Shifting digital identity control to individuals and trusted-party governance topics in first ITEGA webinar; micropayments?

Privacy Beat

Your weekly privacy news update.



Shifting digital ID to individuals, trusted-party governance and micropayments are topics in first ITEGA webinar

A shift in control of elements of digital “identity” from big-tech platforms to individuals — perhaps assisted by news organizations or other agents — was among ideas discussed in the first of three webinars this week organized by the Information Trust Exchange Governing Association (ITEGA).


New laws or regulations may be necessary to make the shift because participants in the current advertising-supported Internet — including ad-tech companies as well as publishers who feel forced to do the bidding of Facebook and Google — will not change against their economic interest, said participants in the 90-minute webinar, “Identity, Advertising and the Future of Journalism.

A key component of the shift is a trusted party — government or nonprofit — that would be responsible for governing compliance with privacy and identity rules and the exchange of value, financial or otherwise, discussants heard. U.S. Rep. Bill Foster, D-Ill., bipartisan digital identity bill cosponsor, was among webinar participants.

There is a role for government in assuring a single trusted identity for each of us, Foster suggested, and to structure a payments system “with so-called third-party anonymity.”  Later, he said “the bag of snakes” in any system will be to decided who will be responsible for auditing to make sure that when personal information is shared it is not mis-used.  At another point, Foster said he wondered why a system of “micropayments” for paying for digital information had not yet succeeded on the web.  “And if you want to keep from being tracked I believe there are ways to make that anonymous.”

A lawyer for The McClatchy Co., a major U.S. newspaper publisher, recounted how publishers feel unable to abandon programmatic advertising driven largely by Facebook and Google without a demonstrated alternative for “contextual advertising” that would replace revenue perceived to be at risk.

“If there was a contextual model that was demonstrated and there was some sort of cushion to help us make those transitions, if there was a unified agreement among the publishing industry that didn’t breach antitrust and corruption laws, in order to change the model, that would be fine,” said Meg Eason,  a McClatchy senior counsel who focuses in part on privacy law and compliance.

Richard Whitt, president of the Glia Foundation and a Mozilla fellow who spent more than a decade as a strategy executive at Google Inc., suggested publishers consider an additional business model besides advertising and subscriptions, operating as “information fiduciaries” to help their  users with identity, privacy and finding information.  Eason said she found the idea of interest, but added that right now, “We are journalists, we are reporters, we are not tech companies and we are not privacy experts.”

Free registration is open for the Jan. 21 webinar, which will take a detailed look at digital identity in advertising and the Feb 4 session will focus on solutions.



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


“Superfund for the Internet” proposal seeks to raise funding from social-media platforms to prioritize quality journalism

A Washington, D.C.-based non-profit think tank is readying a novel  “SuperFund” proposal proposal to Congress for support of quality journalism — by encouraging the cleaning up of fake news transmitted by social-media platforms, in theory bringing more attention to quality news.

The proposal taps some of the insights in a recent report published by new Senate Energy & Commerce Chair Sen. Maria Cantwell, D-Wash., whose office on Oct. 28 published a report, “Local Journalism: America’s Most Trusted News Sources Threatened.”

The “Superfund” idea is coming from Public Knowledge and it aims to encourage an increased level of fact checking by social media platforms through news organizations. It would levy a statutory fee on social-media platforms to replenish a revolving trust fund making payments for the fact-checking work, which would be conducted by news organizations. An independent government entity would administer the program.

“There are strong signs that the effectiveness of the platforms’ efforts could be increased through an independent oversight process,” writes Public Knowledge senior policy fellow Lisa Macpherson in a Dec. 23 blog post. She uses an illustration of an annual $1 per monthly user fee levied just on the biggest social-media companies, which would yield $6.8 billion for “information analysis services to clean up the internet.”

A sneak preview of the proposal was included in a May 11 blog post by Macpherson, “ “The Pandemic Proves We Need a Superfund to Clean Up Misinformation on the Internet.”   She wrote then: “The platforms should pay for these services to help to clear the toxic junk from their platforms, at a fair price. In doing so, we can provide an essential new revenue stream to local journalistic organizations and information analysts who also help protect our public and democratic institutions.”

The fee per year per monthly active user would be used to fund the fact-checking services. To avoid First Amendment implications, the platforms would not be told how or what to have fact checked, or how to act on the findings. The Superfund governing body would require the fact-checking processes, collect the fees, and allocate the fees to news organizations based on the amount of fact-checking provided.






Veteran DC privacy lawyer looks at coming year and offers advice to corporate clients: Beware of “creepiness” factor

A veteran Washington, D.C. privacy lawyer is out with a New Year’s summary of likely changes in privacy law and attorney Kirk Nahra covers the waterfront of privacy news and policy thoroughly.  In Ten areas of privacy law seen as ripe for change during 2021, the WilmerHale attorney says “chaos is probably too strong a word” but implementation and compliance challenges are real.

Some of Nahra’s key opinings:

  • Nahra advises his corporate clients to be aware of how the public will react to privacy practices, even if there is no obvious law being violated, including the “creepiness factor that arises in data-collection activities.”
  • Both the CCPA and CPRA — two California privacy laws — are poorly written in many places regardless of your view on the substance. The big question is how will enforcement evolve.
  • States aren’t moving as quickly as expected to follow California, but there may be action in Washington and New York.  Meanwhile, attorneys generals are becoming aggressive privacy enforcers, even as the U.S. Federal Trade Commission’s general authority exists.

  • “The real meat of a privacy law is very much up in the air” on Capitol Hill, including what are relevant use and disclosure principles, what individual rights will be and whether enforcement will by an FTC with beefed up authority or an entirely  new agency.  A wild card — whether Vice President-elect Kamala Harris will take an interest in privacy as she did when California AG.

  • Standard contractual clauses as a basis for data transfer from within the European Union are on their last legs as a temporary fix for the lack of a valid U.S.-EU Privacy Shield, and “there is a real possibility of a vast data island in Europe” which would be a lose-lose for all.   He continues: “For now, companies need to figure out a way to tread water, provide reasonable protections, stay out of the limelight and be reasonable in dealings with vendors and data partners.”



Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat




Is a token “hash” of a phone number or email ‘personal data’?  Possibly not in California, probably yes in EU

“Tokenization” refers to the process by which you replace one value (e.g., a credit card number) with another value that would have “reduced usefulness” for an unauthorized party (e.g., a random value used to replace the credit card number). In some instances, tokens are created through the use of algorithms, such as hashing techniques.

Information is not considered “personal information” under the CCPA if it has been “deidentified.” Deidentification means that the data “cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer.” An argument could be made that data once tokenized cannot reasonably be associated with an individual. That argument is strengthened under the CCPA if a business has implemented those technical and business processes to help prevent reidentification.

In comparison, in the context of the European GDPR, the Article 29 Working Party has stated that even when a token is created by choosing a random number (i.e., it is not derived using an algorithm), the resulting token typically does not make it impossible to re-identify the data and, as a result, the token is best described as “pseudonymized” data, which would still be “personal data” subject to the GDPR.?

  • Blog posted Jan. 5 by David A. Zetoony, one of the most prominent U.S. privacy lawyers, entitled: “What the heck is a token, and is it considered personal information in California and Europe?” His blog (subscribe) is called Data Privacy Disk, “updates on the evolving data protection landscape.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2021 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp