PRIVACY BEAT: Berners-Lee steps up to plate on data privacy with “Inrupt”

Privacy Beat

Your weekly privacy news update.

Berners-Lee steps up to plate on data privacy with “Inrupt”; IAB wants to re-architect, but is Apple at the table or in Cambridge at the W3C?

The man credited with inventing the World Wide Web — Sir Tim Berners-Lee, announced this week the management team of a Boston-based for-profit he’s formed to take his ideas for the future of data privacy out of the labs of MIT and elsewhere. He’s calling the new company “Inrupt” and it’s backed by Britain’s Octopus Ventures.

Berners-Lee began talking about the idea — dubbed “Solid” — in 2018 and last November, The Telegraph (U.K.) said the then-stealth Inrupt business would aim “to develop a new browser and software backbone of a new web that would prevent the likes of Facebook and Google from tracking people online.”

Then last week, Wired’s UK site had more details in a piece by K.G. Orphanides (see Quote of the Week, below), saying Berners-Lee’s goal is to change how we share data. Instead of a company storing personal data about you on its servers, the data would be in a personal data “pod” that the individual controls.

The concept is not new — it has been under discussion for years at the Berkman-Klein Center for Internet and Society at Harvard Law School under the Project VRM title and originated by “Doc” Searls. Two years ago, the non-profit Sovrin Foundation formed and took control of technology for creating “self-sovereign” data wallets and spun out a for-profit startup, Evernym Inc., to commercialize it.

Who controls user data is an urgent issue for advertisers, publishers and ad-tech companies because of Google’s announcement three weeks ago that it will act to disable third-party cookies in the Chrome browser within two years.

As a result, the Interactive Advertising Bureau — the trade group for ad tech, some publishers and brands — has announced “Project ReArc” to come up with cookie alternatives. IAB said it would bring together in a “great collaboration” governmental, and other industry/consumer organizations to create standards of behavior, codes of conduct, legal agreements, and enabling technologies to address consumer demands for harmonizing, personalization, and community.

At the same time, there is a Privacy Community Group at the World Wide Web Consortium (W3C) working. The W3C group includes Apple, Mozilla and Microsoft. Apple and Mozilla are not members of IAB. And since Apple’s Safari browser handles at least a third of open-web traffic, that’s important. The W3C group is focused on improving user privacy through enhanced browser software behavior.




Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


In ‘privacy paradox” paper, GWU expert argues regulations should specify how data is stored and used, not how consumers manage it

Why is it that people often say in surveys they are concerned about privacy, but they fail to take actions that prove it? George Washington University Law School professor and privacy expert Daniel J. Solove has proposed a framework for answering that question in a provocative draft white paper, “The Myth of the Privacy Paradox.” He writes about it on his blog.

Solove argues that the privacy paradox is a myth created by faulty logic. The behavior involved in privacy paradox studies typically involves people making decisions about risk in very specific contexts. But Solove says that isn’t the real world, where attitudes are much more general in nature. “It is a leap in logic,” he writes, “to generalize from people’s risk decisions involving specific personal data in specific contexts to reach broader conclusions about how people value their own privacy.”

Solove says regulations that force data handlers to give the public multiple privacy choices is sub-optimal because people are confused or unwilling to make the effort in a “vast, complex and never-ending project that does not scale.” The behaviors in privacy-paradox studies don’t lead to a conclusion for less regulation, he concludes. Instead, he says, regulation should focus “on regulating the architecture that structures the way information is used, maintained and transferred.”


Barr keynotes talk about amending Section 230 — could changes put liability for ‘fake’ info onto Facebook and YouTube?

For more than two decades, internet service providers, online services, social media and video platforms that post “user-generated content” (UGC) have been inoculated from U.S. legal liability for what those users write by a small part of the Communications Decency Act of 1996 — Section 230.  The section enabled the growth of free-wheeling comment — and commerce — from the web’s infancy until today. 

But now there is rumbling in Washington about whether Section 230 should be dissected, and platforms such as Facebook and YouTube handed legal liability for any provable lies or defamatory remarks that their services carry — as a newspaper or broadcaster must bear some legal liability for such misstatements in articles or letters to the editor.

It’s a hot-button issue for Silicon Valley business models build on being treated like a mere carrier — like a public utility — yet also not subject to price or other regulation like a public utility. And the general assumption is that curating or editing UGC would be super costly. The effect of Section 230 has been the subject of research by Public Knowledge and others, including the Berkman Klein Center at Harvard.  

“No longer are tech companies the underdog upstarts — they have become titans,” U.S. Atty. Gen. William Barr said in opening a Justice Department-sponsored event on Feb. 19:  “Section 230 — Nurturing Innovation or Fostering Unaccountability?””  (VIDEO OF BARR and panel discussions).

Since 1996, the Internet has evolved substantially, Barr said. “At that time almost 25 years ago, immunity was seen as vital to protecting new technology in its incipiency, Today, online platforms have become essential to Americans’ daily lives, often serving as the primary conduit for how we receive and share information.”  

Barr said the Trump administration does not have a position on changes to Section 230.  But he said there are valid questions about whether it’s broad immunity is still warranted.  Because they rely on advertising, the businesses of online platforms may not always align with the interests of consumers, he said. 



Advertiser spokesman reiterates concerns about CCPA in blog post; 

A key spokesman says advertisers are not happy with allowing consumers  to specify a a general privacy preference in their web-browsing software and have that apply to all their browsing. Dan Jaffe, EVP for government relations of the U.S.-based Association of National Advertisers, voiced the concern in a blog post this week.

Jaffe was comment on draft regulations implementing the California Consumer Privacy Act made public Feb. 10 by the state’s attorney general.  Public comments on the draft are due on Monday (Feb. 24). The regs say a global privacy setting must be interpreted to override a site-specific setting.

“The proposed mandated browser signal provisions would preclude consumers from making individual choices about data transfers by specific businesses, hindering the advertising community’s ability to market specifically to that consumer,” Jaffe writes.






Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


Two views about data — pods or platforms?

“Since 2015, Berners-Lee has been working on a new web infrastructure called Solid, which rethinks how web apps store and share personal data. Inrupt aims to drive the development of the Solid platform and transform it from an innovative idea to a viable platform for businesses and consumers …The big idea behind Solid is that, instead of a company storing all your personal data on their servers, you would keep it on your own personal data “pod”, located on a Solid server. You could run your own server or host it with a provider, much like a personal website. You could then give individual apps permission to read and write to your pod. When you want to stop using an app, you just revoke its access. The data remains on your pod, and businesses making apps never have to worry about storing it, deleting it, or making it easily exportable…Bruce and Berners-Lee aren’t waiting for the current generation of tech giants to switch to an open and decentralised model; Amazon and Facebook are unlikely to ever give up their user data caches. But they hope their alternative model will be adopted by an increasingly privacy-aware population of web users and the organisations that wish to cater to them.”

– Excerpts from K.G. Orphanides’ article at about Sir Tim Berners-Lee’s creating of a Boston-based for-profit, Inrupt, to develop his distributed, user-controlled data “pods” vision. 

“The strategy document lays out a number of concerns, problems and obstacles to achieving its vision. One theme that runs throughout is the need to create common interoperable data platforms offering small and medium enterprises (SMEs) access to a host of cloud services and advanced data processing capabilities. As the Commission sees the current state of the data environment as dominated by the big tech companies, it noted that such a high degree of market power can “enable large players to set the rules on the platform and unilaterally impose conditions for access and use of data.”  But what incentives would exist for companies to share certain data to an EU platform? The Commission states that organizations contributing data “would get a return in the form of increased access to data of other contributors, analytical results from the data pool, services such as predictive maintenance services, or licence fees.”

– Excerpt from attorney Jeffrey Neuburger’s Feb. 19 analysis of the European Commission’s “Strategy for Data” white paper.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp