Privacy motivates; Consumer Reports tests CCPA agent role; Google reports on FLoC;


Privacy Beat

Your weekly privacy news update.



Two separate studies assert privacy becoming critical consumer motivator; ‘willingness to pay’ addressed

Two surveys published this week, one done for the non-profit Consumer Reports (CR) and the other released by Cisco Systems, Inc., contribute to evidence that consumers are increasingly motivated by privacy and/or security concerns when buying.

A key finding of the Consumer Reports pre-COVID-19 survey of 5,085 Americans: A total of 96% of respondents agreed to at least one of six statements of ways  companies should do more to protect the privacy of consumers (See slide, above).

The research and findings, depicted in 75 slides, includes one of the most comprehensive 25-year timelines of digital privacy research and developments.  CR released the study, Privacy Front and Center: Meeting the Commercial Opportunity to Support Consumer Rights, in sync with Omidyar Network, a social-venture nonprofit. In summarizing the report, Omidyar’s Jesus Salas bullet-pointed six findings. 

Omidyar is backing CR’s privacy-related work and at the same time this week launched with it a new website, “The Digital Standard” — described as an open-source “framework for measuring consumer values like privacy, security and ownership.”  CR also announced a small pilot testing its potential to serve as a privacy “Authorized Agent” under California law (see item, below).

CR’s testing and comparative evaluations on privacy + security are based on the Digital Standard and contribute to a product’s overall score. If companies want their products to rate higher, the Digital Standard provides a roadmap.

“The study shows that raising the standard for privacy and security is a win-win for consumers and the companies,” said Ben Moskowitz, director of CR’s Digital Lab, which managed the survey and research and wrote the report.  The report says technology companies focused on privacy and security “will see significant upside. The upside comes from higher regard for brand and higher willingness to pay.”

The CR survey found 45% of American consumers indicate a potential willingness to pay for online privacy, particularly in health, technology and security. (See QUOTE OF THE WEEK, below, for excerpts from the CR-Omidyar report).

The term “willingness to pay” — at issue between supporters and opponents of California’s Proposition 24 — is used in the CR-Omidyar report with the report’s caveat that “our goal is not to turn the right of privacy into a luxury good out of reach, but rather to harness competitive dynamics to raise privacy and data-security standards.” It continues: “However, we are interested in whether differentiation could be an opportunity for first-movers to capture market share or increase short-term willingness to pay.”

Willingness to pay is also addressed in the second report, the 19-page Cisco 2020 Consumer Privacy Survey, entitled “Protecting Data Privacy to Maintain Digital Trust,”  involved June contacts with 2,600 adults in 12 countries, five in Europe, four in Asia Pacific and three in the Americas.

It focused findings on a 29% segment of respondents it calls “Privacy Actives” –who say they care about privacy, are willing to act to protect it, and have already acted by switching companies or providers over their data policies or practices. It found 89% of these Privacy Actives want more control over their data; 79% said they were willing to spend time and money to achieve control, and also said it was a buying factor and that “I expect to pay more.”  Forty-two percent have switched companies or providers over data policies or data sharing policies.




Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Consumer Reports testing role as “authorized agent” under CCPA; corporate response “runs the gamut”

The California Consumer Privacy Act (CCPA), as well as the upcoming Prop 24 initiative, pioneer a new concept in privacy law and policy — the idea that an “authorized agent” might be in the business of managing communications between consumers and business over the consumer’s privacy preferences.

Now, the nonprofit co-operative, Consumer Reports, is testing the waters of the idea. It has selected 21 companies across tech and consumer verticals, and lined up 100 of its members to volunteer as clients of its authorized-agent pilot.   See: “Putting the CCPA into Practice: Piloting a CR Authorized Agent.”

Here’s how it will work, according to Ginny Fahs, the CR Digital Lab consultant who is running it. Volunteers submit their name, email and physical address to CR, which two-factor authenticates them, and also has a direct conversation to confirm physical address. The volunteer then digitally signs a virtual document (other firm’s EXAMPLE) making CR her “authorized agent.”

The point of the pilot is to study how to make it easy for California residents covered by the CCPA to exercise their commercial data rights, and “to do it conveniently, with a trusted agent” such as Consumer Reports.

Under CCPA and Prop 24, this gives CR the authority to contact personal data handlers and make “data subject requests” — ask what info the company has on the CR member, provide a copy of it all, and respond to a request to delete and/or stop using or sharing it.

So far, says Fahs, responses from the 21 companies run the gamut. “We had companies create cases within an hour and the processing [of the request] is kicked off naturally, it seems. We’ve had companies push back and say this does not apply to us. We are still trying to figure out our agent workflows.”   (Here is Microsoft’s guidance for authorized agents, and one from Ceasars Entertainment).

The opportunity to make money serving as an “authorized agent” is already being explored by for-profits, such as Privacy Bee.  And Kanary, a Chicago company formed by an ex-IBM consultant charges $5 a month to crawl creepy websites and submit requests for them to cleanse the sights of your data. It’s in version two.





Google  reports on FLoC amid W3C talks over cookie replacement, but not everyone’s ready to run with it

The advertising portion of Google offered research this week amid the World Wide Web Consortium’s (W3C) hosting of efforts to replace third-party cookies for programmatic advertising, declaring in a white paper (GOOGLE’S FLoC WHITE PAPER) satisfaction with results of an approach which would vest most user data control in the web browser.  Google’s Chrome has roughly 80% of the global browser market.

The white paper emerged in the same week Google was advised of what it termed a “bug” in Google Chrome that was saving user data for Google corporate even after the browser user asked that it be deleted.  This prompted Paul Bannister, of publisher ad-placement company CafeMedia to Tweet: “This ‘bug’ is exactly why the browser can’t be trusted to store a user’s private data.”  Bannister is among those who have  proposed to W3C discussion groups an approach that would put user data under the control of an independent third-party cloud service to which browser, publishers, advertisers and ad networks would “talk.”

The sentiment of distrust of Google was echoed in another context this week. “In the digital media industry, Google has set itself up superbly to dominate not only the vertical ad tech chain, but also to dominate ownership of consumer identity,” ad-tech CEO Mike Woosley, of Lotame was quoted by AdExchanger’s Allison Schiff in a story about Google and the DOJ’s antitrust lawsuit.





Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

Fou says data show GDPR compliance yields fewer  “trackers” on German, U.K., sites compared to U.S.

Compliance with Europe’s tough GDPR privacy rules appears to be reducing the number of opaque, third-party trackers on publisher websites, reducing the risk publishers will run afoul of the law, says veteran ad-tech researcher and consultant Augustine Fou.

“Publishers should continue to aggressively reduce the number of third-party ad tech trackers on their sites,” Fou wrote this week in a blog post, “GDPR Enforcement — A Glimmer of Hope for Privacy and Marketing.”   In the blog, Fou says German consent-management platform (CMP) scanned a large number of Germany, U.K. and U.S. sites using his FouAnalytics “Page Xray” and found, on average, 8 tracking requests (and 85 ad server requests) for Germany sites, an average 18 tracking requests (and 300 ad server requests) on U.K. sites and an average 25 requests (and 414 ad-server requests) on U.S. sites.

Fou also wrote that:

  • Millions of non-human bots that visit publisher websites give consent-string authorization to tracking, meaning marketers are mislead into believing “consented” viewers are real people, when most are not.
  • Advertisers should, in his view, undertake a direct query to ad viewers asking for first-party consent to track, so then can reduce compliance risk and liability and not be “dependent on someone else having properly collected proper consent.”






Consumer Reports survey finds 45% of Americans might be willing to pay for online privacy; want sharing contro

  “Privacy is not the opposite of sharing personal information; rather, it is control over sharing. There are real benefits to sharing data, but consumers consistently report feeling a lack of agency and control over their data. According to a recent Pew survey, just 9% of people believe they have “a lot of control” over the information that is collected about them, even as 74% say “it is very important to be in control.” Privacy is highly contextual and involves a complex set of trade-offs that can mix tangible, intangible, and abstract qualities. Privacy attitudes and privacy behavior are grouped too often.

Forty-five percent of American consumers indicated a potential willingness to pay for online privacy. Privacy and security present sizable and rapidly growing opportunities Consumer focus on privacy and security is rising. Data privacy and security can be a point of beneficial product differentiation. Benefits may come in the form of pricing power, profitability, market share, goodwill, talent attraction, or others.

Cultural and societal attitudes towards data privacy have irreversibly shifted. 100+ privacy and data governance-related laws introduced at state and federal levels since the 2018 California Consumer Privacy Act. These laws could ultimately disrupt data-driven business models that rely upon the monetization of personal data.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp