PRIVACY BEAT: Debating identity; Facebook vs. Apple; is web leading civil war?

Privacy Beat

Your weekly privacy news update.


Browser makers debate control of identity sharing — privacy policy, ownership, branding, or common domain URL?

How to change a key element of the way the Internet’s World Wide Web works is being hashed out in a public forum involving engineers for five major web-browser makers, along with Facebook.  The latest session was Thursday (Aug. 27) hosted by the World Wide Web Consortium (W3C)’s Privacy Community Group. 

The underlying question driving discussion as some 70 people listened —  What should (or should not) allow owners of websites to uniquely identify an individual browser-user as they move across other websites?  

That sort of identity management has never been part of standard Web protocols. So the browser “cookie” file became the default approach.  But now in order to extend privacy and block opaque tracking, Google (Chrome), Apple (Safari), Mozilla (Firefox), Microsoft (Edge) and Brave Inc. are looking at several approaches that would prevent storage of cookie tracking data, beyond a “first party.” It would mean a company, or collection of affiliated websites could track their users, but nobody else could cross-identify the same user. 

The approaches are:

  • Storage partitioning — Making sure tracking data stays within  separate data storage areas on browser software — with no leakage. (questions)
  • First-party Sets — Limiting tracking to a “set” consisting of a common corporate family, or sites with identical branding or privacy policy. (issues)
  • IsLoggedIn —  A standard for alerting each website that a user visits as to whether the are currently “logged in” to one or more other websites. 

Thursday’s discussion found Apple and Mozilla in frequent accord. At one point a Facebook representative raised concerns about the IsLoggedIn idea.  Facebook users remain logged in almost constantly across the web, as do users with a Google Account. Making the public more aware of that could have implications for both companies. 

The First-Party Sets discussion turned to debate of whether the top-level domain name, corporate ownership, brand or common privacy policy should be factors in declaring websites to be affiliated as “first parties” and therefore able to share data about user activity and attributes. Deciding that is critical, because it would affect whether federated “Single Sign On” services work conveniently for users. 

“You wouldn’t want to create a policy or standard that would allow unrelated sites to band together,” said Chris Pedigo, a vp at Digital Content Next, representing publishers. He said an earlier W3C group discussed a similar question and concluded a first-party set could include “a collection of domains as long as there was a common privacy policy, ownership and branding.” 




Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

Facebook flips out over Apple privacy move; says it will drive business of advertising competitors — to Facebook


A flurry of stories picked up on a Facebook’s developers’ blog post in which the company said a key privacy move by Apple would likely benefit it more than small advertising competitors. As a result Facebook stock surged. 

Apple’s forthcoming iOS14 update for mobile devices is the change Facebook cites.  

“This is not a change we want to make, but unfortunately Apple’s updates to iOS14 have forced this decision,” Facebook said, adding that the update “may render Audience Network so ineffective on iOS 14 that it may not make sense to offer it on iOS 14 in the future.” 

The Audience Network is the Facebook service that third parties can use to place advertising elsewhere on the web besides Facebook.  Facebook cited tests showing that removing personalization led to a more than 50% drop in revenue from the Audience Network to the point where it might close the service for reaching Apple users. Thus the net impact might be to drive advertisers to place more business inside Facebook. 

Here’s a selection of reporting on and reaction to the blog post, “Preparing our Partners for iOS 14.” 



‘Social Dilemma’ film debuting Sept. 9 cues the question: Could unbridled ‘surveillance capitalism’ lead to civil war? 


Debate over privacy, social media and “surveillance capitalism” will likely ramp up with the Sept. 9 release via NetFlix of a new documentary, “The Social Dilemma,” (trailer) by an award-winning environmental documentarian, Jeff Orlowski.  The 94-minute film, previewed in January at the Sundance Festival, features a set of actor-dramatizations juxtaposed with testimonials and warnings by ex-Silicon Valley engineers. 

“The amount of information that is being collected is a gold rush for data to build more and more accurate profiles around us,” Orlowski says in a Vanity Fair interview this week. “And in many ways, whoever builds the most accurate profile, whoever can predict us better, those are the companies that are going to win out. It is really individualized, personalized data accumulation to build a more and more accurate model that is currently being used to manipulate us.”

The result is increasing political and social polarization, Orlowski says in the interview, quoting one interviewee: “ . . . [T]he natural conclusion to all of this is civil war.”

Included in the film are former Google design ethicist and Center for Human Technology president Tristan Harris, Renee DiResta, research manager of the Stanford Internet Observatory, and Rashida Richardson, former policy researcher at the AI Now Institute, not to mention Soshana Zuboff, author of the book “Surveillance Capitalism and Silicon Valley investor Roger McNamee. 

Harris, DiResta and Richardson join Orlowski at 8:30 p.m. (EDT) on Sept. 16 for a virtual discussion of the film. (Register to watch and pose questions





Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

Silicon Valley congressman backs Prop24, but normal privacy allies still splintered over key provisions

Proponents of the California Consumer Privacy Rights Act (“Prop24”) said it had picked up an important supporter this week — U.S. Rep. Ro Khanna, D-Calif. — as they battle to mitigate a splintering of support among normally-united privacy advocates.  Khanna represents part of Silicon Valley, was a backer of Bernie Sanders and is author of the aspirational “Internet Bill of Rights.” 

“Prop 24 is a monumental step in expanding and enshrining privacy rights for consumers,” said Khanna. He said the ballot initiative, if voters approve it Nov. 3, would provide “tools necessary to hold corporations accountable for collecting and misusing our most personal information” and continues California’s privacy-rights policy leadership. 

Alastair Mactaggart, the real-estate mogul who has spent millions supporting the existing California Consumer Privacy Act (CCPA), and now Prop24, also released this week a short YouTube video summarizing his take on why he says Prop24 is needed. 

Consumer data company Acxiom opposes Prop24, as do a couple of California newspapers (in editorials).  Both Consumers Union and the Electronic Frontier Foundation decline to either support or oppose it.   The problem for some privacy-centric groups is they feel Mactaggart listened too much to data-aggregators and tech platforms in crafting the ballot initiative. Mactaggart says he did so to mute like opposition.   

Protocol’s Issie Lapowsky had the best analysis of the politics in a Feb. 20 report. Among opponents is Mary Stone Ross, who worked with Mactaggert to get the CCPA in place but has now formed California Consumer and Privacy Advocates Against Prop24. The ACLU, the Consumer Federation of California and Media Alliance  oppose Prop. 24.  Unions, engineers, contractors, the NAACP, Common Sense Media and Consumer Watchdog backs it. Google and Facebook have yet to announce a position on Prop24.

“As the nursery rhyme goes: sometimes the CPRA is very, very good and sometimes the CPRA is very, very bad. And when it is bad, it is horrible.” says a pseudonymous blog post about Prop24 on the website of The Media Alliance, a San Francisco-based nonprofit which fosters media diversity and free speech.  

Among key flash points between supporters and opponents include whether:

  • Data companies should have to ask before collecting personal information (“opt-in”).  Prop24 doesn’t require; privacy absolutists say it is a core need, similar to European law; but tech platforms and the advertising industry are vehemently opposed.
  • Data companies should be able to offer rewards or discounts in exchange for personal data; privacy advocates say this creates a data marketplace unfair to the poor.  Prop24 does not forbid this; marketers don’t want to lose the ability to run loyalty programs.
  • Language in Prop24 permitting it to be amended by the Legislature under certain conditions.  McTaggart says the provision was necessary to make the law flexible for the future. Some privacy proponents warn it will be gradually gutted by future lobbying in Sacramento.

The nonprofit service Ballotpedia provides an updating summary of the status of the measure, and spending in support and opposition to it. Mactaggart’s surveys of likely voters found 81 percent support for Prop24 — and 72 percent supported it after people heard the opposition arguments as presented in the official state ballot guide. 




Law firm describes three ways California’s attorney general backed off aggressive interpretation, enforcement of  CCPA 

“The Proposed Regulations included a provision that would have prohibited businesses from using a consumer’s personal information for a materially different purpose than the purposes disclosed in the consumer notice required by the CCPA. The Proposed Regulations also would have required that businesses notify consumers of a new use of the consumer’s personal information, and obtain explicit consent from the consumer if the business uses previously collected personal information for a purpose materially different from the purposes disclosed in the notice. The Final Regulations do not include these requirements . . . .

The Final Regulations no longer include a provision requiring that the methods for submitting requests to opt-out must be “easy for consumers to execute” and require “minimal steps” for consumers to request opt-out.

The Final Regulations clarify that a business may deny a CCPA consumer request from an authorized agent submitted on behalf of a consumer, if the authorized agent is unable to provide the business with signed permission from the consumer demonstrating that the authorized agent has been authorized by the consumer to act on the consumer’s behalf. Under the Proposed Regulations, the authorized agent needed only to submit “proof” to the business that the agent was authorized to act on behalf of the consumer.”

  • Excerpt from a blog post by attorneys Hilary Bonaccorsi, Kevin Cahill and Logan Dalton at the Dechert LLP law firm. 


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp