Apple caves to Facebook; antitrust rationales; IAB probes members on CCPA

Privacy Beat

Your weekly privacy news update.


Apple caves to Facebook on IDFA opt-in, but releases new ad to promote privacy stance — and will soon force private-data use disclosure by iOS / phone apps

(Above, click scene from Apple/T-Mobile privacy video ad)

Apple Inc. made three moves this week on the privacy front.

  • In a Sept. 3 posting to its developer blog, the company said its App Store product pages will feature a new privacy-information section. “On each app’s product page, users can learn about the data types the app may collect and whether that data is linked to them or used to track them,” the company wrote in a detailed explanation page. It also provided compliance instructions to developers.
  • In a new effort to emphasize its pro-privacy marketing position, Apple released a new one-minute video advertisement with absurd scenes of privacy oversharing in public settings. 

  • But on the same day,  bowing to media pressure from Facebook, Apple delayed until “early next year” a plan to require apps to ask and get explicit permission for users before collecting personal data.  Facebook warned last week that the move to restrict the IDFA identifier to opt-in uses only would devastate not only its iPhone advertising business, but more particularly the business of third parties it assists.



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

Kanary release v2 of its personal-data scam repair service, launches “privacy emergency” resource

Kanary, the young Chicago company founded by an ex-IBM consultant, musician and programmer that helps manage personas and privacy, reported this week on its Version 2 and has started a privacy-safety resource.  For less than $5 a month, Kanary crawls more than 2,000 creepy web sites that themselves crawl for your personal information — and demands they remove it. 

“V2 of Kanary is up!” founder Rachel Vrabec posted. “ It’s been nine months since our initial launch and we’ve learned a ton about how to keep our personal information private. For example, 80% of our subscribers end up finding and removing risks for their friends and family too. Privacy really is a team sport.”

Kanary launched about nine months ago (scroll to see earlier Privacy Beat item), and Vrabec’s small team has received support from the Mozilla Foundation in the interim.  They’’ve now also posted an updating page of “privacy emergency” resources

Now, Vrabec is asking early-stage  customers of Kanary to pitch their families on how to get scammers, hackers and spammers to stop scraping and targeting their data — sites like SpyDialer, Spokeo and PeopleLooker.  “It turns out there are hundreds of sites like this,” says Vrabec. “Best thing is Kanary handles all the work of finding and removing info for you.” 



As Trump admin weighs Google ad-market antitrust suit, Yale scholar’s article suggests a rationale; Cicilline told to consider updating Glass-Steagall 

Two antitrust scholars unveiled this week antitrust theories just as it was reported that the Trump administration may sue Google by the end of September. 

First, Brookings Institution scholar Darrell M. West interviewed U.S. Rep. David Cicilline, D-R.I.,  and the two discuss the idea of reviving and updating the 1930s era Glass-Steagall Act to apply to technology companies.  

Second, a Sept. 1 draft Stanford Technology Law Review article by a Yale Law School scholar suggests it may be time to apply 19th-century antitrust concepts to regulate or separate Google control of the digital advertising marketplace from the trading activity itself — to level the playing field for all competitors. 

“In the market for electronically traded equities, we require exchanges to provide traders with fair access to data and speed, we identify and manage intermediary conflicts of interest, and we require trading disclosures to help police the market,” Dina Srinivasan writes in the abstract of her article, adding: “Because ads now trade on electronic-trading venues too, should we borrow these three competition principles to protect the integrity of advertising?”

Srinivasan, a former digital-advertising executive, says Google owns both the leading trading venue, as well as the leading intermediaries that buyers and sellers go through to trade — and is one of the largest sellers of ad space globally. 

Although Srinivasan’s article doesn’t appear to focus on this angle, it was a vertical-integration prosecution via the  the Sherman Antitrust Act of 1890 which led to the so-called Paramount Degree that ended 1940s-era ownership of movie theaters that displayed films by studios which made them. However, last month, a federal judge agreed to a dissolution of the decree, a hallmark of antitrust law, because of changes in the movie industry brought on by streaming competition. 

The implications of her paper were explored this week in a article. (See Quote of the Week, below).  The article says U.S. Rep. Pramila Jayapal, D-Wash., questioned Google CEO Sudar Pichai during July congressional testimony. “The problem is that Google controls all these entities,” Jayapal said to Pichai. “It’s acting on the buy side, and it’s acting on the sell side at the same time, which is a major conflict of interest.” 




Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

With input from 75 lawyers, IAB is gathering data from 800 members on how they are coping with CCPA compliance;

Questions may reveal areas of legal concern  

The Interactive Advertising Bureau (IAB), which serves ad-tech, brands, agencies and publishers, launched this week an exhaustive online survey of its 800 members which appears designed to highlight issues with implementing the California Consumer Privacy Act (CCPA). 

 IAB said some 75 privacy lawyers developed the anonymous  “CCPA Benchmark Study,” which takes between a half-hour and a hour to complete. The survey comes as the advertising, publishing and tech industries weigh how California Attorney General Xavier Becerra will interpret the law, for which enforcement began July 1.

For publishers, one of the most important questions asked is this one: “Do you believe a freemium model, cookie wall, or other paywall is a form of ‘discrimination’ under the CCPA?” It’s important because there is uncertainty about whether valuing or charging for content is discriminatory if it changes what is collected about a user. 

Another challenging question is whether companies consider themselves to be “data brokers” under the law.  Some of the other key likely legal disputes over interpretation of CCPA compliance covered in the survey include: 

  • How companies interpret such terms as “personal information,” the action of “collection”, what constitutes “de-identified” data — and even whether a respondent considers themselves a “business” or “service provider” under the law. 
  • Is there a “sale” during website measurement, data matching/identity resolution or frequency capping? 
  • Whether companies are applying CCPA’s tough notice and disclosure rules globally, in the United States or only in California. 
  • Whether a business requires new contracts with data service providers or amendments to old ones. 
  • Whether a business considers it has an obligate to see to it that one of its service providers deletes data when required to do so. 
  • Does a “sale” of data for CCPA purposes occur during the operation of Real Time Bidding advertising technology?
  • When a tracking “pixel” is place on a  publisher’s website, does that create a “sale” or data “collection” by the ad-tech company placing it?
  • Does a publisher “sell personal information” by participating in programmatic advertising? Should a publisher block all tracking pixels or similar technologies?
  • Are publishers or other businesses providing any sort of “opt-out” link for the sale of personal information? 
  • How does a company permit a “household” to opt-out of data collection or targeting? 
  • What percentage of digital users so far are asking to be “opted-out” of the sale of personal information under CCPA?  (This questions is asked of each type of respondent). 
  • On what grounds has a CCPA access request been denied? 
  • How does a company verify an “authorized agent” asking for a user’s data? 
  • In answering a request does a company provide only information it  has collected or information it has gotten from third parties as well? 
  • How many deletion requests have companies received? 






Quoting Yale Law scholar, Wired article implies unfairness in how Google rations DoubleClick ID competitor access

“Modern digital advertising is all about being able to target users with the most precision. When someone arrives on a website using Google’s DoubleClick ad server, Google’s exchange “hashes” the ID, passing a different one along to the ad buying platforms. Those buyers then must match their ID with the hashed one to make sure they’re targeting the right person—a process called ‘cookie syncing.’ But cookie syncing, Srinivasan writes, ‘is inherently inefficient.’ Some percent of the time, the platform will fail to match the user. In those situations, she writes, advertisers aren’t willing to pay as much, or anything, because they aren’t guaranteed to reach the right audience.

“Google doesn’t have this problem, because it allows its own exchange, and its own ad buying platform, to see the DoubleClick ID. That means it automatically knows who the user is. Google says it shares the DoubleClick ID only with its own platforms to protect user privacy. But another result is to put a thumb on the scale of Google’s own properties: If you want to make sure you’re targeting the right user, you have an extra incentive to buy ads using Google. Google advertises this advantage as well.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp