PRIVACY BEAT: interest grows in W3C discussions around browser and web privacy

Privacy Beat

Your weekly privacy news update.

VIEW IN YOUR BROWSER

Apple’s Wilander details Safari’s jump past Google Chrome in blocking third-party cookies; interest grows in W3C discussions around browser and web privacy

A key technical discussion seeking to incubate privacy-focused web features gained new members and took up a new initiative during an open webinar meeting this week.

The World Wide Web Consortium’s (W3C) “privacy community group” swelled to at least 117 participants and two representatives of Facebook joined, leaving Google as the only major web platform not yet visibly involved in efforts to curb the activity “tracking” of web users without their permission.

The focus of the Wednesday video call-in was an announcement the day before by Apple Computer’s John Wilander, in a blog post entitled “Full Third-Party Blocking and More.” He said the latest release of Apple’s Safari browser now blocks so-called “third-party cookies” — a key feature enabling the current digital-advertising ecosystem. Google has said its Chrome browser will do the same, but it may take up to two years to do so.

Wilander was on Wednesday’s call to answer questions about Apple’s latest privacy move, which he characterized as an effort to “defend the web platform” rather than proprietary networks. Wilander expressed some caution about revealing additional planned moves by Apple, saying that could tip off developers who work for “tracking” companies to advance workarounds. He said such developers were “working against the goals of privacy on the web or [against] tracking protection.”

Google’s third-party cookie phase out is nuanced. “As you know, we’ve committed to only phasing out support for third-party cookies once the needs of users and sites (including publishers and advertisers) are addressed,” Google’s Marshall Vale, a product manager for the Chrome browser, writes in a W3C list post on March 26, also reported by AdExchanger.

The new initiative was advanced by three engineers at Brave Inc., a three-year-old web browser maker started by an ex-Mozilla engineer. They propose a method to give trusted agents a way to store information about a user in a web browser and make certain it can’t be accessed for a rogue purpose by someone else. It’s called “JS Isolation via Origin Labels and Membranes.”

Browser makers Mozilla (Firefox) and Microsoft (Edge) co-created the privacy interest group but they have been joined by other tech companies, including Apple (Safari) and Brave. Also joining the calls have been Salesforce, Amazon, Verizon Media and, this week, two Facebook representatives. Media organizations are trickling in — now including Axel Springer, The Washington Post and the New York Times. Participating, but not on Wednesday’s call, are the Interactive Advertising Bureau and the Local Media Consortium.

Separately, Google has been shepherding discussion about third party cookies on the independent Chromium blog and via a separate W3C “Improving Web Advertising Business Group.” DigiDay’s Lara O’Reilly wrote about the ad group on Jan. 29.

RELATED LINKS

Apple updates Safari’s anti-tracking tech with full third-party cookie blocking | Nick Statt, The Verge
Safari Is Now the Best Browser for Blocking Third-Party Tracking | Brendan Hesse, Life Hacker
Mozilla launches Firefox Better Web extension powered by Scroll’s ad-free subscription service | Zach Laidlaw, Android Police
Safari now blocks all third-party cookies by default | Jon Fingas, Engadget
Full Third-Party Cookie Blocking and More | John Wilander, Webkit
Apple updates Safari’s anti-tracking tech with full third-party cookie blocking | Nick Statt, The Verge
https://www.businessinsider.com/what-google-third-party-cookies-end-means-for-advertising-2020-2 | Lucia Moses and Lauren Johnson, Business Insider

Does your organization need customized privacy compliance solutions? ITEGA can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

ADVERTISING TECH

A likely near future for web ads and quality publishers? An updating of “Single Sign On” is suggested

Tech blogger Don Marti, most recently with Mozilla and now heading up his own Aloodo Project, has been following closely the effects of advertising technology on quality news publishers. On his blog this week, he explains why a mature technology called “Single Sign On” may hold some promise.

Until decisions by Apple, and eventually Google, (see related item above) to cut off the third-party cookie system of advertising targeting, SSO was used for things like allowing academics to log in when visiting some other university than their home base. And a version of it makes it possible for you to use your cable account to watch streaming video entertainment on the web.

But Marti says in his blog that new versions of SSO may be used to create trusted networks sharing user information, and those networks could also be the basis for a new kind of ad targeting. The result, he proposes, is an increase in market power for publishers as compared to the third-party cookie-driven system in place now. The blog post contains related links.

FULL DISCLOSURE: Marti has also been serving as a technical advisor to ITEGA, which produces “Privacy Beat” each week.

Vidakovic asks: Will ad tech solutions for replacing third-party cookie break things, including privacy?

Toronto-based consultant Ratko Vidakovic frequently analyzes the ad tech scene in a widely circulated weekly email newsletter, AdProfs, that he doesn’t put on the web. His March 24 edition comments on reporter Sarah Sluis’ March 6 AdExchanger story, “Publishers Are Wary of New Tech That Wants to Use Their First-Party Cookies.”

Here’s what Vidakovic writes:

“Ad tech companies are increasingly pitching publishers on solutions that mitigate dependency on third-party cookies. These solutions are framed as a way for publishers to retain their programmatic revenues. However, these solutions often require some technical integration, whether by adding code to sites or making DNS changes, like adding CNAME entries for the ad tech vendor.

“This raises a number of questions and concerns from publishers: (1) Is the “solution” just a temporary workaround, or is it something sustainable? Is there a risk that browsers could break the solution? (2) Will the proposed solution have any negative impact on site speed, user experience, or security? (3) Is the solution privacy compliant? What are the legal risks of implementing the solution? (4) Does it make sense from a long-term strategic perspective? Does it contribute to the publisher’s overall strategy or detract from it?”

MORE ON AD TECH

The new contextual ad targetting works, study says | Ginny Marvin, SearchEngineLand.com
News sites lose revenue as brands blocks ads near “coronavirus” coverage | Craig Silverman, BuzzFeed.com
Publishers Are Wary Of New Tech That Wants To Use Their First-Party Cookies | Sarah Sluis, AdExchange
What industry utilizes the most advertising cookies? | Bryan Cave Leighton Paisner LLP
DTC brands are tightening up how much they spend on digital advertising | Anna Hensel, Digiday
Why Google’s decision to withhold programmatic data is pushing some advertisers to pull ad spending | Seb Joseph, Digiday

The new contextual ad targeting works, study says | Ginny Marvin, Martech Today

CCPA WEEK 13

Wesleyan professor exploring whether browser software sending “do not sell” signal must be honored by websites

A Wesleyan University computer scientist and his students are researching software implementations of the California Consumer Privacy Act (CCPA). In a web posting, Prof. Sebastian Zimmeck says they are particularly interested in how web browsers convey a user’s desire not to have their personal information “sold.”

A provision of the CCPA requires that if a web site is told by a user “do not sell my information” they must respect that request. There is debate over what the word “sell” implies, and discussion about how the site receives the user’s intent. Zimmeck is seeking discussion about what would happen if web browser software standardized transmission of a “Do Not Sell” order from the user and whether the CCPA would compel websites to respect that request.

You can read Zimmeck’s query to the W3C’s Privacy Community Group. One response suggested Zimmeck look at the work being done by a working group of the Interactive Advertising Bureau’s Tech Lab on signal specifications. Another is from an engineer affiliated with The Washington Post.

CCPA AND THE LAW

And So It Begins: The First CCPA Class Action | Crowell Moring
How much time does a company have to respond to an access request? | David Zetoony, JD Supra

Former Patient Brings Class Action Against Rehab Center Under CCPA’s Private Right of Action | Thora Johnson, Jami Mills Vibbert, Alexander Altman and Sheena Thomas, Healthcare Stat
New Revisions to the CCPA Draft Implementing Regulations: Key Updates for Businesses – Connect On Tech | Brian Hengesbaugh et al., BakerMcKenzie law firm
Is transaction data have to be part of a CCPA response? | Bryan Cave Leighton Paisner LLP

PERSONAL PRIVACY

Locked-down lawyers warned Alexa is hearing confidential calls | Jonathan Browning and Crystal Tse, Seattle Times
Book Review: The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power | Tim Wu, NY Books

COVID-19 AND PRIVACY

In the battle against coronavirus, personal privacy is at risk | Rishi Iyengar, CNN
Translating a Surveillance Tool into a Virus Tracker for Democracies | Jennifer Valentino-DeVries, New York Times
Covid-19 Spurs Facial Recognition Tracking, Privacy Fears | Lindsey O’Donnell, Threat Post
Privacy Crisis: Does Personal Privacy Matter During a Pandemic? | Amy Leopard, Jordan Stivers Luke, Erin Jane Illman, Christian Hancock and E. Tyler Samsing, Bradley
How COVID-19 may further erode our digital privacy | Alexander Howard and Molly Wood, Marketplace
Coronavirus pandemic changes how your privacy is protected | Alfred Ng, CNET

COVID AND SURVEILLANCE

UK telecom operators to share citizens’ location data with the government | Jay Jay, Teiss
How Surveillance Could Save Lives Amid a Public Health Crisis | Sidney Fussell, Wired
Europe eyes smartphone location data to slow virus spread | PBS News Hour
As Coronavirus Surveillance Escalates, Personal Privacy Plummets | Natasha Singer and Choe Sang-Hun, New York Times
Smartphones could help us track the coronavirus – but at what cost? | John Naughton, The Guardian
OPINION: Don’t let constitutional rights be a virus victim | Caroline Fredrickson, Washington Post
Big tech companies must protect customer data from legal backdoors | Privacy International

HOMEWORK AND PRIVACY

Zoom’s A Lifeline During COVID-19: This Is Why It’s Also A Privacy Risk | Kate O’Flaherty, Forbes
Is Zoom oversharing with Facebook? | Motherboard
Working from Home? Here are 12 Steps to Reduce Data Privacy and Security Risk | Ronak Chokhani, Hunter Ferguson and Jon Washburn, JD Supra
Working From Home: the Data Privacy Risks You Are Not Thinking About | David Saunders and Kelly Hagedorn, Lexology
Protecting Privacy in Virtual Meetings | Akin Gump

WASHINGTON WATCH

Senator Moran Introduces Consumer Data Privacy and Security Act | Hunton Andrews Kurth LLP
Washington State Considers Consumer Privacy Bill with Controversial Enforcement Provision | Maya Atrakchi and Jason Gavejian, Lexology
Where Does Encryption Fit in Privacy Regulations? | Anas Baig, CMS Wire

STATEHOUSE WATCH

Vermont enacts data privacy and consumer protections | Buckley
Maryland Passes Digital Advertising Service Tax | Eversheds Sutherland
Washington Privacy Act Fails To Pass Legislature, But Signs Point To Continued Push In 2021 | Andrew Crane, Fisher Phillips

GDPR AND PRIVACY

Brave New World: Browser Challenging Google for the Future of Privacy | Shiraz Jagati, CoinTelegraph
European data protection in times of a pandemic | Martin Braun et al., WilmerHale

BUSINESS OF PRIVACY

DataGuard, which provides GDPR and privacy compliance-as-a-service, raises $20M | Ingrid Lunden, TechCrunch

NEWS AND TRUST RESEARCH

Researcher assesses public mistrust of journalism over virus coverage | Jacob Nelson, Arizona State Univ., via The Conversation
Social-media news consumers say they encounter made-up news | Mark Jurkowitz and Amy Mitchell, Pew Research Center/

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

QUOTE OF THE WEEK

Predicting a post-cookie future for web advertising

“One possible future for post-cookie web advertising is going to work something like this: if you’re signed in to a site, you’re going to get something pretty close to adtech as usual, except limited to the group of sites where you’re willing to sign in. So if two publishers can both use a registration wall to get your email (or SSO that maps to your email, which is basically the same thing) then the same ads will “follow” you across both those sites, and you’ll see ads targeted based on loyalty programs you opt into…This means an increase in market power for publishers from the conventional third-party cookie, because crappy and fraudulent sites will have a hard time getting your email or SSO. For advertisers, the game of tag, trying to get ads in front of specific people, continues, except that the boundaries for the game are brought in to include only sites that can get people past the reg wall…On sites where you’re not signed in, you’re going to get ads for miracle fungus cures, predatory finance schemes, and other bottom-feeder stuff—unless you’re running a browser with built-in targeting/atribution (the stuff being discussed at W3C’s advertising business group) and leave it turned on.”

– Excerpted from “A Likely Near Future for Web Ads,” posted March 25 at the blog Aloodo.org by Don Marti (see item above).

ABOUT PRIVACY BEAT

Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.

Forward

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.