PRIVACY BEAT: Google to stop sending info enabling contextual ads based on page content; may have little effect

Privacy Beat

Your weekly privacy news update.

1. Google to stop sending info enabling contextual ads based on page content; may have little effect

Google Inc., citing an effort to improve user privacy, announced this week it will stop sending information to publishers or advertisers that would make it easier to sell advertising based on context — matching ads to content material on a page.  

So-called “contextual advertising” has been held out by publishers as a promising alternative to the way the real-time bidding (RTB) advertising ecosystem works now — by following users everywhere and targeting them regardless of page content. Google’s move signals it will not assist publishers or advertisers — at least under the current system — to sell contextual advertising by assembling user-interest profiles — at least not outside of what Google itself has — with or without user consent. 

However, a report by the authoritative web news service quoted observers as saying the contextual page information may be available elsewhere. 

In a blog post by Chetna Bindra, senior product manager, user trust and privacy, Google argued that sending such data might make it easier for an advertiser to infer and build a profile of a user’s content interests.  

“Like many adtech providers, we use an advertising technology called Real-Time Bidding (RTB) to enable publishers of all sizes to sell online ad impressions in real-time, funding a variety of content such as online journalism, videos and music,” Bindra blogged, adding: “Following our engagement with data protection authorities, we have decided that beginning in February 2020 we will no longer include contextual content categories in the bid requests we send to buyers participating in our auction.”

In its coverage, the Wall Street Journal’s Patience Haggin wrote that Google’s ad exchange “would stop telling advertisers what categories of websites users are visiting, a concession to European data-protection authorities that have said the company’s real-time ad auctions violate European Privacy laws.

The Wall Street Journal wrote of Google’s move: “The changes will affect the process behind the electronic auction that happens in milliseconds to determine which ads show up when users load a website. In that time, hundreds of potential bidders can find out information about users.”

European privacy regulators have been told by Brave, a browser maker, and others, that RTB is fundamentally incompatible with their interpretation of the European Union’s General Data Protection Regulation (GDPR). Google’s move positions the company as trying to save RTB as an advertising-targeting technology, without disrupting its own uses of it. 



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

2. Microsoft decides to follow CCPA nationally; seeks ‘more comprehensive’ federal legislation 

Microsoft Corp. decided this week that it will adopt provisions of the California Consumer Privacy Act (CCPA) across all its U.S. operations and customers — a decision that increases pressure on the U.S. Congress to adopt similar federal legislation or otherwise expect the California attorney general to become the nation’s default digital privacy enforcer. 

“As digital technology becomes more and more essential in our day-to-day lives, the lack of action by the United States Congress to pass comprehensive privacy legislation continues to be a serious issue for people who are concerned about how their data is collected, used and shared,” writes Julie Brill, Microsoft’s chief privacy officer, in a Nov. 11 blog. She added: “We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents.”

Brill adds: “Whenever and wherever strong, sensible privacy laws are enacted, we will work to quickly extend the core protections those laws offer to our customers everywhere.”

Brill notes that details about how the CCPA will be interpreted by enforcers and by companies are still up in the air and the company is monitoring. “Our goal is to help our customers understand how California’s new law affects their operations and provide the tools and guidance they will need to meet its requirements,” she said, while Microsoft awaits what she termed “even more comprehensive privacy legislation in the United States.” 


3. Mozilla launches consumer “privacy not included” buyers guide ranking tech-gadget security

The foundation which makes the Mozilla Firefox web browser launched an effort this week — an updated guide to consumer tech gadgets based upon the privacy and security features. The initiative is called “Privacy Not Included” and it was previewed in an email blast to supporters from the Mozilla Foundation. 

“We spent the past few months researching 76 connected products for their privacy and security so you don’t have to,” said the email from Ashley Boyd, the foundation’s VP of advocacy.  “We have the information you need to know which products work to protect your privacy and security and which products are kinda creepy.” 

Mozilla began the “Privacy Not Included” project three years ago but has now turned it into a guide format. It covers toys and games, smart home, entertainment, wearables, health & exercise and pets.  It’s partners on the project include Consumers International (which includes Consumer Reports as a member) and The Internet Society. 

“Three years ago when we first started *Privacy Not Included, we didn’t know if people would be interested in a guide about the privacy and security of connected toys, gadgets, and smart home products,” says the site. “Turns out, they were. And it wasn’t just people who were interested. We discovered companies were too. We’re happy to see both consumers and companies increasingly value connected products that are safe, secure, and private.”

“how-to” guide to the guide explains Mozilla is asking for consumers to rate products on features such as encryption, security, use of passwords, vulnerabilities, privacy policies, data sharing, ability to delete data, collection of biometrics, whether it “snoops” on the user, and what happens when something goes wrong. 

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

4. Bipartisan bill in U.S. Senate would create narrow regulations on facial-recognition practices

A bipartisan bill introduced Thursday in the Senate is intended to put new limits on federal use of facial recognition technology, which to this point has been largely unregulated. Critics say that the bill is full of loopholes, with a lack of judicial oversight, and falls short in meaningfully protecting privacy.

The Facial Recognition Technology Warrant Act targets ongoing surveillance by requiring a warrant if a person’s whereabouts will be tracked for longer than 72 hours with exceptions for certain cases and seeks to minimize the amount of data collected. One expert, Andrew Guthrie Ferguson, author of The Rise of Big Data Policing and a law professor at the University of the District of Columbia, noted to CNET that no agency is currently doing this type of surveillance because the technology doesn’t exist. 

Agencies like ICE and the FBI maintain large databases with 100s of millions of images of US citizens that they scan for identification purposes, without need for a warrant or probable cause — which is not covered in the bill.

The bill would mandate law enforcement agencies to work with the National Institute of Standards and Technology to reduce gender, racial and age disparities in their tech. For this reason Microsoft supports the bill, with Fred Humphries, Microsoft’s vice president of US government affairs, saying, “The bill provides clarity for law enforcement to be transparent about its use of facial recognition technology, both for human review when facial recognition is in use and testing for accuracy.”

Other pending bills in Congress related to facial recognition relate to preventing businesses from using the technology without customer consent and preventing use in public housing


Lawmakers Propose Bill Limiting Government’s Use of Facial Recognition | Jack Corrigan, Nextweb

Facial recognition surveillance would require warrant under bipartisan bill | Alfred Ng, CNET

5. Wall Street Journal’s multi-media splash chronicles how Google has become ad-dominant

The Wall Street Journal last week produced a great piece, including an amusing interactive chart, that chronicles how Google Inc. has emerged as the dominant player in the online advertising world.  It’s called: “How Google Edge Out Rivals and Built the World’s Dominant Ad Machine: A Visual Guide.” The premise of the analytic work is that ad-tech consolidation is bad for publishers. It opens with a story about Nexstar Media Group Inc., the largest local TV news operator in the United States, which says when it stopped using Google technology to place ads on its website, video ad sales plummeted, so Nexstar went back to Google. 

“Media companies are so reliant on the proprietary advertising demand flowing through Google’s AdWords that one executive at a major publisher referred to it as ‘crack’,” the WSJ piece says. 

In a personal-opinion blogged commentary on the WSJ piece, Don Marti says the problem is not so much ad-tech consolidation as the split between publishers and intermediaries. Instead of getting 85% of ad-spend revenue as in the print-TV days, Marti (who works for Mozilla but blogs independently), says they now get 40% or less — much of the rest going to ad-tech intermediaries.


Publishers try new tricks to drum up interest in their ad platforms | Max Willens, DigiDay









Microsoft on privacy elements 

“More than 25 million people around the world – including over 10 million people in the U.S. – have used our privacy dashboard to understand and control their personal data…[i]n addition to guaranteeing the rights of individuals to control their personal information, we believe privacy laws should be further strengthened by placing more robust accountability requirements on companies. This includes making companies minimize the data they collect about people, specify the purposes for which they are collecting and using people’s data, and making them more responsible for analyzing and improving data systems to ensure that they use personal data appropriately.”

– Julie Brill, Microsoft CPO and VP privacy and regulatory affairs, in a Nov. 11, company blog post 

Why others may not follow

“Organizations have no inherent incentive to limit their data collection practices or provide consumers with increased privacy; the data economy is lucrative, and the more companies can collect and analyze, the greater their competitive advantage and potential profit. Microsoft choosing to lean in on CCPA is likely to be an outlier amongst the other major tech companies who would rather bide their time, and certainly an outlier among smaller enterprise organizations.”

– Emily Wilson, VP of research, digital-risk protection provider, Terbium Labs, quoted in a  Nov. 13 report by HelpNetSecurity blog editor Zeljka Zorz. 

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2019 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp