PRIVACY BEAT: Support splinters over Proposition 24; New York Times data exec explains privacy moves

Privacy Beat

Your weekly privacy news update.


Support splinters over Proposition 24, the California privacy ballot initiative; some points, motives emerging

Disagreements among privacy advocates over California’s Proposition 24 — the California Privacy Rights Act (CPRA) — are cropping up. The policy fault lines are murky but emerging.

“The initiative’s sponsor sees the measure as a rebuke to tech companies that have been trying to water down protections in the California Consumer Privacy Act (CCPA), which went into effect this year,” Bloomberg Law’s Andrea Vittorio wrote in her account, adding: “ But the activists say some provisions in the proposal weaken privacy rights, including one that lets companies charge more to safeguard personal information.”

There were these developments this week:

  • Mary Stone Ross, an ex-CIA analyst and House Intelligence Committee staffer, disclosed to Privacy Beat that she had filed papers forming “California Consumer and Privacy Advocates Against Proposition 24” and will be raising money to oppose the ballot initiative. Stone Ross came out against CPRA in January.


Proposition 24 (TEXT)  would make changes in the CCPA and that’s one reason for differences of opinion about whether to support it.

Another issue:  Under California’s much-used initiative-petition process, it’s possible for citizens to enact laws that are difficult or nearly impossible for the Legislature to amend. Mactaggart has written Proposition 24 so that its terms can be amended by a simple-majority legislative process — if the changes preserve the “purposes and intent” of the initiative.

Mactaggart argues this will allow for flexibility to toughen privacy rules or make other changes that permit adjustments to account in the future for new technologies or situations. Ross Stone says that opens the door for business lobbying because one “purpose” of the initiative is to consider its impact on business and innovation.  Her argument: Future proposals could argue business and innovation are being hurt.

  An analysis on Medium by Santa Clara University School of Law Prof. Lydia F de la Torre explores the question of amendments for “purpose.”

“I don’t think the groups were CCPA fans either,” Future of Privacy Forum’s Jules Polonetsky tweeted about opponents. “But legislation can be amended,if it falls short. Concerns seem to be the legal uncertainty about how it can be changed.”

Stone Ross told Privacy Beat her group will need to raise millions to have an impact on voters in the fall. Asked if she would accept a check written by Goggle, she replied: “Gosh, I don’t think so. I think there would have to be very specific conditions in place.” Asked if she would accept one from Facebook, she replied: “I don’t think Facebook’s going to write me a check.”


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


New York Times data exec explains privacy moves; takes note in Tweet about ad-tech  W3C challenge

The executive charged with leading “data governance” at The New York Times says news organizations “have garnered a dismal reputation in terms of privacy” and the paper is making changes to make sure its business is not “based on tracking readers across their entire connected lives.”

Robin Berjon, heads data-governance for the paper and formerly worked in France for the World Wide Consortium (W3C), where he was a principal author of the HTML5 specification.  His observations are in the post, “How The New York Times Thinks About Your Privacy,” appearing on the paper’s Medium pages.

Meanwhile, Berjon has also Tweeted about an Aug. 6 effort led by some ad-tech affiliated people seeking changes in the way the W3C facilitates the formulation of web privacy standards. He Tweets that an adtech coalition is trying to prevent browser makers from curbing tracking, and he says the coalition is arguing that “tracking is so good there should be a universal ID for people.”

In the Medium post, Berjon says The Times has rewritten its privacy policy, removed all third-party data controllers from its homepage, and is developing means to advertise to potential subscribers “without sharing data.”  It is phasing out third-party data in ad targeting. It has “removed open-market programmatic advertising, which broadcasts personal data to dozens of third parties in a way that publishers have very little control over,” Berjon writes.

Berjon says Times research shows readers are “broadly comfortable” with the paper “seeing some data about them.”  He goes on: “But they are overwhelmingly unhappy with data be shared with third parties that can use the data for entirely different purposes.”

Finally, Berjon says the historical focus on affording users “transparency and control” over who gets data about them is not enough.  The web of the future has to make it easy — as in a single step or interface — for the public to control how and where data about them is used, as well.



Is Breitbart website profiting by opaque ad placements that take advantage of lax IAB ads.text standard?

The conservative political news website Breitbart is profiting by allegedly unintended use of an Interactive Advertising Bureau (IAB) standard — “ads.txt” — to reap revenues from ads running on hundreds of other websites unknown to the advertiser, ad-fraud activists say.

Researcher Zach Edwards describes the practice in a Medium post: ” is Partnering with & Other Sites via Mislabeled Advertising Inventory.”  Edwards, a Santa Monica, Calif.-based free-lance engineer and website data consultant,  researched Breitbart and reporting his findings to the Nandini Jammi and Clare Atkin, who run the BRANDED ad-fraud exposure site. They write that Breitbart uses IAB’s ads.txt files and account IDs to recover ad revenue through revenue sharing.

Edwards explained in a conversation with Privacy Beat he thinks the disclosure is important because it points out a loophole in an IAB standard. He believes the loophole is advancing ad-fraud at the expense of legitimate publishers. “This inventory mislabeling creates online advertising Dark Pool Sales Houses, a market behavior that likely violates consumer protection frameworks.” He thinks mislabeling of online ad inventory should be illegal.

The solution, he argues, is two part: First, the ads.txt directory maintained by IAB and others should be open, free and public.  Right now, he says, individual ad tech companies keep to themselves their decisions about untrustworthy sites, and the lists cost $10,000 or more to access..  Second, he says its time for an independent, nonprofit organization to emerge that could help audit and govern the trustworthiness of web services.

“Look at how insanely easy it is to *steal money* meant to go from legit advertisers to legit publishers! And the people who built this and support it are getting rich abetting this fraud,” New York Times had of data governance remarked in a Tweet about Edwards’ findings. Berjon also commented on the IAB’s administration of the service.



Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

Panelists plea for open-source, collaborative, long-term approach to loss of third-party ‘cookie’ tracking

In a webinar, top marketing and advertising industry executives this week argued for an open-source, collaborative, long-term approach to replace third-party ‘cookie’ tracking. The comments came during the event; ”How the Removal of Identifiers Impacts Brands & Agencies”, organized by the IAB Tech Lab as part of its “Project Rearc” initiative.

“One of the things we want to focus on is an open-source solution,” said Jean Fitzpatrick, VP of marketplace solutions for IPG Kinesso, part of the Interpublic group.. “Something that is generally accepted across the board, so that industries can innovate on top of that rather tan waiting for the rug to be pulled out from under them.”

Brands, advertisers, publishers and ad-tech outfits need to take responsibility for making the argument to consumers that a certain amount of better-disclosed data sharing produces valuable, personalized information services, argued co-panelist Krystal Olivieri, GroupM’s svp global data strategy and partnerships.

“I think if there are no new standards and we can’t get our act together as an industry, we have bigger problems,” said Olivieri.  She said later: “We as agencies and as brands can use data governance, can use data ethics, can start to really interrogate the tactics being used and put ourselves in the frame of mind to ask: If we were a consumer would we be comfortable?”

The advertising industry was sold the idea that media would be 100% addressable to the individual and that will not be true in the future, Olivieri predicted. Because of regulation and other factors,a reset of expectations is required, she said.

“We have to coalesce around a new standard otherwise digital-media buying, it doesn’t work,” said Fitzpatrick. “So we have to find ways. Maybe either one standard way we all agree on . . . or different solutions in different areas.”







A Silicon Valley data entrepreneur explains why he is going to vote for Prop 24 (CPRA)

“ . . . [M]y 30+ year professional career here in Silicon Valley has let me see firsthand the massive amounts of data that can be collected and the impact on having that data stolen and compromised. I started my career at Oracle, which is still the leading database company in the world, and witnessed in my role as an on-site database tuning expert the massive amount of data that businesses and governments can collect and the speed that those databases can process and analyze that data. More recently, as founder and CEO of Centrify, a $100+ million cybersecurity company, I saw how hackers specifically target sensitive personal data, and that better safeguards and regulation of the collection and use by businesses of that data will reduce the cost and number of breaches and the corresponding impact on individuals. This has led me to believe that if us as consumers had more control over who has our most sensitive data and what they can do with it, the less likely that data will be scattered around all over the place and be stolen . . . There are three main reasons I am supportive of Proposition 24: (1) It gives Californians more privacy rights; (2) It adds additional obligations to businesses to have them better protect our personal data; and (3) It provides more enforcement capability to better protect Californians . . . The CPRA adds additional enforcement in the form of Privacy Protection Agency (PPA), whose primary mission would be to “protect the fundamental privacy rights of natural persons with respect to the use of their personal information.” 


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp