Support splinters over Proposition 24, the California privacy ballot initiative; some points, motives emerging

Disagreements among privacy advocates over California’s Proposition 24 — the California Privacy Rights Act (CPRA) — are cropping up. The policy fault lines are murky but emerging.

“The initiative’s sponsor sees the measure as a rebuke to tech companies that have been trying to water down protections in the California Consumer Privacy Act (CCPA), which went into effect this year,” Bloomberg Law’s Andrea Vittorio wrote in her account, adding: “ But the activists say some provisions in the proposal weaken privacy rights, including one that lets companies charge more to safeguard personal information.”

There were these developments this week:

• Mary Stone Ross, an ex-CIA analyst and House Intelligence Committee staffer, disclosed to Privacy Beat that she had filed papers forming “California Consumer and Privacy Advocates Against Proposition 24” and will be raising money to oppose the ballot initiative. Stone Ross came out against CPRA in January.

• Consumer Reports said it was supporting the initiative (see what Justin Brookman tweeted and his colleague Maureen Mahoney’s analysis), along with the California chapter of the National Association for the Advancement of Colored People (NAACP).  Another noteworthy supporter: Roger McNamee, the prominent Silicon Valley venture capitalist who was an early backer of Facebook.

• The American Civil Liberties Union of California (CalACLU) also said it will oppose the initiative, as will Color of Change, Public Citizen and Oakland Privacy.  On June 29, the Consumer Federation of California announced its opposition.

• Stone Ross’ opposition is notable because she was a co-author in 2018 of the CCPA, which began being enforced July 1. Her opposition places her at odds with Alastair Mactaggart, of Californians for Consumer Privacy, co-author of the 2018 original CCPA and now principal architect of Proposition 24. Stone Ross, who testified about CPRA on June 20, says they now have policy differences.

Proposition 24 (TEXT)  would make changes in the CCPA and that’s one reason for differences of opinion about whether to support it.

Another issue:  Under California’s much-used initiative-petition process, it’s possible for citizens to enact laws that are difficult or nearly impossible for the Legislature to amend. Mactaggart has written Proposition 24 so that its terms can be amended by a simple-majority legislative process — if the changes preserve the “purposes and intent” of the initiative.

Mactaggart argues this will allow for flexibility to toughen privacy rules or make other changes that permit adjustments to account in the future for new technologies or situations. Ross Stone says that opens the door for business lobbying because one “purpose” of the initiative is to consider its impact on business and innovation.  Her argument: Future proposals could argue business and innovation are being hurt.

  An analysis on Medium by Santa Clara University School of Law Prof. Lydia F de la Torre explores the question of amendments for “purpose.”

“I don’t think the groups were CCPA fans either,” Future of Privacy Forum’s Jules Polonetsky tweeted about opponents. “But legislation can be amended,if it falls short. Concerns seem to be the legal uncertainty about how it can be changed.”

Stone Ross told Privacy Beat her group will need to raise millions to have an impact on voters in the fall. Asked if she would accept a check written by Goggle, she replied: “Gosh, I don’t think so. I think there would have to be very specific conditions in place.” Asked if she would accept one from Facebook, she replied: “I don’t think Facebook’s going to write me a check.”

CCPRA RELATED 

• Mactaggart: Changing privacy rights in Calif. far from over | Terry Collins, DigitalPrivacy.news
• Tech entrepreneur Tom Kemp: “Why I”m voting Yes on Prop 24 (CPRA) | Tom Kemp’s Blog
• The Top 12 Ways the CPRA Significantly Increases Privacy Rights | Tom Kemp, Medium.com
• GRAPHIC: Top-10 most impactful provisions of Prop 24 (CPRA) | International Association of Privacy Professionals (IAPP) | (Graphic described)
• Q-and-A: What will Prop 24 do? | International Law Office
• What are some of the key provisions of the CPRA? | Jerel Pacis Agatep, Jackson Lewis P.C. law firm
• Twitter thread by CPRA advocate regarding EPIC and Congress  | Ashkan Soltani, via Twitter
• ROUNDUP: Reviewing CCPA litigation in court so far | Mark Melodia, Ashley Shively, Mark Francis & Paul Thompson Jr., Holland & Knight

New York Times data exec explains privacy moves; takes note in Tweet about ad-tech  W3C challenge

The executive charged with leading “data governance” at The New York Times says news organizations “have garnered a dismal reputation in terms of privacy” and the paper is making changes to make sure its business is not “based on tracking readers across their entire connected lives.”

Robin Berjon, heads data-governance for the paper and formerly worked in France for the World Wide Consortium (W3C), where he was a principal author of the HTML5 specification.  His observations are in the post, “How The New York Times Thinks About Your Privacy,” appearing on the paper’s Medium pages.

Meanwhile, Berjon has also Tweeted about an Aug. 6 effort led by some ad-tech affiliated people seeking changes in the way the W3C facilitates the formulation of web privacy standards. He Tweets that an adtech coalition is trying to prevent browser makers from curbing tracking, and he says the coalition is arguing that “tracking is so good there should be a universal ID for people.”

In the Medium post, Berjon says The Times has rewritten its privacy policy, removed all third-party data controllers from its homepage, and is developing means to advertise to potential subscribers “without sharing data.”  It is phasing out third-party data in ad targeting. It has “removed open-market programmatic advertising, which broadcasts personal data to dozens of third parties in a way that publishers have very little control over,” Berjon writes.

Berjon says Times research shows readers are “broadly comfortable” with the paper “seeing some data about them.”  He goes on: “But they are overwhelmingly unhappy with data be shared with third parties that can use the data for entirely different purposes.”

Finally, Berjon says the historical focus on affording users “transparency and control” over who gets data about them is not enough.  The web of the future has to make it easy — as in a single step or interface — for the public to control how and where data about them is used, as well.

VALUE, DATA AND PRIVACY 

•  Assessing Andrew Yang’s “Data Dividend Project” to pay for your data | Will Rinehart, Wired.com
• Why placing a price tag on personal data may harm consumer privacy | Lokke Moerel & Christine Lyon, IAPP Privacy Perspectives  (longer version)

PERSONAL PRIVACY 

• Facebook agrees to up Illinois facial recognition settlement to $650M | Jeff John Roberts, Fortune.com
• Google Sued for Allegedly Tracking App Users After They Opt Out | Allen St. John, ConsumerReports.org
• Seven ‘no log’ VPN providers accused of leaking 1.2TB of user logs | Shaun Nichols, TheRegister.com
• A VPN from Mozilla — a tech company you trust? | Mozilla Corp. email
• Privacy spying risks of home security cameras analyzed | Alicia Hope, CPO Magazine
• Followup: Researchers wary of Census Bureau “differential privacy” plans | Tammy Joyner, DigitalPrivacy.news
• https://digitalprivacy.news/wp-content/uploads/2020/07/census-845×450.jpg
• New York Legislature sends Cuomo ban on use of  facial-recognition in schools statewide | Kyle Wiggers, VentureBeat.com
• Hundreds Of Thousands Of Instacart Customers’ Personal Data Is Being Sold Online | Jane Lytvynenko, BuzzFeed News
• BACKGROUND: How Germany privacy advocate won ruling curbing foreign surveillance | Vera Franz, Open Society Foundations

Is Breitbart website profiting by opaque ad placements that take advantage of lax IAB ads.text standard?

The conservative political news website Breitbart is profiting by allegedly unintended use of an Interactive Advertising Bureau (IAB) standard — “ads.txt” — to reap revenues from ads running on hundreds of other websites unknown to the advertiser, ad-fraud activists say.

Researcher Zach Edwards describes the practice in a Medium post: ”Breitbart.com is Partnering with RT.com & Other Sites via Mislabeled Advertising Inventory.”  Edwards, a Santa Monica, Calif.-based free-lance engineer and website data consultant,  researched Breitbart and reporting his findings to the Nandini Jammi and Clare Atkin, who run the BRANDED ad-fraud exposure site. They write that Breitbart uses IAB’s ads.txt files and account IDs to recover ad revenue through revenue sharing.

• IAB Tech Lab explains workings and intentions of Ads.txt 
• How ads.txt works
• Market share of major exchanges

Edwards explained in a conversation with Privacy Beat he thinks the disclosure is important because it points out a loophole in an IAB standard. He believes the loophole is advancing ad-fraud at the expense of legitimate publishers. “This inventory mislabeling creates online advertising Dark Pool Sales Houses, a market behavior that likely violates consumer protection frameworks.” He thinks mislabeling of online ad inventory should be illegal.

The solution, he argues, is two part: First, the ads.txt directory maintained by IAB and others should be open, free and public.  Right now, he says, individual ad tech companies keep to themselves their decisions about untrustworthy sites, and the lists cost $10,000 or more to access..  Second, he says its time for an independent, nonprofit organization to emerge that could help audit and govern the trustworthiness of web services.

“Look at how insanely easy it is to *steal money* meant to go from legit advertisers to legit publishers! And the people who built this and support it are getting rich abetting this fraud,” New York Times had of data governance remarked in a Tweet about Edwards’ findings. Berjon also commented on the IAB’s administration of the service.

AD TECH

• The biggest unanswered questions around Apple’s upcoming privacy update | Lara O’Reilly, DigiDay.com
• UPDATE: Dutch publisher revenue increase after removing all 3rd-party tracking | Johnny Ryan, Brave Inc.
• Acxiom Launches A Solution To Connect Direct And Digital Audiences | Alison Weissbrot, AdExchanger.com
• Citing privacy concerns, Nielsen overhauls digital methodology | Wayne Friedman, DigitalNewsDaily
• Nielsen hatches new methodology for cookieless future | Sarah Sluis, AdExchanger.com
• DOJ Green Lights Proposed Outbrain and Taboola Merger | Sara Jerde & Ronan Shields, AdWeek.com  (BACKGROUND)
• Q-and-A: Contextual targeting — more than a cookie substitute | Marco Godina, Silverbullet via ExchangeWire
• Mobile ad-tech companies trie to adapt to likely loss of Apple’s IDFA | Allison Schiff, AdExchanger.com
• What do Apple’s privacy-focused IDFA changes mean for Facebook? | Allison Schiff, AdExchanger.com
• Marketers ask for programmatic loog files; OpenX complies | Joe Mandese, MediaDailyNews
• Programmatic RTB ad exec frets about “apocalypse” of Apple dropping IDFA tracking in iOS | Ari Paparo, Beeswax via AdExchanger
• True cost of deceptive advertising?  Upholding user trust during an election season | Tobais Silber, GeoEdge via Digital Content Next
• Your company’s data may be worth more than your company | Douglas B. Laney, Forbes CIO Network

FUTURE OF NEWS 

• Congress considers legislation that would support local news organizations | Dean Ridings, CEO, America’s Newspapers
• Covid-19 has ravaged American newsrooms. Here’s why that matters | Damian Radcliffe, NiemanLab.org
• OPINION: We cannot afford to wait any longer to save local news | Bradley Blakeman, TheHill.com
• Salt Lake Tribune finding success as a non-profit |  Brian Veseling, WAN/IFRA Newsletter