PRIVACY BEAT: Browser-software makers hear plea for more public involvement as they consider privacy-enhancing proposals

Privacy Beat

Your weekly privacy news update.



Browser-software makers hear plea for more public involvement as they consider privacy-enhancing proposals

The companies that build web-browser software were talking among each other this week at a new World Wide Web Consortium (W3C)  “Privacy Community Group” virtual meetup — and their leadership issued a plea for more public involvement. 

“We would like to encourage feedback from non-browser participants,” said the W3C group’s co-chair, Tanvi Vyas of Mozilla Inc., maker of the Firefox browser. “That is helpful to get a real-world perspective on some of the things we are putting out there.”

The W3C is a nonprofit organization supported by members which has a 30-year history of proposing and sometimes publishing open standards for how the Internet works. Its deliberations are generally public, including, for example, the agenda and also the minutes of the Feb. 27 meeting.

The charter of the Privacy Community Group is to talk about standards for how browsers handle privacy.  Meetings are announced in advance and generally conducted by web video conference, as was the Feb. 27 meeting. 

Representatives of Apple and Microsoft, which also make browsers, were on the conference, as was a Washington Post-affiliated technologist, Aram Zucker-Scharff. The Apple representative, John Wilander, proposed a system for “bounce tracking protection.” 

An idea for “pop-up tracking protection” was proposed by another participant, Jack Frankland from Codeplay Software Ltd., an artificial-intelligence firm. Commenting on Frankland’s proposal was James Hartig, co-founder of Admiral, an ad-blocking solutions and related software and service provider to the news industry.

Brave Software’s Peter Snyder proposed a method for controlling when data users who have a “first-party” relationship with an end-user can get access to their data within the browser. Another Brave engineer proposed “fingerprinting resistance.”


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

Berners-Lee proposes “your pod” — global identity and access control — in key speech at Knight Media Forum

Plans to remake the Internet — by offering users a globally unique identifier and “global access control” over who gets to use their personal data “pod” contents — were outlined by Tim Berners-Lee in a speech this week at the Knight Media Forum.

Berners-Lee, who invented hyper-text transfer protocol (HTTP), the core technology of the World Wide Web, spoke to the conference in Miami, days after announcing a team of five noted engineers and Internet leaders had joined his for-profit Inrupt Inc. startup.

Inrupt will use open-source technology developed by Berners-Lee’s MIT-based research project, called “Solid.”  It comes at a time when the digital advertising industry is in flux because the key tool it has used for two decades to track the identity of individuals — the “third-party cookie” is under attack by privacy advocates, emerging regulations and by plans by web-browser makers to abandon it. 

Berners-Lee’s Solid ideas have been in incubation for several years, but reached sort of a turning point last week with the hiring of web encryption-and-privacy expert Bruce Schneier in a key technical role, and announcement of venture funding.  

“For the world to experience the true value of the web we’re building, we must address the vital issues related to privacy, trust and security,” Berners-Lee blogged last week.

Schneier said Inrupt will be building off a public specification called the  “Resource Description Framework”  data-interchange model that handles things like authentication, authorization and access control. “Your data lives in a pod that is controlled by you,” Schneier wrote in another blog post.  “Data generated by your things – your computer, your phone, your IoT whatever – is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want.”  (See Quote of the Week, below, for more)

Researchers have struggled for many years to fashion a vision and solutions to web identity and data control that would disrupt the emerging power of platforms such as Google, Facebook, Amazon and others to control and use information gathered about users.  Some reports about Inrupt, also referenced the Data Transfer Project, a collaborative involving Apple, Google, Facebook, Microsoft and Twitter to make personal data more portable among the platforms.


FCC may fine carriers $200M for illegally sharing phone location data — but is that enough?

How much of a fine would it take for a major phone carrier to be deterred from mining personal data? The U.S. Federal Communications Commission proposed $200M worth of fines for AT&T, Verizon, Sprint and T-Mobile for improperly handling location data, including not alerting customers their location data was being sold and later abused.  T-Mobile said it would fight the fines if they become final. The news prompted questions and commentary on Twitter.

“ …[S]o the cost of being tracked everywhere you go and having that data sold to bounty hunters and landlords by corporations worth billions and billions of dollars is less than $1 per person,” tweeted Jason Koebler, editor-in-chief of Motherboard and an editorial director at Vice.

 “[I]t sure seems like if you fine giant conglomerates paltry amounts for flagrantly breaking the law and putting people’s lives at risk, they have a pretty good reason to think that breaking the law will work out ok for them next time,” tweeted Lindsey Barrett, a staff attorney and fellow Georgetown University’s IPRO tech clinic.





California’s attorney general sides with Democrats in urging Congress not to override state privacy laws

California Attorney General Xavier Becerra fired off a letter this week to four Congressional leaders considering digital privacy legislation discouraging them from trying to override the California Consumer Privacy Act (CCPA), or block citizens from being able to sue over privacy abuses. 

In so doing, he adopted the two positions of key Democrats in Congress who have said they won’t vote for “federal pre-emption” of state privacy laws or a major limitation of the private right to sue. The view is opposed by most advertising and business interests, which want one U.S. law governing privacy and for privacy lawsuits to generally only be allowed to be brought by regulators.

““I am optimistic Congress will be able to craft a proposal…looking to state law as providing a floor for privacy protections, rather than a ceiling,” Becerra said in his letter. He called for federal law guaranteeing:

  • The right to access, correct, and delete personal data that has been collected; 

  • The right to minimize data collection, processing, and retention; 

  • The right to data portability among services; and 

  • The right to know what data is collected and processed and for what reason

In a related story, AdExchanger reporter Allison Schiff sifted through some of the comments posted to the California’s AG’s website by a Tuesday comment deadline for draft CCPA enforcement regulations and here is what she wrote:

“Privacy advocates, such as the Electronic Frontier Foundation, think the California attorney general is watering down the law, while ad industry reps, such as the Association of National Advertisers (ANA), don’t think the AG is doing enough to amend it.”






Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


You may hand over control of your data “pod” to the same platform companies that exist today — like Google

“The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things — your computer, your phone, your IoT whatever — is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It’s yours. If you want your insurance company to have access to your fitness data, you grant it through your pod. If you want your friends to have access to your vacation photos, you grant it through your pod. If you want your thermostat to share data with your air conditioner, you give both of them access through your pod.

“The ideal would be for this to be completely distributed. Everyone’s pod would be on a computer they own, running on their network. But that’s not how it’s likely to be in real life. Just as you can theoretically run your own email server but in reality you outsource it to Google or whoever, you are likely to outsource your pod to those same sets of companies. But maybe pods will come standard issue in home routers. Even if you do hand your pod over to some company, it’ll be like letting them host your domain name or manage your cell phone number. If you don’t like what they’re doing, you can always move your pod — just like you can take your cell phone number and move to a different carrier. This will give users a lot more power.”

– Cryptologist and privacy pioneer Bruce Schneier, in a Feb. 21, 2020 blog posting about his new role at Tim Berners-Lee’s startup, Inrupt Inc.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp