PRIVACY BEAT: As Google and FB join browser makers, ad-tech and publishers, W3C now hosts key ideas forum on “cookies” and privacy

Privacy Beat

Your weekly privacy news update.


As Google and FB join browser makers, ad-tech and publishers, W3C now hosts key ideas forum on “cookies” and privacy

A decision by Google to officially join a World Wide Web Consortium (W3C) “interest group” on browser privacy this week means the group’s regular public meetings may be the dominant forum for deciding how the roles of advertising and privacy play out on the Internet. Since January, all the major web-browser software makers — except Google — have had representatives taking part in the every-other-week Zoom-in video sessions. This week, six “Googlers” joined in, as did a Facebook representative.

The W3C Privacy Community Group has 150 participants from 50 different organizations, universities and businesses, including the IAB Tech Lab (a major trade group for online advertising), as well as publisher interests such as The New York Times, Axel Springer, The Washington Post, Digital Content Next and the Local Media Consortium. Also joining Thursday’s discussion — a Facebook representative.

“I’m here because Google just joined and the Privacy CG is doing interesting stuff,” one of the “Googlers” said during Thursday’s video conference. 

The W3C group has under discussion a submission from Washington Post technologist Aram Zucker-Scharff proposing a standard method for browser software to send a “Do-No-Sell” signal (see story below); and a proposal from Apple’s John Wilander called “Bounce Tracking Protection.”  A focus of discussion on Wilander’s proposal was whether, if implemented, it would interfere with the function of federated Single Sign On services, when a consumer user can avoid having to re-login frequently to their preferred web service. Both James Hartig of Admiral Inc., and Kushal Dave, CTO and co-founder of Scroll Inc., raised questions about it. 

Thursday’s moderated, hour-long discussion first concerned a new proposal from British technologist Jack Frankland called “Registry of Businesses and Domain Name Ownership.”  Frankland is suggesting that some new entity manage a trusted list of domain-name owners that browser makers could consult when deciding whether to permit the sharing of individual user’s cross-site browsing activity. 

“I think this is a really interesting proposal,” said the Facebook participant. “I like the core idea of businesses making statements about which privacy statements they adhere to.” He encouraged the group to work on a standard for defining when contents of a stored cookie should be deleted by the browser software.

“I want to echo support for this,” said an engineer from Verizon, also participating. 


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

Judge cites “stunning” and “underhanded” behavior by Facebook in approving $5B Analytica settlement; questions application of law to data privacy

A federal judge appointed by Donald Trump used harsh language to describe alleged behavior by Facebook in the Cambridge Analytica privacy case, and warned he will re-open the case if the company fails to do as promised. One analyst said Facebook’s advertising practices were at issue.

Judge Timothy J. Kelly also said the settlement “calls into question the adequacy of laws governing how technology companies that collect and monetize Americans’ personal information must treat that information.”

Facebook reacted to the decision. 

“This agreement has already brought fundamental changes to our company and advances in how we protect people’s privacy beyond anything we’ve done before,” Michel Protti, Facebook’s chief privacy officer for product, said in a company blog post quoted by C|Net’s Carrie Mihalcik. “Most of all, it brings a new level of accountability and ensures that privacy is everyone’s responsibility at Facebook.” 

The settlement requires Facebook to establish a privacy committee of independent members to advise its board and submit to 20 years of U.S. Federal Trade Commission (FTC) oversight. The settlement was opposed by some advocacy groups. Writing on Gizmodo, tech reporter Soshana Wodinsky headlined the settlement a privacy “train wreck.” She wrote: “What the FTC did with its multibillion-dollar fine wasn’t shine a light on the advertising process, but encourage the company to push its most invasive advertising tools further down the black boxes of the ad-tech ecosystem and further out of the FTC’s line of sight.”

In his opinion issued on Thursday, US. District Judge Timothy J. Kelly’s wrote: “In the Court’s view, the unscrupulous way in which the United States alleges Facebook violated both the law and the administrative order is stunning.” (See QUOTE OF WEEK, below). 



Prominent data-security attorney predicts epic battle over any CCPA effort to enforce browser “Do-Not-Sell” signal

One of the nation’s most prominent privacy-data-security lawyers suggests in a blog post earlier this month that if California law imposes a requirement for advertising tech to honor a brower-sent “Do-Not-Sell” signal, it could be seen as “killing advertising as we know it.”  Attorney Theodore F. Claypoole asserts in his post, “Coming War: Will CCPA kill advertising as we know it?” — “A war is coming.” 

Claypoole heads the IP transactions and fin-tech committee’s of the Atlanta law firm where he’s a partner, Womble Bond Dickinson (US) LLP, and he has also been a co-chair of the American Bar Association’s cyberspace mobile commerce committee. Claypoole believes Google, Facebook and Amazon’s proxies “are starting to form battle lines” to take legal action if California Atty. Gen. Xavier Becerra enforces drag language interpreting the California Consumer Privacy to require adherence to browser-sent “Do-No-Sell” signals. A Wesleyan University professor is preparing to study useability questions around such a signal. 

Claypool says interpretation of “Do-Not-Sell” is the “first salvo” in a war over large privacy issues focused by the CCPA. 

“[T]he proposed regulations bring to a head the fight over complexity in consumer-privacy preferences,” says Claypoole. “The [advertising] industry has thrived for years by offering limited opt-out boxes and by interpreting consumer refusal preference narrowly. The new regs take this discussion in the opposite direction by assuming the broadest possible interpretation and backing it up with law enforcement.” 






Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


U.S. federal law should enshrine concept of privacy as a right when it comes to data, says de Mooy’s policy brief 

The U.S. Constitution does not explicitly include the concept of privacy as a fundamental human right, except within the Fourth Amendment. It’s time for a federal privacy law to enshrine a right of privacy around the collection, sharing and processing data, to put primary responsibility on data aggregators and users rather than merely obtaining “informed consent” from the individual. 

That’s the view of Michelle de Mooy, a technologist, longtime privacy researcher and former Center for Democracy & Technology staffer. She writes in a policy brief posted this week on the ITEGA website. It sets out 10 elements of effective privacy, and says a new law should be specific about: 

  • What protection of the right entails

  • How rights violators should be held accountable

A federal privacy law should, de Mooy writes, also establish moral guarantees, outside legislation, that speak to social norms around privacy. It should ensure that entities are charged with protecting a person’s intrinsic interest in privacy — online and offline. 

De Mooy concludes: “Adopting privacy as a human right can put a finger on the imbalance of protection in this country, righting the vast inequalities produced by spotty case law and an outdated legal regime, and offer a guidepost for new legislation that can keep pace with ever-evolving technology and public opinion.”




Ad-tech analyst suggest crisis for news industry could be the best time to experiment toward a privacy-first future

A collapse in advertising spend, disproportionately affecting the news-industry, may be the perfect time for experimentation, argues ad-tech expert commentator Ratko Vidakovic in his latest weekly emailed newsletter, “Ad-Profs.” The Toronto-based writer’s missive was so long this week that he broke it into two emails, in order to have enough room to cite all the deeply challenging data about advertising and publishers. 

But then in his wrap-up, he writes: “If anything, this crisis creates an opportunity for publishers, perhaps even an incentive, to evolve and experiment more with new technologies or approaches to monetization, in anticipation of a privacy-first future. If ad revenues are already down 30%-40%, maybe publishers will feel more free to explore new things.” 





Judge Kelly: ‘Stunning’ behavior alleged by Facebook in Analytica calls into question adequacy of tech laws

“Almost eight years ago, the Federal Trade Commission and Facebook agreed to settle allegations that Facebook’s information-sharing and privacy practices violated Section 5 of the Federal Trade Commission Act because they were unfair and deceptive. As part of that agreement, memorialized in an administrative order entered by the FTC, Facebook committed to maintaining a privacy program and to not misrepresenting the privacy protections it afforded its users. But according to the United States, Facebook did not keep its word, and over the next months and years it violated both the FTC Act and the order in many ways. Last year, the parties agreed to settle these fresh allegations about Facebook’s privacy practices…in the Court’s view, the unscrupulous way in which the United States alleges Facebook violated both the law and the administrative order is stunning. And these allegations, and the briefs of some amici, call into question the adequacy of laws governing how technology companies that collect and monetize Americans’ personal information must treat that information. But those concerns are largely for Congress; they are not relevant here. Mindful of its proper role, and especially considering the deference to which the Executive’s enforcement discretion is entitled, the Court will grant the consent motion and enter the order as proposed…In the event that the parties return to this Court because the United States alleges—once again—that Facebook has reneged on its promises and continued to violate the law or the terms of the amended administrative order, the Court may not apply quite the same deference to the terms of a proposed resolution.”

– U.S. District Judge Timothy J. Kelly, writing in his opinion and order April 23, 2020 approving a $5B settlement between the FTC and Facebook over allegations in the Cambridge-Analytica episode compromising the data of 87 million people.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp