Two separate studies assert privacy becoming critical consumer motivator; ‘willingness to pay’ addressed

Two surveys published this week, one done for the non-profit Consumer Reports (CR) and the other released by Cisco Systems, Inc., contribute to evidence that consumers are increasingly motivated by privacy and/or security concerns when buying.

A key finding of the Consumer Reports pre-COVID-19 survey of 5,085 Americans: A total of 96% of respondents agreed to at least one of six statements of ways  companies should do more to protect the privacy of consumers (See slide, above).

The research and findings, depicted in 75 slides, includes one of the most comprehensive 25-year timelines of digital privacy research and developments.  CR released the study, Privacy Front and Center: Meeting the Commercial Opportunity to Support Consumer Rights, in sync with Omidyar Network, a social-venture nonprofit. In summarizing the report, Omidyar’s Jesus Salas bullet-pointed six findings. 

Omidyar is backing CR’s privacy-related work and at the same time this week launched with it a new website, “The Digital Standard” — described as an open-source “framework for measuring consumer values like privacy, security and ownership.”  CR also announced a small pilot testing its potential to serve as a privacy “Authorized Agent” under California law (see item, below).

CR’s testing and comparative evaluations on privacy + security are based on the Digital Standard and contribute to a product’s overall score. If companies want their products to rate higher, the Digital Standard provides a roadmap.

“The study shows that raising the standard for privacy and security is a win-win for consumers and the companies,” said Ben Moskowitz, director of CR’s Digital Lab, which managed the survey and research and wrote the report.  The report says technology companies focused on privacy and security “will see significant upside. The upside comes from higher regard for brand and higher willingness to pay.”

The CR survey found 45% of American consumers indicate a potential willingness to pay for online privacy, particularly in health, technology and security. (See QUOTE OF THE WEEK, below, for excerpts from the CR-Omidyar report).

The term “willingness to pay” — at issue between supporters and opponents of California’s Proposition 24 — is used in the CR-Omidyar report with the report’s caveat that “our goal is not to turn the right of privacy into a luxury good out of reach, but rather to harness competitive dynamics to raise privacy and data-security standards.” It continues: “However, we are interested in whether differentiation could be an opportunity for first-movers to capture market share or increase short-term willingness to pay.”

Willingness to pay is also addressed in the second report, the 19-page Cisco 2020 Consumer Privacy Survey, entitled “Protecting Data Privacy to Maintain Digital Trust,”  involved June contacts with 2,600 adults in 12 countries, five in Europe, four in Asia Pacific and three in the Americas.

• Cisco reports highlight widespread desire for data privacy and fears over remote work security | Jonathan Greig, TechRepublic.com
• Cisco annual consumer survey finds privacy a “consumer priority” important to business | Robert Waitman, Cisco blog

It focused findings on a 29% segment of respondents it calls “Privacy Actives” –who say they care about privacy, are willing to act to protect it, and have already acted by switching companies or providers over their data policies or practices. It found 89% of these Privacy Actives want more control over their data; 79% said they were willing to spend time and money to achieve control, and also said it was a buying factor and that “I expect to pay more.”  Forty-two percent have switched companies or providers over data policies or data sharing policies.

PERSONAL PRIVACY

• Prominent academics  seek to curb discriminatory ad targeting | Laura Edelson, TechCrunch.com
• DHS Biometrics Plan: ‘Unacceptable Escalation of Government Surveillance,’ Senators Say | Mila Jasper, NextGov.com
• Federal appeals court: No clear due-process right to information privacy | John M. Baker and Katherine M. Swenson, Law.com | DECISION DOCUMENT
• Eighth Circuit Finds Qualified Immunity Protects Officers From Privacy Violations | NEHAMA, GWU Law School via AmericanBar.org
• Microsoft’s Privacy Chief Calls for Greater Consumer Data Protection to Aid Pandemic Recovery | Dan Clark, Law.com
• University of Miami tracked protesters with video surveillance | Joshua Ceballos, Miami New Times

ANTITRUST

• Google antitrust suit seen as not focused on digital ad marketplace | Rob Williams, PublishingInsider/MediaPost.com
• DOJ’s antitrust suit fails to focus on Google “ownership” of consumer identity | Allison Schiff, AdExchanger.com
• FTC staffers said to recommend filing antitrust suit against Facebook | Wall Street Journal via Benton Foundation
• FTC. Decision on Pursuing Facebook Antitrust Case Is Said to Be Near | Cecilia Kang, New York Times
• States prepare to file their own Google antitrust suit; Texas re advertising | Wall Street Journal via Benton Foundation
• The Information says Cicillini will push for publishers over platforms | Christopher Stern, TheInformation.com
• VIDEO: “Confronting America’s Concentration Crisis” | via American Economic Liberties Project
• Mozilla appears worried about being collateral damage in U.S. v. Google | Paul Sawers, VentureBeat.com

WASHINGTON | SECTION 230

• Bipartisan bill would limit president power to shutdown Internet | Rep. Anna Eshoo via Benton Foundation
• Section 230 Basics: There Is No Such Thing As A Publisher-Or-Platform Distinction | Cathy Gellis, TechDirt.com
• North Carolina GOP congressman introduces bill to sunset Section 230 | Ted Budd website | REACTION
• FCC general counsel asserts authority to regulation Section 230 | Tom Johnson via Benton Foundation
• FCC flip flop to consider regulating platforms via Section 230 examined | Tony Romm, WashingtonPost.com
• Section 230 reform: Can the FCC regulate the internet? | Daniel Lyons, American Enterprise Institute
• Two key Democrats respond to FCC rule making on Section 230 | | Frank Pallone & Mike Doyle News Release
• Does what happened with Jeffrey Toobin illustrate why Section 230 is needed? | Mike Masnick, TechDirt.com

Consumer Reports testing role as “authorized agent” under CCPA; corporate response “runs the gamut”

Now, the nonprofit co-operative, Consumer Reports, is testing the waters of the idea. It has selected 21 companies across tech and consumer verticals, and lined up 100 of its members to volunteer as clients of its authorized-agent pilot.   See: “Putting the CCPA into Practice: Piloting a CR Authorized Agent.”

Here’s how it will work, according to Ginny Fahs, the CR Digital Lab consultant who is running it. Volunteers submit their name, email and physical address to CR, which two-factor authenticates them, and also has a direct conversation to confirm physical address. The volunteer then digitally signs a virtual document (other firm’s EXAMPLE) making CR her “authorized agent.”

The point of the pilot is to study how to make it easy for California residents covered by the CCPA to exercise their commercial data rights, and “to do it conveniently, with a trusted agent” such as Consumer Reports.

Under CCPA and Prop 24, this gives CR the authority to contact personal data handlers and make “data subject requests” — ask what info the company has on the CR member, provide a copy of it all, and respond to a request to delete and/or stop using or sharing it.

So far, says Fahs, responses from the 21 companies run the gamut. “We had companies create cases within an hour and the processing [of the request] is kicked off naturally, it seems. We’ve had companies push back and say this does not apply to us. We are still trying to figure out our agent workflows.”   (Here is Microsoft’s guidance for authorized agents, and one from Ceasars Entertainment).

The opportunity to make money serving as an “authorized agent” is already being explored by for-profits, such as Privacy Bee.  And Kanary, a Chicago company formed by an ex-IBM consultant charges $5 a month to crawl creepy websites and submit requests for them to cleanse the sights of your data. It’s in version two.

CALIFORNIA PRIVACY

• Becerra’s third set of CCPA regulation changes assessed | Alan Friel et al., BakerHostetler law firm
• Proposed CCPA Regulations Add Clarity to Consumer Opt-Out Rights | Jonathan Ende et al., McDermott Will & Emery
• EFF likes Becerra’s CCPA regulatory ideas for easy consumer privacy burdens | Wendy Davis, DigitalNewsDaily.com

PROP 24 COUNTDOWN

• Big tech view not obvious in Prop 24 in-the-weeds debate among privacy advocates | Joshua Brustein, Bloomberg News
• SLIDE DECK: CalMatters policy nonprofit’s summary of Prop 24 and advocacy funding | CAlMatters.org
• CHART: “Sensitive” data types in CCPA and Prop 24 compared and listed | David Zetoony, GreenbergTraurig law firm
• Does the term “personal information” mean the same thing as the term “personally-identified information”? | David Zetoony, GreenbergTraurig law firm
• AUDIO: 46-minute deep-dive podcast into Prop 24 | Daniel J. Zarchy, Buchalter Law Firm
• AUDIO/TRANSCRIPT: Public radio talks to Mactaggart, EFF’s Tsukayama on Prop 24 | Katrina Schwartz et al., KQED.org
• Privacy nonprofit’s analysis of Prop 24 — expansion but loopholes | Privacy Rights Clearing House
• OVERVIEW: Attempt to clear confusion about Proposition 24 | Thomas Smith, OneZero.Medium.com
• VIDEO: Consumer advocates differ on Prop 24 support, opposition | Christine Roher, NBCLosAngeles.com

DIFFERENTIAL PRIVACY

• Differential privacy explained; emerges as rapidly adopted technique | Gabriel Kaptchuk, GCN.com
• The fragility of privacy – can differential privacy help with a probabilistic approach? | Neil Radin, Diginomica.com
• Where consumers don’t understand use of data, differential privacy emerges | Gabriel Kaptchuk et al., TheConversation.com

COVID-19 AND PRIVACY

• Contact Tracing Raises Privacy Issues for Businesses to Consider | Shari Claire Lewis, Law.com
• US contact tracing apps still a mess, despite Apple’s efforts | Ben Lovejoy, 9to5Mac.com | RELATED

Google  reports on FLoC amid W3C talks over cookie replacement, but not everyone’s ready to run with it

The advertising portion of Google offered research this week amid the World Wide Web Consortium’s (W3C) hosting of efforts to replace third-party cookies for programmatic advertising, declaring in a white paper (GOOGLE’S FLoC WHITE PAPER) satisfaction with results of an approach which would vest most user data control in the web browser.  Google’s Chrome has roughly 80% of the global browser market.

The white paper emerged in the same week Google was advised of what it termed a “bug” in Google Chrome that was saving user data for Google corporate even after the browser user asked that it be deleted.  This prompted Paul Bannister, of publisher ad-placement company CafeMedia to Tweet: “This ‘bug’ is exactly why the browser can’t be trusted to store a user’s private data.”  Bannister is among those who have  proposed to W3C discussion groups an approach that would put user data under the control of an independent third-party cloud service to which browser, publishers, advertisers and ad networks would “talk.”

The sentiment of distrust of Google was echoed in another context this week. “In the digital media industry, Google has set itself up superbly to dominate not only the vertical ad tech chain, but also to dominate ownership of consumer identity,” ad-tech CEO Mike Woosley, of Lotame was quoted by AdExchanger’s Allison Schiff in a story about Google and the DOJ’s antitrust lawsuit.

RELATED LINKS:

• With cohorts FLoC, Google closer to ads that can deliver personalization and privacy | Greg Sterling, SearchEngineLand.com
• Google asserts “pleasant surprise” in white paper on FLoC testing | Lara O’Reilly, DigiDay.com
• Google Releases Results From Early Tests Of Cohort-Based Advertising | Allison Schiff, AdExchanger.com
• User setting to delete activity logs in Google Chrome keeps data for Google sites | Wendy Davis, DigitalNewsDaily/MediaPost.com
• Google Chrome (bug?) retains your site data from Google and YouTube, even when you say no | Isobel Asher Hamilton, BusinessInsider.com | TWEET: Can Google be trusted use user data in browser? .

ADVERTISING TECH

• CHART: See all the ad tracks that load on one page of Wired.com | Augustine Fou, Forbes.com
• Ad tech researcher claims targeting doesn’t yield more relevant ads | Augustine Fou, Forbes.com
• Startup Grew.dev asks: Is location personalization without privacy concerns?  | Grew.dev via Kimmo Ihanus blog
• Ad tech industry: Apple privacy rules for Safari stricter than expected | Lara O’Reilly, DigiDay.com | APPLE’S BLOG
• The three big changes: Content payments, privacy push, platform regulation  | Chris Pedigo, Digital Content Next
• OneTrust’s take on publisher feedback on GDPR/CCPA: “Consent drives the future” | Lynne Johnson, AdMonsters.com

BROWSERS, APPS AND PRIVACY

• Global Privacy Control seen as new browser solution | Sara Morrison, ReCode.com
• Facebook Promises Privacy Reform. Critics Aren’t Convinced | Lily Hay Newman, Wired.com
• Google’s Waze Can Allow Hackers to Identify and Track Users | Elizabeth Motalbano, ThreatPost.com
• The Markup makes own web browser to check on Facebook content targeting algorithms | Joshua Benton, Nieman Lab | RELATED LINK

PRIVACY BUSINESS

• Israeli startup Mine raises $9.5M to help people control their personal data | Anthony Ha, TechCrunch.com
• Data privacy startup Mine raises $9.5 million and expands to the U.S. | Kyle Wiggers, VentureBeat.com
• Google’s AI fund leads $9.5 million investment in  Isaeli data-privacy startup Mine | Shoshanna Solomon, TimesofIsrael.com
• Consulting firm Protiviti launches ‘privacy as a service’ offering | Consulting.us
• Microsoft privacy exec calls for government/business collaboration on privacy laws | Julie Brill, via IAPP Daily Dashboard
• Despite Concessions, Experts Warn $2.1B Google-Fitbit Deal Risks Privacy, Competition | Robert Bateman, Digital Privacy News