VIEW IN YOUR BROWSER

Harvard researcher’s book seeks Facebook, Google breakup on privacy and democracy grounds; privacy activists support new law and “microtargetting” ad ban 

In a book released this week, an academic dialogue, and in a letter to Congress, a Harvard University web researcher argues the advertising and data business models of Facebook and Google harm democracy and diminish individual rights to data and privacy.

The companies should be dismembered by antitrust enforcement, says Dipayan Ghosh, the Harvard research who is a former Facebook staffer and policy advisor to the Obama White House. He now runs the Digital Platforms and Democracy Project at Harvard and is author of the book, “Terms of Disservice; How Silicon Valley is Destructive by Design.”

Ghosh, along with a virtual who’s who of privacy advocates — individuals, academics and organizations — were cited by U.S. Rep. Anna G. Eshoo, D-Calif., as supporting a bill she’s filed that would ban demographic “microtargeting” of political advertisements by Internet platforms and others.

Meanwhile, a white paper funded by a project of the nonprofit New America Foundation, entitled: “Getting to the Source of Infodemics: It’s the Business Model,” argues the surveillance business model is a challenge to democracy. In a report summary, authors Nathalie Marechal and Ellery Roberts of Ranking Digital Rights call for federal privacy law to protect people from harmful effects of targeted advertising, giving users clear control over transparent collection and sharing of information, and “prohibiting the use of third-party data to target specific individuals.”

Esho introduced H.R. 7014 on May 26 (read bill summary). It applies to candidate and non-candidate microtargeting, and to social media sites, streaming services and ad networks; it prohibits completely targeting ads based on demographics or behavioral data; it has a private right of action; violations are enforced by the U.S. Federal Election Commission and the private right of action. However, it also allows microtargeting if a user gives “express affirmative consent,” such as by checking a box, and continues to allow targeting of ads based on where the recipient is geographically located. The bill appears to have some bipartisan support so has a chance of passage.

In addition to the book and statement to Congress, Ghosh was also part this week of a series of written dialogues hosted by the Columbia Journalism Review (CJR) about algorithms, competition, privacy, protest and policy violence. “I think, on all counts, we need to transfer power from the corporate to the user. Privacy, market competition, data portability, technical interoperability, algorithmic transparency — I believe these policies are the start of what will ultimately be a more sophisticated regulatory regime from top to bottom,” Ghosh wrote in one of the CJR sessions.

REGULATING PRIVACY 

• Sen. Sherrod Brown’s new DATA act would shift the burden to protect personal data from consumers to companies | The Washington Post (TEXT) 

• Josh Hawley readying broadside against big tech’s ad business, legal shield | Cristiano Lima, Politico

• Hawley unveils bill targeting Big Tech’s shield | Margaret Harding McGill, Axios

• In U.S., Most Oppose Micro-Targeting in Online Political Ads | Justin McCarthy, Knight Foundation

• Reuter’s report: Americans don’t think misleading political ads should be on social media. | Nieman Lab

• Are digital giants like Facebook destructive by design? | Matthew Ingram, Columbia Journalism Review

• VIDEO: Facebook too big to fix, says Univ. of Virginia media author | Siva Vaidhyanathan, via Bloomberg

• Former Facebook exec thinks big tech will get broken up ‘over the next 10 years’ | Connie Loizos, TechCrunch 

PLATFORMS,  PRIVACY and SECTION 230

• Facebook to share privacy report to new board committee, FTC | Neha Malara, Reuters

• Exclusive: Massive spying on users of Google’s Chrome shows new security weakness | Joseph Menn, Reuters

• Google Chrome users may have been impacted by a massive spying campaign, report says | Rishi Iyengar, CNN

• Commissioner Starks Remarks on Section 230 | Benton Institute for Broadband & Society

• Justice Department Issues Recommendations for Section 230 Reform | Benton Institute for Broadband & Society

• Justice Department Issues Recommendations for Section 230 Reform | OPA, Department of Justice

• Justice Dept. Urges Rolling Back Legal Shield for Tech Companies | The New York Times

• DOJ proposes crackdown on tech industry’s legal shield | Leah Nylen, Betsy Woodruff Swan and Cristiano Lima, Politico

• DOJ to propose changes to Section 230 Internet protections | Tony Romm, The Washington Post

• Amazon Said to Be Under Scrutiny in 2 States for Abuse of Power | Karen Weise and David McCabe, New York Times

• House tech investigation seeks CEO testimony in July | Margaret Harding McGill, Axios

CCPA — WEEK TWENTY-FIVE

Awaiting status of CPRA ballot bid; websites must now acknowledge browser “Do Not Share” signals, 

There’s a cliffhanger in California as a state court suit seeks to make sure a bureaucratic delay doesn’t prevent these state’s voters from having another change to enact digital privacy safeguards by November ballot petition. Meanwhile, it’s pretty clear the state’s attorney general thinks the California Consumer Privacy Act (CCPA) requires that websites now must respond to a “Do Not Share” signal sent by a user’s web-browser software.

The AG’s office said it had studied public comments on its draft CCPA regulations and concluded that  “[t]he regulation is thus necessary to prevent businesses or ignoring consumer tools related to their CCPA rights and, specifically, the exercise of the consumer’s right to opt-out of the sale of personal information.” (for this language, see Page 38).

CCPA RELATED LINKS

• Final proposed CCPA privacy regs require businesses to honor global DNT opt-outs | Wendy Davis, via Twitter 

• CCPA final regulations submitted, including a hint of what is on the horizon in California | Gregory Krabacher and Jeff Knight, Bricker & Eckler LLP

• California Senate Proposes Amendment to CCPA to Address De-Identification and Information Used for Research and Public Health Purposes | Privacy & Information Security Law Blog

• At Calif. hearing, critics question CPRA’s timing | Angelique Carson, IAPP Blog 

• Mactaggart Petitions State Court to Prevent the California Privacy Rights Act from Being Excluded from November’s Ballot | Alston & Bird, JDSupra

• All the Time and Money on California’s New Privacy Law Wasted? | Eriq Gardner, Hollywood Reporter

• CCPA testers provide important insights into the landmark privacy law | Maureen Mahoney, Consumer Reports

• California AG Suggests Additional CCPA Regulations May be Needed | Odia Kagan, Fox Rothschild LLP

• CCPA Regulations: Is a Loyalty Program a Financial Incentive? | Privacy Compliance & Data Security

• BACKGROUND: California’s New Privacy Law Matters No Matter Where You Live | Thomas Smith, Gado Images via Medium.com

• BUSINESS: CCPA Fast Track | OneTrust

PANDEMIC AND PRIVACY

• More than 7 in 10 Americans won’t use contact-tracing apps, data shows | Jonathan Gitlin, Ars Technica

• Pandemic accelerated states’ identity and access management projects | Colin Wood, StateScoop

• Dangers of blockchain-enabled COVID-19 immunity passports | Elizabeth Renieris, Sherri Bucher, Christian Smith, Berkman Klein Center at Harvard 

• Norway pulls its coronavirus contacts-tracing app after privacy watchdog’s warning | Natasha Lomas, TechCrunch

• We Need To Sort Out The Privacy Issues With Contact Tracing Apps If We Are Going To Bring The Pandemic Under Control | Enrique Dans, Forbes

• German coronavirus tracing app downloaded 6.5 million times | Douglas Busvine, Reuters

• Gulf states using COVID-19 contact tracing apps as mass surveillance tools, report says | Nick Statt, The Verge

PRIVACY BUSINESS

• RESEARCH: Benchmarking privacy initiatives of 1,500 global managers | TrustArc Inc.

• Firms Are Confident In Their Privacy Protections, New Poll Shows | MediaPost

• In Australia, Google argues news is pretty worthless | Gavin O’Malley, DigitalNewsDaily

• Google and Apple urged to crack down on contact-tracing apps | Wendy Davis, DigitalNewsDaily

• Insult to injury: How ad fraud harmed good publishers for years | Augustine Fou, Forbes.com

• Online marketplace Minted hit with California privacy lawsuit after data breach | Reuter

• Using digital identity management to gain and retain trust | Ashwin Krishnan, Search Security

• WFA launches world’s first guide on data ethics for brands | World Federation of Advertisers

GDPR AND PRIVACY

• Privacy by design — GDPR’s sleeping giant | IAPP

• The EU’s Plans to Build a Wall Around GDPR-Protected Data | Cameron Gain, Dev Ops

• Google Loses Its Appeal On 50 Million Euro GDPR Fine | AdExchanger

• GDPR data mapping tutorial: tips, tricks and techniques | Luke Irwin, Security Boulevard

• Schrems II judgement due in July – what this might mean for your outsourcing deal | Marcus Evans, Lara White and Janine Regan, Data Protection Report

• Swedish DPA fines condo association for use of camera surveillance | IAPP

• How GDPR will be impacted by Brexit | Martin Ojala, TechRadar

• Why should you know about LGPD, Brazil’s Version of GDPR? | Usman Hayat, IT Pro Portal

PERSONAL PRIVACY

• I Got My File From Clearview AI, and It Freaked Me Out | Thomas Smith, Medium.com

• Microsoft president calls for federal regulation of facial recognition technology | Clare Duffy, CNN

• Google to fight Illinois-law-facial-recognition class-action suit file in Calif.? | Wendy Davis, DigitalNewsDaily 

• OPINION: The fight against facial-recognition technology | Brad Smith, via StreetFightMag.com

• Russia to Install ‘Orwell’ Facial Recognition Tech in Every School – Vedomosti | The Moscow Times

• Happn, Universal and Other Brands Accused of Misusing Data to Advertise On Facebook | VICE

• Finding privacy choices on websites is hard for average users—but experts also find it difficult | Tech Xplore

• What do Led Zeppelin, Cisco and Dr Oetker have in common? Facebook says they share our data with them | Privacy International

• IN BRIEF: Judge blesses Corner Bakery’s $3.2 mln privacy settlement over employee fingerprint scans | Reuters

PRIVACY AND PROTEST

• Voter registration, advocacy groups gathering protesters’ location data | IAPP

• City Council Plans Vote on POST Act, Creating Civilian Oversight of Police Surveillance | Press Release, New York City Council

• Researchers, politicians call for transparency in protest surveillance | Lauren Feiner, CNBC

• Going to a Protest? Here’s How to Protect Your Digital Privacy |  Patrick Lucas Austin, Time

EVENTS UPCOMING

• Webinar | 5 Critical Security and Privacy Lessons From CCPA Litigation | July 9, Spirion, Bank Info Security

• FTC Announces that PrivacyCon 2020 Will be Held VirtuallY on July 21  | Federal Trade Commission

QUOTE OF THE WEEK

Facebook’s succeeds by managing user identity — when will publishers learn to do the same?

“Facebook has built a business on capturing the attention of people who use the social network to stay in touch with others, who basically provide content for free. Last year, the company started to pay publishers for content that appears in its Facebook News section, but the money is unlikely to replace all the ad revenue they’ve lost over the years. Facebook’s key strength has been its requirement that people use their real identities to set up an account, and collecting vast amounts of information about their activities to help with ad targeting. However, its biggest weakness is that user-generated content can be inflammatory, hurtful and divisive. The company has a mixed record of removing objectionable content, while also wavering between espousing free speech or blocking it. Publishers have enormous advantages in providing brand-safe, value-added content to self-selecting audiences, and it’s those characteristics that need to be central in their marketing efforts. Instead of seeking state-ordered subsidies, publishers need to respond to the threat of digital ad giants by gathering more information about their readers.”

– Excerpt from “Facebook Doesn’t Need News Content to Survive,” a June 16  opinion column at MediaPost.com by contributing editor and former Bloomberg L.P. editor Rob Williams.