Ad-tech related concerns about perceived Google, Facebook “skew” in considering privacy, cookies to be given airing at Aug. 6 advisory board of W3C

The World Wide Web Consortium (W3C), which is hosting discussions about how browser software and other protocols might enhance user privacy control over advertising, is moving to consider concerns about alleged process “skew” favoring the likes of Google, Facebook and Apple.

The W3C’s Advisory Board will have on the agenda of its Aug. 6 virtual meeting an item to hear from British tech entrepreneur James Rosewell, who says to Private Beat that “over the last 10 years there are a number of dominant marketplace players who have also dominated the W3C.” Roswell, who spoke about his concerns with Privacy Beat, co-authored a public email entitled: “W3C AB governance and trust choices.”

AB refers to the “Improving Web Advertising Business Group of the W3C.  The email says the co-signers are concerned about how privacy, standard interfaces and cross-publisher web advertising are being discussed.

“We believe that the W3C governance process aims to represent all stakeholders of the web,” the email says. “Unfortunately, as the web has grown in size, a disparity in organizational size now threatens this governance process.” It calls for unspecified urgent amendments to the governance of the advertising business group, and has made a detailed proposal. 

The 20 signers of the email represent a mix of companies in advertising technology, agencies, and brands, with ad-tech predominant.  However, Roswell said he would not characterize the appeal as coming primarily from ad-tech companies. He says ad-tech interests are more aware of what’s going with web standards on than are, say, publishers.

“If we are going to change the web and change it quite fundamentally, especially the economics, then the balance of power that is already skewed in favor of a handful of oligopolies, we need to be very careful about the changes,” Roswell told Privacy Beat.

The W3C is an unincorporated collaboration that operates within a series of contracts among it and four international education institutions, including MIT, where it is based in Cambridge, Mass. It has a small staff, headed by CEO Jeffrey Jaffe. Jaffe is chair of the Advisory Board which will hear from Roswell’s group on Aug. 6.

AD TECH | IDENTITY 

• With IDFA gone, it’s time for a new identity strategy, Epsilon exec says | Loch Rose, Epsilon via AdWeek.com

• In advertorial, ZeoTap urges adopt of “universal ID” | ZeoTap via DigiDay.com

• MediaMath Goes Live Globally with LiveRamp’s IDL | Travis Clinger, VP Strategy, LiveRamp

• Ad tech is in denial about Apple’s new app IDFA privacy rule | Lara O’Reilly, DigiDay.com

• What Do Apple’s Privacy-Focused IDFA Changes Mean For Facebook? | Allison Schiff, AdExchanger.com

• What’s behind the hype about Customer Data Platforms? | Pamela Parker, MarketingLand.com

• Acxiom Launches A Solution To Connect Direct And Digital Audiences | Alison Weissbrot, AdExchanger.com

• Consumers in Europe OK cookies more than in United States | David A. Zetoony, Bryan Cave Leighton Paisner  law firm | (2018 study cited)

• Publishers are wary of the latest attempt to standardize GDPR compliance | Lucinda Southern, DigiDay.com

• Reviewer’s list of favorite ad blockers and browser privacy extensions | Thorin Klosowski, WireCutter/NYTimes

• Sovrin Foundation seeking board members | Sovrin Email

U.S. government and tech scramble after EU court seeks to push enhanced privacy across the Atlantic; how to balance privacy with government spying?

The U.S. government and U.S. corporations that move customer and employee data back and forth with Europe are now scrambling after a long-anticipated decision by the European Union’s highest court struck down a most-favored trans-Atlantic data-exchange pact.

The European Court of Justice’s decision this week could affect more than 5,000 U.S. companies that transfer EU residents’ information to servers in the United States. Reuters’ Foo Yun Chee and Marine Strauss wrote the decision “effectively ends the privileged access companies in the United States had to personal data from Europe and puts the country on a similar footing to other nations outside the bloc, meaning data transfers are likely to face closer scrutiny.”

Added Yahoo Finance writer Edmund Heaphy: “The core of the issue was on the contradiction between US law, which requires social media firms to hand over user data to national security agencies, and both the charter and the GDPR regulation, which give every EU citizen substantial data privacy rights.

• THE DECISION  | (printable)

• THE COURT’S NEWS RELEASE

It was the second time since 2015 that a  “Privacy Shield” was found wanting by the European Court Justice.  The key problem — U.S. law doesn’t protect foreigners’ data from surveillance by U.S. spy agencies.  Research by the Future of Privacy Forum found more than 250 European companies also participate in the Privacy Shield mechanism.

“This is a bold move by Europe,” Jonathan Kewley, co-head of technology at law firm Clifford Chance, said in comments to Yahoo News UK. “What we are seeing here looks suspiciously like a privacy trade war, where Europe is saying their data standards can be trusted but those in the US cannot.” Kewley said the outcome could be that more customer data remains stored in Europe, which is what happened after “Safe Harbor” — predecessor to “Privacy Shield” was annulled in 2015.

The was filed by privacy activist Max Schrems after former US National Security Agency contractor Edward Snowden revealed in 2013 revealed U.S. surveillance. Schrems praised Thursday’s decision. “It is clear that the US will have to seriously change their surveillance laws, if U.S. companies want to continue to play a role on the EU market,” he said. “The Court clarified for a second time now that there is a clash between EU privacy law and US surveillance law . . . the US is now simply put back to an average country with no special access to EU data.”

Some other reactions:

• “This decision cuts off legal means to transfer personal data to the United States and will demand immediate attention by policymakers and U.S. companies doing business in Europe,” Caitlin Fennessy, research director at the International Association of Privacy Professionals told the New York Times.   “I think this is the worst-case scenario for US companies,” Hennessy added to CNN. “It’s difficult to understand what legal option companies have. But it will demand immediate action by EU and US policy makers …for guidance and reassurance.” (Hennessy’s own take)
• American Civil Liberties Union lawyer Ashley Gorski said Congress must now act to rein in the National Security Agency’s warrantless spying.
• “This should be a wake up call to both the U.S. Congress and the U.S. Intelligence Community that stronger privacy protections must be built into intelligence surveillance authorities,” said Alexandra Givens, president and CEO of the nonprofit DC-based Center for Democracy & Technology. ““People outside the U.S. have rights that U.S. surveillance law and practice must honor. Surveillance reform has long been a human rights imperative; now, it is an economic imperative as well,” she added.
• “The European Union’s highest court today made clear—once again—that the US government’s mass surveillance programs are incompatible with the privacy rights of EU citizens,” the Electronic Frontier Foundation’s Danny O’Brien wrote on the EFF.org website. 
• Johnny Ryan, the Irish-based ad-tech privacy advocate who works for browser-maker Brave Inc., said the decision means “companies can no longer send personal data to the United States unless they can first prove that it will be protected to the same standard as it is in the European Union.” He continued: “When one considers the divergence of data protection between EU and US, it becomes clear that this may be difficult or impossible.”
• Alexandre Roure, a senior manager at Computer & Communications Industry Association, said the decision “creates legal uncertainty for the thousands of large and small companies on both sides of the Atlantic that rely on Privacy Shield for their daily commercial data transfers.

So what’s next?  An effort by U.S. interests to come up with something new.

While the court invalidated Privacy Shield, it said an alternate legal approach involving “standard contractual clauses” (SCC’s) could be used by company’s on a case-by-case basis. For example, Microsoft said it handling of EU subject data in its Azure Cloud services were in compliance using SCC’s.

CNN reported that European Commission Vice President Věra Jourová said EU and US officials have already been working on alternatives, including possibly updating the Privacy Shield agreement. Jourová added that it will take time to analyze the decision and understand its implications. “We will continue our work to ensure the continuity of safe data flows,” she said, “We strongly believe that in the globalized world of today it is essential to have a broad tool box for international transfers while ensuring a high level of protection for personal data. We are not starting from scratch.”

For his part, U.S. Commerce Secretary Wilbur Ross said his agency was “deeply disappointed” with the ruling.  He said: ““We are still studying the decision to fully understand its practical impacts,” he stated. “We have been and will remain in close contact with the European Commission and European Data Protection Board on this matter and hope to be able to limit the negative consequences to the $7.1 trillion transatlantic economic relationship that is so vital to our respective citizens, companies, and governments.”

ADDITIONAL LINKS

• EU strikes down key US data-sharing protocol, citing threat of mass surveillance | James Vincent, TheVerge.com

• SCCs: no silver bullet, verification of compliance still required | NautaDutilh Law Firm

• Finding balance between privacy and national security is tough, law prof says | Peter Swire, Georgia Tech via IAPP

STATE OF SURVEILLANCE

• A New Map Shows the Inescapable Creep of Surveillance | Brian Barrett, Wired.com

• EFF’s new database reveals what tech local police are using to spy on you | Charlie Osborne, ZDNet.com

• Facial recognition software tallies second wrongful arrest | Benjamin Freed, StateScoop.com

• Privacy and racial justice: Regulating facial recognition technology | Muge Fazlioglu, IAPP Blog

• Tech billionaire funding network of 1,000 security cameras around SF | KGO News

• Built-In Bias: Digital ID and Systemic Racism | Mary Cruse, Good-ID.org

• Microsoft said to be deeply involved in aiding U.S. police surveillance | Michael Kwet, TheIntercept.com

• Police Are Buying Access to Hacked Website Data | Joseph Cox, Vice.com

COVID 19 AND PRIVACY

• Tech to contain coronavirus on college campuses sparks fresh privacy concerns | Cat Zakrzewski, WashPost.com

• California and New York privacy law on collision course with COVID-19 tracking? | Lee Brand et al., Pillsbury Winthrop Shaw Pittman LLP law firm

CALIFORNIA PRIVACY 

• Who’s selling data? California privacy law gives users more control | Ashley Cullins, HollywoodReporter.com

• California:  The Top-10 Most Impactful Provisions Under the CPRA Ballot Initiative | IAPP Resource Center

• California’s attorney general updates FAQ for CCPA | Xavier Becerra’s AG website

• How to get your company smart about CCPA? | Source: IAPP training pitch

PERSONAL PRIVACY 

• COLUMNIST: Is this Google privacy email an example of why people don’t trust tech companies? | Jason Aten, Inc.com

• Israeli court dismisses Amnesty’s petition against spyware firm NSO | Ari Rabinovitch, Reuters PLC

• US Census using “differential privacy” scrambling in its 2020 data collection | Anusuya Datta, GeospatialWorld.com

• Mozilla’s VPN has arrived to boost your online privacy | Matt Burgess, Wired.com

• Google faces lawsuit over tracking in apps even when users opted out | Paresh Dave, Reuters PLC

• Google Tracked Users Who Indicated No Following, Lawsuit Claims | Daniel ller, BloombergLaw.com

ANTITRUST

• Google is reportedly facing a new antitrust probe from California | Jon Porter, TheVerge.com

• Paper filed in Australia suggests Google antitrust strategy | David McCabe, New York Times

• Publishers Looking to Grow Ad Revenue Now Have a New Google AdSense Hurdle to Overcome | Ronan Shields, AdWeek.com

• Texas ramps up Google ad antitrust scrutiny | Leah Nylen, Politico.com

• Google search upgrades make it harder for websites to win traffic | BloombergNews via AdAge.com