip-service to EU cookie consent requirements — despite the advent of tighter rules coming into force last year under the General Data Protection Regulation (GDPR)…”

The California Consumer Privacy Act, which takes effect Jan. 1, “does not expressly require that a company obtain consent from a website user before placing cookies on their browser,” according to an analysis of the act by David A. Zetoony, a partner in the Boulder, Colo., office of the law firm Bryan Cave Leighton Paisner. He added: “While consent is not expressly required, in order to mitigate the risk that the use of third-party behavioral advertising could be considered a ‘sale,’ many businesses may seek consent from users before deploying third-party behavioral advertising cookies.” 

EU law does technically apply outside the EU, but it is such a large market, many observers assume U.S. websites and ad technologists may find they have to comply with the ruling by changing their practices globally, or else exit the EU market.


3. Law firms offer detailed analysis of California privacy ballot initiative proposal

Detailed summaries of a new California ballot initiative to strengthen the CCPA are being cranked out by privacy lawyers and observers. Here’s a sampling:

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

4. MediaMath promotes claim to make ad-tech more transparent — IAB is not officially involved

One of the biggest ad-tech companies announced a new service that it says aims to make digital advertising one-hundred-percent  “accountable and addressable.” MediaMath said it had announced its “SOURCE by MediaMath” at an industry conference on Tuesday in Orlando, Fla. 

The move by MediaMath comes a few weeks after the IAB Tech Lab began floating fresh ideas for transitioning digital advertising away from the use of third-party cookies, which are widely seen as enabling ad fraud and ecosystem opacity, and are challenged by new privacy regulation in Europe and California.  

“We set out to change marketing for the better,” MediaMath CEO Joe Zawadzki wrote in the announcement. “Unfortunately, the purity of our industry’s intentions when we built the digital infrastructure have gotten lost in fraud, waste, and irrelevance. It’s created more ads instead of good ads and minimized the value of quality supply in its purest and most transparent form. As some of the earliest pioneers of programmatic, we feel called to help fix what’s broken.”

MediaMath’s statement gave no details beyond three bullet points talking about a “fraud-free supply chain,” ads seen by real humans and more use of artificial intelligence for ad targetting. It said ad-tech competitor RubiconProject was collaborating “to architect a direct and transparent digital supply infrastructure.” 

MediaMath, along with Google and The Trade Desk, are the three largest ad-tech companies and it has won awards from the Interactive Advertising Bureau (IAB), the trade organization that represents most of ad-tech and some publishers.  

The New York Times account of MediaMath’s announcement noted that IAB was “aware of the initiative but not directly involved.”  MediaMath partners include IBM Watson Advertising, White Ops, Havas Media and Business Insider, the Times account said. It said the initiative’s intent was to be a viable alternative to Google and Facebook — two of the IAB’s largest members.

“The members of the initiative are making commitments to share data,” wrote The Times’ Steve Lohr, adding:  “Publishers and video distributors, for example, will have to verify the type of content they are supplying to meet quality and authenticity standards to guard against fraud. And ad tech companies will have to disclose their fees.”







In today’s judgment, the Court decides that the consent which a website user must give to the storage of and access to cookies on his or her equipment is not validly constituted by way of a pre-checked checkbox which that user must deselect to refuse his or her consent. That decision is unaffected by whether or not the information stored or accessed on the user’s equipment is personal data. EU law aims to protect the user from any interference with his or her private life, in particular, from the risk that hidden identifiers and other similar devices enter those users’ terminal equipment without their knowledge. The Court notes that consent must be specific so that the fact that a user selects the button to participate in a promotional lottery is not sufficient for it to be concluded that the user validly gave his or her consent to the storage of cookies. Furthermore, according to the Court, the information that the service provider must give to a user includes the duration of the operation of cookies and whether or not third parties may have access to those cookies.

–  Source: Opinion of the European Court of Justice, in the Planet49 case outlawing pre-ticked cookie consent dialogues, Oct. 1, 2019

Like with GDPR, if you’re a marketer, behavioral targeting was a neat trick but once law is enforced and in place, you’ll start including the risk and seek out larger sets of cohorts and context and other targeting that doesn’t need personal data exposed to 3rd parties.

–  Source: Tweet by Jason Kint, CEO of Digital Content Next, in an Oct. 3, 2019, exchange about advertisers worried about getting sued because of new privacy laws

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2019 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp