As Google and FB join browser makers, ad-tech and publishers, W3C now hosts key ideas forum on “cookies” and privacy

A decision by Google to officially join a World Wide Web Consortium (W3C) “interest group” on browser privacy this week means the group’s regular public meetings may be the dominant forum for deciding how the roles of advertising and privacy play out on the Internet. Since January, all the major web-browser software makers — except Google — have had representatives taking part in the every-other-week Zoom-in video sessions. This week, six “Googlers” joined in, as did a Facebook representative.

The W3C Privacy Community Group has 150 participants from 50 different organizations, universities and businesses, including the IAB Tech Lab (a major trade group for online advertising), as well as publisher interests such as The New York Times, Axel Springer, The Washington Post, Digital Content Next and the Local Media Consortium. Also joining Thursday’s discussion — a Facebook representative.

“I’m here because Google just joined and the Privacy CG is doing interesting stuff,” one of the “Googlers” said during Thursday’s video conference. 

The W3C group has under discussion a submission from Washington Post technologist Aram Zucker-Scharff proposing a standard method for browser software to send a “Do-No-Sell” signal (see story below); and a proposal from Apple’s John Wilander called “Bounce Tracking Protection.”  A focus of discussion on Wilander’s proposal was whether, if implemented, it would interfere with the function of federated Single Sign On services, when a consumer user can avoid having to re-login frequently to their preferred web service. Both James Hartig of Admiral Inc., and Kushal Dave, CTO and co-founder of Scroll Inc., raised questions about it. 

Thursday’s moderated, hour-long discussion first concerned a new proposal from British technologist Jack Frankland called “Registry of Businesses and Domain Name Ownership.”  Frankland is suggesting that some new entity manage a trusted list of domain-name owners that browser makers could consult when deciding whether to permit the sharing of individual user’s cross-site browsing activity. 

“I think this is a really interesting proposal,” said the Facebook participant. “I like the core idea of businesses making statements about which privacy statements they adhere to.” He encouraged the group to work on a standard for defining when contents of a stored cookie should be deleted by the browser software.

“I want to echo support for this,” said an engineer from Verizon, also participating. 

ADVERTISING TECH

• Why contextual targeting is the future of digital advertising |  Phil Schraeder, AdAge

• Mozilla browser tightens noose on cookies with “first-party isolation” feature | Martin Brinkmann, GHacks.net

• UPDATE: The Company Running An Oregon Online Coronavirus Symptom Tracker Now Says It Won’t Sell Your Data To Advertisers | Caroline Haskins, Buzzfeed News

• Jebbit Releases Third Consumer Data Trust Index Indicating Continued Declining Trust in World’s Leading Brands | Jebbit

• The Trade Desk Asks SSPs for a Single Supply Path to Publisher Inventory | Ronan Shields, AdWeek

• Why Advertisers Shouldn’t Dismiss COVID-19 News | Rob Williams, MediaPost

• Context & Audiences, Targeting In Tandem: Comscore’s Gantz | Beet

Judge cites “stunning” and “underhanded” behavior by Facebook in approving $5B Analytica settlement; questions application of law to data privacy

A federal judge appointed by Donald Trump used harsh language to describe alleged behavior by Facebook in the Cambridge Analytica privacy case, and warned he will re-open the case if the company fails to do as promised. One analyst said Facebook’s advertising practices were at issue.

Judge Timothy J. Kelly also said the settlement “calls into question the adequacy of laws governing how technology companies that collect and monetize Americans’ personal information must treat that information.”

Facebook reacted to the decision. 

“This agreement has already brought fundamental changes to our company and advances in how we protect people’s privacy beyond anything we’ve done before,” Michel Protti, Facebook’s chief privacy officer for product, said in a company blog post quoted by C|Net’s Carrie Mihalcik. “Most of all, it brings a new level of accountability and ensures that privacy is everyone’s responsibility at Facebook.” 

The settlement requires Facebook to establish a privacy committee of independent members to advise its board and submit to 20 years of U.S. Federal Trade Commission (FTC) oversight. The settlement was opposed by some advocacy groups. Writing on Gizmodo, tech reporter Soshana Wodinsky headlined the settlement a privacy “train wreck.” She wrote: “What the FTC did with its multibillion-dollar fine wasn’t shine a light on the advertising process, but encourage the company to push its most invasive advertising tools further down the black boxes of the ad-tech ecosystem and further out of the FTC’s line of sight.”

In his opinion issued on Thursday, US. District Judge Timothy J. Kelly’s wrote: “In the Court’s view, the unscrupulous way in which the United States alleges Facebook violated both the law and the administrative order is stunning.” (See QUOTE OF WEEK, below). 

PRIVACY AND BUSINESS

• Judge approves $5 billion Facebook-FTC settlement over Cambridge Analytica | Chris Mills Rodrigo, The Hill

• U.S.  judge calls Facebook privacy behavior “stunning” and “underhanded” in approving $5B FTC settlement | EPIC 

• Judge Warns Facebook in Approving Record $5B Fine for Alleged Privacy Violations | Jacqueline Thomsen, Law.com

• Privacy startup Jumbo offers privacy for $3/month | David Ingram, NBC News 

• Investors with US$5 trillion call on governments to institute mandatory human rights due diligence measures for companies | Investors Alliance for Human Rights

• Equifax Agrees to 19.5 Million Dollar Settlement with Indiana Attorney General in Connection with 2017 Data Breach | Hunton Privacy Blog

• Dutch DPA fines tennis association $525K Euros vor GDPR violation | Wouter Seinen & Remke Scheepstra, BakerMcKenzie law firm

• AG Maura Healey: Equifax To Pay $18M After Data Breach | CBS Boston

• Digital identity management firm ForgeRock raises $93.5m | Kelly Earley, Silicon Republic

• How Data Trusts May Help Businesses Manage Data Sharing | Richard Kemp, Kemp IT Law

• Whole Foods Tracks Unionization Risk with Heat Map | Hayley Peterson, Business Insider

• Israeli open-source HaMagen app checks against government data | Sara Toth Stub, USNews.com 

CCPA — WEEK SEVENTEEN

Prominent data-security attorney predicts epic battle over any CCPA effort to enforce browser “Do-Not-Sell” signal

One of the nation’s most prominent privacy-data-security lawyers suggests in a blog post earlier this month that if California law imposes a requirement for advertising tech to honor a brower-sent “Do-Not-Sell” signal, it could be seen as “killing advertising as we know it.”  Attorney Theodore F. Claypoole asserts in his post, “Coming War: Will CCPA kill advertising as we know it?” — “A war is coming.” 

Claypoole heads the IP transactions and fin-tech committee’s of the Atlanta law firm where he’s a partner, Womble Bond Dickinson (US) LLP, and he has also been a co-chair of the American Bar Association’s cyberspace mobile commerce committee. Claypoole believes Google, Facebook and Amazon’s proxies “are starting to form battle lines” to take legal action if California Atty. Gen. Xavier Becerra enforces drag language interpreting the California Consumer Privacy to require adherence to browser-sent “Do-No-Sell” signals. A Wesleyan University professor is preparing to study useability questions around such a signal. 

Claypool says interpretation of “Do-Not-Sell” is the “first salvo” in a war over large privacy issues focused by the CCPA. 

“[T]he proposed regulations bring to a head the fight over complexity in consumer-privacy preferences,” says Claypoole. “The [advertising] industry has thrived for years by offering limited opt-out boxes and by interpreting consumer refusal preference narrowly. The new regs take this discussion in the opposite direction by assuming the broadest possible interpretation and backing it up with law enforcement.” 

MORE ON CCPA  

• CCPA and Future Data Regulation Compliance | Dave Brunswick, MarTech

• Is the California Attorney General Delaying or Loosening Enforcement of the CCPA? | Andrea Maciejewski, Bryan Cave Leighton Paisner law firm 

• California moves forward with CCPA enforcement | Austin Smith, Davis Wright Tremaine LLP