PRIVACY BEAT: Mozilla said to be planning to block “DigiTrust,” dashing hopes for web identity not controlled by FB or Google


Privacy Beat

Your weekly privacy news update.

1. Mozilla said to be planning to block “DigiTrust,” complicating hopes for web identity not controlled by FB or Google

The ad-tech industry got bad news this week in its effort to control a new approach to user tracking.

The Mozilla browser maker is reportedly ready to start blocking the DigiTrust tracking technology deployed by the Interactive Advertising Bureau (IAB), according to a story by DigiDay’s Lara O’Reilly. DigiTrust began as an initiative of a consortium of ad-tech firms. But it floundered and was acquired by IAB.

A key ad-ecosystem executive says he expects that Google will also block the “DigiTrust” cookie effort sometime in February. Meanwhile, two other efforts to assemble a common user-tracking system are in use — but each is controlled by a private ad-tech company — TradeDesk and LiveRamp.

The lack of a universal identity system leaves Facebook and Google dominating identity, through Facebook Connect and Google Accounts. And that creates a challenge for news publishers to target quality advertising without having to go through the two platforms.

The Local Media Consortium has been working with the Information Trust Exchange Governing Association to create a federated single-sign-on system that would also function as an identity-management platform.  It would be governed by ITEGA, however, which is a 501(c)3 nonprofit, similar to the Internet Corp. for Assigned Names and Numbers (ICANN) which governs domain-name registries.


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

2. Democrats appear to prevaricate on CCPA pre-emption as they ready for Dec. 4 hearing on privacy measures

Four Democrat members of the Senate Commerce Committee, gearing up for a Dec. 4 hearing on federal privacy legislation, unveiled a 58-page proposal that appears to muddy the waters on whether they are willing to see the California Consumer Privacy Act undercut.

Sens. Maria Cantwell, Brian Schatz, Amy Klobuchar and Edward Markey introduced the “Consumer Online Privacy Rights Act (COPRA).  In one respect, the bill challenges the positions of Republicans and much of the advertising technology industry, including major platforms like Google and Facebook — and is patterned after the CCPA. In another respect, it sides with industry. In a third respect, it prevaricates.

The language may be a placeholder for negotiation with industry and Republicans. The Interactive Advertising Bureau, which represents the ad-tech industry and some publishers, released a short statement lacking any clear support for the measure but offering to negotiate with the Democrats and others.

Democrats provided a one-page summary of the 58-page bill’s provisions.

  • First, it would explicitly allow consumers to bring their own privacy lawsuits, a feature that is bitterly opposed by Silicon Valley because of the perceived legal liabilities which could result. In a negotiated agreement, the CCPA prohibits private lawsuits in other than data-breach cases, putting the enforcement load on the state’s attorney general.

  • Second, it would make the Federal Trade Commission the lead enforcer of new federal online data privacy law. Privacy advocates have sought an independent data-privacy authority, similar to most European Union countries because they fear the FTC will not have enough staff for aggressive enforcement. The Industry wants the FTC in charge.

  • But on the most controversial matter — whether new federal law would pre-empt state privacy laws — the bill appears at pages 56-58 to straddle the fence. On the one hand, it flatly states that a law using COPRA’s language may not supersede a state law which “affords a greater level of protection to individuals protected under this Act. ”However, there is no definition of “level of protection.”  The language specifies areas of law COPRA will not supersede — but none clearly maps to CCPA. Except in those two instances, the language says COPRA “shall supersede any State law…“

Wednesday’s hearing begins at 10 a.m. and will be streamed live. The GOP majority says it will cover how legislative proposals intend to provide consumers with more security, transparency, choice, and control over personal information both online and offline. The members will also discuss proposals that provide the Federal Trade Commission with more resources and authority to oversee business data practices in the marketplace.

Introduction of the Cantwell-Markey-Klobuchar-Schatz proposition caps months of behind-the-scenes work by Senate staffers which have been described as collaborative and in some cases bipartisan, but the political fault lines are not yet sorted out or cleared. It provides starter language for debate, however.  Along with the bill introduction came an 11-page “report” from Cantwell’s office outlining digital-privacy challenges.

In the House, there’s also the proposed Online Privacy Act, which was recently floated by California Democratic Reps. Anna Eshoo and Zoe Lofgren.


3. Green icon: First peek at “opt-out” ecosystem advertisers want publishers and third-party data users to adopt

Start looking for a text link and new green icon (shown above), if you live in California or go to a California-based website after Jan. 1.

A trade group representing the largest U.S.-based advertisers and agencies unveiled this week (Nov. 25) their “roadmap” effort to help publishers and third-party data users comply with the California Consumer Privacy Act (CCPA) by telling consumers how they can forbid use of their personal data for ad tracking.

Calling the the digital-advertising ecosystem “incredibly complicated and interconnected,” a lawyer for the Digital Advertising Alliance (DAA) said its key effort — a recognizable icon that will direct users to a location where they can opt-out of use of their personal data — begins a multi-week rollout of tools, guidelines and tech specifications to comply with the CCPA.

“These tools create a simple and recognizable mechanism for consumers to express their opt-out rights under the CCPA for the sale of data collected not only on any individual site but also across sites served by third parties in the digital ecosystem that participate in the DAA tool,” said Lou Mastria, DAA’s executive director.

4. U.S. law schools urged to step up teaching of privacy law because of its impact on the ‘digital revolution’

Nearly 50 lawyers — professors and practitioners — have penned a letter urging U.S. law schools to accelerate teaching of privacy law, saying it touches multiple aspects of the field and offers “boundless job opportunities” for graduates.

Most U.S. law schools lack a course on privacy law, Daniel Solove, of George Washington University Law School, observed in a blog post highlighting and linking to the letter.

“Privacy has become one of the principal frames that the law (and legal practice) have used to grapple with the digital revolution and the opportunities and threats it has presented for every consumer of legal services in the world,” says the open letter dated Nov. 11.

Domestically, privacy law encompasses constitutional and tort law, more than 30 federal laws, and thousands of state laws, the letter continues. “Internationally, 57% of countries have comprehensive privacy laws, and many countries have numerous narrower privacy laws.”

As privacy has moved to the forefront of the news, many foundations and large companies are eager to fund scholarships, conferences, and student education in privacy law, the letter says, adding that there are a significant number of NSF and private foundation grants for research on privacy issues.

5. A layman’s description of privacy and third-party cookies tweeted by computer scientist 

Serge Engelman has a Ph.D. in computer science from Carnegie-Mellon University and is research director of usable securitya nd privacy at the International Computer Science Institute at UC-Berkeley.
In an effort to simplify discussion about third-party cookies and privacy, Engelman took to Twitter this week to author a 37-tweet sequence explaining how such cookies work.  Here’s the link to read it:

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


For some consumers, it can feel creepy, invasive, or alarming. Consumers likely would not be surprised to know that the current legal framework does little to prevent companies from collecting or selling the data that enables these advertisements or the online profiles that are created. Advertisers and marketers are finding more ways to reach consumers using their personal information and data to target ads specifically to individual users. The majority of Americans are aware that their digital identity is being tracked, but many are unaware of the extent.

– Excerpt from “The State of Online Privacy and Data Security”, released Nov. 26 by the office of U.S. Sen. Maria Cantwell, D-Wash.





Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2019 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp