PRIVACY BEAT: IAB offers fresh tool to salvage real-time bidding service in face of EU privacy challenges

Privacy Beat

Your weekly privacy news update.

1. Ad-tech/publisher group IAB offers fresh tool to salvage real-time bidding service in face of EU privacy challenges

IAB Europe has released a tool that validates consent management platforms (CMPs) for requirements of IAB Europe’s CMP Compliance Programme — as part of their Transparency and Consent Framework (TCF). Currently, 131 of the 150 CMPs registered with TCF were found to be compliant. (LIST)

Johnny Ryan of Brave was quick to point out on Twitter that, “Lest anyone assume that this resolves GDPR Article 5(1)f problems at the heart of the IAB OpenRTB system, take note that the “validator tool” merely checks for some UX problems.” He also tweeted here and here.

V1 of the ‘Policy Compliance Checks’ includes a series of eight questions related to the user interface for displaying required information about data usage and for obtaining user preferences, which are key features of CMPs. Also included are 10 technical compliance checks related to the CMP API that communicates user data preferences to vendors via the IAB’s Global Vendor List (GVL). (CMP Validator user guide)  


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

2. Five Democratic senators seek detailed info from Amazon about Ring doorbell system’s data practices

Five U.S. Senators, all Democrats, have sent a letter to Amazon Chairman Jeff Bezos asking more than 20 questions seeking detailed information about the privacy implications of the company’s “Ring” doorbell video surveillance service. 

“Ring’s emphasis on safety and security has not always extended to the massive amount of data it amasses, retains and shares…,” says the letter from Sens. Ron Wyden, Edward Markey, Chris Van Hollen, Christopher Coons, and Gary Peters.  They cited reports that Ring “left Wi-FI network passwords exposed to hackers” and “left customer video feeds vulnerable to eavesdropping and manipulation by malicious actors.” 

The five senators’ letter asked for information about the Ring systems use of facial recognition, noting the company has applied for facial recognition patents.

The letter, dated Nov. 20, was cited by the Electronic Privacy Information Center (EPIC), which called Ring a “neighborhood surveillance system posing as a doorbell.” The letter follows an investigation by Senator Markey into Ring’s surveillance practices, EPIC said. EPIC has recently launched a campaign to Ban Face Surveillance worldwide.

3. IAPP confab in Brussels waxes optimistic about GDPR progress; issues 10-point “manifesto” for improving web

It’s too early to declare the EU’s General Data Protection Regulations (GDPR) a success or failure, and the judgment should not be made just on the basis of whether fines are levied, European data-protection regulators are saying. 

That was a key message heard at the International Association of Privacy Professionals’ (IAPP) annual Data Protection Congress, this year in Brussels, Belgium this week. IAPP’s Angelique Carson has wrapped up the comments of many regulators in this report. 

“There’s evidence significant progress is being made,” Ireland’s Data Protection Commissioner Helen Dixon was quoted as saying. European Commission Executive Vice President-Designate Margrethe Vestager agreed. (See The New York Times’ profile of Vestager this week).

IAPP announced it was launching a “Giovanni Buttarelli Memorial Lecture” to honor the late European Data Protection supervisor, who died in August. And it released a shared-vision paper, “Privacy 2030: A Vision for Europe,” which was written after Buttarelli’s death by a friend, Christian D’Cunha. The paper includes a “10-Point Plan for Sustainable Privacy.” 

The document includes an afterword consisting of six short essays by thought leaders in the space, including the Electronic Privacy Information Center’s Marc Rotenberg, writer Maria Farrell, the Future of Privacy Forum’s Jules Polonetsky, CIPP/US, Harvard University’s Malavika Jayaram, Panetta & Associati’s Rocco Panetta and “Surveillance Capital” author Shoshana Zuboff.

The “Giovanni Manifesto” includes a “10-Point Plan for Sustainable Privacy.” It also says:

  • There should be “a fairer allocation of the digital dividend” by making internet access faster and geographically and socio-economically dispersed.

  • The EU should address not only digital disenfranchisement and lack of access to digital infrastructure and services — but also digital inequality.

  • Personal data “can and should be used to serve the public interest, the general interests of state and society — rather than those that benefit distinct groups or individuals.” 

  • The EU should determine the limits of monitoring and monetizing people.

  • Digital products need the same rigorous scrutiny for their safety as physical products, like medicines, toys or cars. 

  • Like for [the] environment, we need a new common understanding of the value — and cost — of deploying digital technology like artificial intelligence (AI). 

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

4. “Surveillance-based” businesses of Google and Facebook incompatible with privacy, Amnesty International says

The non-profit Amnesty International issued a 60-page report calling out Google and Facebook for human-rights abuses saying, “The companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discrimination.”

The report details how it has become unfeasible to use the Internet without accessing Facebook or Google services, with their subsequent data extraction and accumulation. Highlighting how their reach into the personal details of our lives continue to grow through new ventures into ‘Internet of Things’ connected devices tracking our actions in the physical world, Google’s access to health data, Facebook’s planned cryptocurrency, and that “Facebook is even developing technology that would enable tracking the inside of the human brain.” And in new markets around the world.

Closing out the report are recommendations for governments and for Google and Facebook to protect human rights in relation to data and privacy, including a call for technology companies to remediate the abuses they have contributed to through their business practices. 

Included in the Annex is a 6-page letter from Facebook in response to the report stating, “While we appreciate the opportunity to engage with Amnesty International on these important issues, we respectfully disagree with your conclusion that our practices are inconsistent with human rights principles.”


5. U.S. ad industry pushes for federal law to pre-empt ‘fragmentary” California and EU privacy regulations

Faced with complying with the California Consumer Privacy Act, the U.S. advertising industry has renewed lobbying of Congress to adopt a relatively weak federal law more to its liking instead.  

The “Privacy for America” coalition includes the American Association of Advertising Agencies, the Association of National Advertisers, the Interactive Advertising Bureau, the Network Advertising Initiative and the American Advertising Federation. 

“In the absence of congressional action, policy affecting the entire consumer economy and consumers nationwide is being shaped by Europe and a single state,” the coalition wrote in a Nov. 21 letter to four congressional leaders. 

The letter says “a patchwork of conflicting new restrictions on data collection and use” looms if Congress doesn’t act, adding that “a fragmentary regulatory environment is untenable” and will create “significant disruption, costs and uncertainty for American businesses.” 

  • It says a model law should forbid use or collection of medical, financial or biometric information without “a person’s explicit permission” — but it says nothing about other types of information.  

  • It says third-party data sharing, however, should not be outlawed so long as there are “enforceable contracts” between parties to make secure and lawful use of the data. 

  • Rather than creating a new regulatory agency, as some privacy advocates and legislators have urged, the group simply calls for strengthening the regulator hand of the Federal Trade Commission. 



Microsoft on privacy elements 

There is a recognized urgent need to curb excessive power in the digital economy. Longer term, the unsustainability of reducing people and the earth to resources for exploitation and

trading is becoming clear. We need now to seize the chance to harness the data and technology available for social and environmental good. In this way, Europe can aspire to sovereignty of values as well as of technology.

– Quoted from “Privacy 2030: A Vision for Europe,” by Omer Tene, at Page 27, released Nov. 20, 2019.


Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2019 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp