1. Stanford, Omidyar seek to infuse startup entrepreneurs — and investors — with ethics that go along with profits

Three efforts to orient both investors and entrepreneurs around ethics, data privacy and transparency principles are underway.  

The first is an ambitious effort by elements of the U.S. venture-capital industry to find opportunities at the frontiers of privacy, identity and data integrity.  The initiative is called “Race to the Top: A New Business Paradigm for Identity Data”. Organizers are working with investors, entrepreneurs and civil society organizations to write, champion and follow investing principles, measurement tools and company success benchmarks that turn away from the likes of “surveillance capitalism.”  

“As venture capitalists, we seek to invest in companies that design for people, manage for trust and accountability, build products that benefit people fairly, and thereby grow sustainably,” reads the draft preamble to the principles document.

The first working roundtable meeting was in May at the MIT Media Lab and a second convened Sept. 13 at the headquarters of Mozilla in Silicon Valley and a third is set for Oct. 24 in Seattle. 

As Race to the Top is an initiative of the venture-capital industry,  Omidyar Network is helping support the meetings. The principles, tools and benchmarks are being hashed out. The Information Trust Exchange Governing Association (ITEGA.org) is helping, too. 

To apply to participate in the process go to the signup-form page. 

The second effort is underway at Stanford’s Center on Philanthropy and Civil Society (ACS). Aimed at foundations and civil-society nonprofits, it’s called “Digital Impact” and the goal is to create a toolkit to help “manage and govern digital data in ways that advance your mission and respect the rights of people you serve …”

Digital Impact is part of Stanford’s Digital Civil Society Lab headed by Lucy Bernholz, a senior research scholar, and Rob Reich, faculty co-director, both at PACS. 

Finally, Stanford University is also celebrating five years of a program designed to teach budding entrepreneurs ethics. It’s for master’s students in the Stanford engineering school and one of the people helping with it is well-known venture capitalist Heidi Roizen. “Every entrepreneur is going to have their ethics tested, guaranteed,” Roizen told Axios’ Ina Fried in an interview published in Axios’ emailed newsletter.

The program has graduated 60 students, now called Threshold Fellows, Roizen writes in a Medium blog post about the Stanford Technology Ventures Program. In 2010, Roizen was named a Lecturer and Entrepreneurship Educator at Stanford University, where she teaches the course ‘Spirit of Entrepreneurship’ in the MS&E (Engineering) department.

RELATED LINK:

• “Understand how companies are grappling with values and institutional trade-offs” – WHITE PAPER: Institutionalizing ethics in Silicon Valley (Danah Boyd, Data & Society)

2. Pre-ticked checkbox does not comply with GDPR for signaling consent to cookies, EU’s top court rules

The way most websites advise users about their use of cookies has been deemed illegal in the European Union by a preliminary ruling of the European Union Court of Justice announced Oct. 1.  EU-based websites cannot put up a pre-checked cookie consent dialogue box, according to the ruling by the EU’s highest court. The decision means sites that continue to do so could eventually face major fines. The rule establishes a stricter privacy standard for cookie consent in the EU than in California once the CCPA takes effect.

The decision came in a case referred from Germany involving a lottery site called Planet49.  The decision text  and accompany official news release make three points:

• Consent to place non-essential cookies (ad-tech cookies are deemed non-essential) must include a “freely given, specific, informed and unambiguous indication” of the data subject’s wishes given by a “clear affirmative action.”  A pre-checked checkbox a user must de-select to refuse consent is “not validly constituted,” the court stated.

• The court said its decision applies whether or not personal information is collected by the website. 

• Moreover, the court said the website must give a user information about the duration of operation of cookies and — in a challenge to tradition ad tech — whether or not third parties may have access to those cookies. 

The court’s own press officer wrote: “In today’s judgment, the Court decides that the consent which a website user must give to the storage of and access to cookies on his or her equipment is not validly constituted by way of a pre-checked checkbox which that user must deselect to refuse his or her consent.”

TechCrunch’s Natasha Lomas’ story reviewed the decision and the writer states: “Safe to say, there will be some long faces in the ad industry today.” She added in her story: “As we’ve reported before very many sites and services in Europe have, at best, been playing lip-service to EU cookie consent requirements — despite the advent of tighter rules coming into force last year under the General Data Protection Regulation (GDPR)…”

The California Consumer Privacy Act, which takes effect Jan. 1, “does not expressly require that a company obtain consent from a website user before placing cookies on their browser,” according to an analysis of the act by David A. Zetoony, a partner in the Boulder, Colo., office of the law firm Bryan Cave Leighton Paisner. He added: “While consent is not expressly required, in order to mitigate the risk that the use of third-party behavioral advertising could be considered a ‘sale,’ many businesses may seek consent from users before deploying third-party behavioral advertising cookies.” 

EU law does technically apply outside the EU, but it is such a large market, many observers assume U.S. websites and ad technologists may find they have to comply with the ruling by changing their practices globally, or else exit the EU market.

RELATED LINK:

• Active consent needed for tracking cookies, EU’s top court says

3. Law firms offer detailed analysis of California privacy ballot initiative proposal

Detailed summaries of a new California ballot initiative to strengthen the CCPA are being cranked out by privacy lawyers and observers. Here’s a sampling:

• Law firm’s bullet-point summary of CCPA 2.0 details (Buckley LLP) 

• CPREA introduces “sensitive personal information” (O’Melveny & Myers LLP) 

• CPREA would require disclosure of election influence (ReedSmith law firm) 

• CPREA ballot initiative seeks to redo CCPA (Covington firm)

• Explaining the California Privacy Rights and Enforcement Act of 2020 (Ian Adams, TechLiberation.com)