Fighting in the Google sandbox; Spectacle, TurtleDove and fiduciaries; and NYTimes syndication workpaper

Privacy Beat

Your weekly privacy news update.



Anonymous publishers and ad-tech companies gain British antitrust enforcer help fighting Google’s “sandbox”

An anonymous group of publishers and ad-tech companies — both British- and U.S.-based — have scored a victory in an effort to have more input into the way Google is approaching privacy-related changes to its market-dominant Chrome browser. The crux of the challenge — is Google’s solution anti-competitive?

  • If Chrome is set by Google to block third-party cookies in a pro-privacy move, will that also damage programmatic advertising competitors?

  • If Google re-embraces third-party cookies, will its browser be shunned by the public in favor of those offered by Mozilla, Microsoft and Apple?

There were multiple stories analyzing the Jan. 8 decision by Britain’s competitor authority, to look into Google’s plans, which it is calling “Privacy Sandbox” and which to some degree it has been discussing publicly in meetings of a World Wide Web Consortium (W3C) “privacy community group.”  Google’s preferred approach seems to be something it calls “TurtleDove”, which would move most of the guts of advertising-bidding into the browser, seen as taking control away from the rest of the ad-tech industry.

That’s in part why a group calling itself Marketers for an Open Web (MOW), petitioned the British government in November asking that “Privacy Sandbox” be reviewed on antitrust grounds. MOW’s organizer and spokesman is James Rosewell, founder of a 23-person advertising-device-tracking-data startup just outside London, 51Degrees.

Rosewell won’t disclose the membership of MOW, saying they are afraid of retaliation from Google. But he says they are U.S. and British publishers and ad-tech firms with 10,000 employees, excess of $4B in revenues and delivering 320 billion ad impressions yearly. One MOW attorney is prominent London antitrust expert Tim Cowen.

“The Privacy Sandbox would effectively create a Google-owned walled garden that would close down the competitive, vibrant open web,” Roswell says. “Providing more directly identifiable, personal information to Google does not protect anyone’s privacy. We believe that the CMA’s investigation will confirm this and save the web for future generations.”

His argument is in a “Funding the Web” post on MOW’s website which Rosewell says he wrote but is under the byline “Editor.” Not noted by Rosewell, is that privacy advocates say the way most digital ads are presently served — using third-party cookies — leaks personal information to the four corners of the web with no accountability or transparency.  The question is, how to clean that up without increasing Google’s existing ad dominance? And what will happen to billions in revenues now shared with high-flying ad-tech companies?

In July, Rosewell appealed to a governing board of the W3C essentially to decrease the control of Big Tech over the cookie-deprecation plans. That appeal, may hint at who some of the companies are.  You can follow the links below for more analysis of the MOW and British antitrust move.  A skeptical view of MOW’s motivations was posted the afternoon of Jan. 8 on the TechCrunch site by their premier ad-tech writer, Natasha Lomas.



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Image above from PubMatic report (see LINK and QUOTE OF THE WEEK)

Ad-blocker eye/o offering “Privacy Sandbox” effort “Spectacle”; any relation to “TurtleDove” or “fiduciaries”?

eye/o GmBH, the German company that became the most-prominent maker of ad-blocking software, with AdBlockPlus, and is widely believed to be receiving payments from Google to let Google AdWords through its nets, is moving in a new direction.

It plans to release by Jan. 25 a privacy product that aims to support publishers and advertisers by sharing segment memberships from an advertising profile generated completely within the user’s browser or device app.  It’s called “Spectacle” and tech details are already posted on GitHub. That’s an acronym for “Sensible Privacy Enablement by Clustering Targeting Attributes in CLiEnt.”

“By providing users with all the necessary tools to ensure that they remain unidentified as specific individuals, while informing them transparently about the usage of their information, an enhanced value exchange between content and its audience, as well as service providers and their users, can be established,” the GitHub description reads.

There’s a philosophical debate with privacy impacts around where personal identifying information about a user should be stored.  Some think it should be within special-purpose software, commonly called a “wallet” which is on the user’s device. The user chooses when to share the data with whom and for what purpose.  This approach is at the “edge” of the web and is favored by many privacy advocates.

But that’s not the way the commercial web works today. Personal data is captured and stored all over the place, by many parties and, at least in the United States, only California has begun to constraint its use.

The eyeo approach would seem to have the data on your machine, but controlled through your web browser. Apple and Google effectively dominate that world and many of the ideas proposed in Google’s “Privacy Sandbox”, including Google’s “TurtleDove” idea, would go that route.  When eyeo announces “Spectacle” it will be worth noting how to describe their relationship with the browser, and, hence, Google.

An alternative approach would be to have one or more “information fiduciaries” who store and manage a user’s personal data on a server, and operate as the user’s agent to carry out the user’s privacy preferences.  Consumer Reports has been running an experiment with a small number of its members in California along these lines, and ITEGA, the sponsor of Privacy Beat, is pursuing a similar strategy with news publishers acting as the “fiduciary.”





New York Times’ engineers propose news syndication that decreases role of platforms;
a “token” described —  like expired patent?

Two New York Times technologists are proposing to the World Wide Web Consortium (W3C) community a proposal for a new approach to collaborative content syndication that would reduce the power of aggregators such as Google and Facebook.  Their “Content Aggregation Technology (CAT)” proposal is detailed on the GitHub repository of The New York Times, where it is described as a “work in progress.”

The two are Robin Berjon, VP data governance at The Times and Justin Heideman, a web developer there.  In a nutshell, they want content to be accessed directly from servers under the control of publishers, not the aggregators, in formats preferred by the publishers, not the aggregators, and respecting the privacy preferences of users. As well, the propose that there be methods to support payment for content.

All of these are alternatives to content formats imposed by Google (AMP), Apple (Apple News Format) and Facebook (Facebook Instant Articles). The aggregators developed these limited-function HTML formats as a way of speeding up and making their user experience more uniform.  The workpaper calls this “aggregator-dominated architecture.”  A result has been a loss of control by publishers over the look and feel of their own work. They have also tended to centralize web services.

The alternative, they write, is “collaborative-syndication architecture” or, in the words of Berjon and Heiderman, “essentially a return to Open Stand[ard] principles in lieu of monopoly power.”  They suggest a technology called “entitlement tokens” to transfer permission of a readers to access content on a remote website, as through a network subscription. “This would enable business models in which publishers and aggregators work together on generating revenue according to their respective participation.”

A U.S. patent for a “token-validation service” designed for the news industry was granted Dec. 1, 2013 to Clickshare Service Corp., but those patent rights expired last year.  The expired U.S. Patent No. 8,606,719 is called, “System for Management of Alternately Priced Transactions on Network.”  One of the three inventors was the author of Privacy Beat.







Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

Google’s latest privacy exec, Rob Leathern, just left Facebook, and has a history of support for publishers

A few people covering the platforms and ad-tech companies took notice when Facebook’s director of product management, Rob Leathern, left the company during December, saying he was considering his next move.  This week, his LinkedIN profile shows he is now VP product, privacy and data protection at Google.

Leathern has a long history of startups at the front end of the now-mature ad-tech industry, including one called “Optimal”, which failed to scale with an ad blocker /subscription idea. At the time Leathern explained in 2016 was intended as “a way to protect your data privacy and attention that doesn’t destroy the publishing world!” The idea was to funnel people into subscribing. “After taking a small cut, Optimal would pay publishers according to the percentage of overall web traffic they generate,” he said in a 2016 interview. “If publishers don’t get paid, they can’t produce good content.”

At Facebook, according to his LinkedIN profile, he headed a business-integrity unit that “prevents abuse and removes bad actors from the platform, and provides ads- and data-transparency tools and controls.” Now, at Google, he writes that “Google’s privacy and security engineers are focused on building advanced privacy and security protections into products people use every day. That work is guided by the principles of treating your information responsibly, protecting it with advanced security, and keeping you in control with east-to-use settings.”

Leathern grew up in South Africa, where his brother, at least in 2016, was a journalist.







How do you square this with privacy? Ad-tech’s view of the central unique ID repository after cookies

Advertisers will never stop striving for addressability — but now they’ll have to arrive at addressable IDs in new ways. The entire digital advertising industry faces a stark and unavoidable reality: They have to target users without the benefit of the tools they’ve been relying on for years, and without running afoul of regulations.

In other words, advertisers tend to have a highly specific and well-thought-out idea of which segments they’d like to target . . . Ultimately, programmatic advertising will need to become addressable to survive — and addressable advertising will need to be programmatic to be scalable. As the industry moves forward, advertisers would be well advised to think of ID-based, addressable advertising as a fundamental component of programmatic — not an alternative to it. 

 . . . [I] can be difficult for advertisers and publishers to keep track of each ID in a managed, coherent way and without any cross-device redundancy . . . The ability to maintain a centralized database consisting of non-redundant IDs may well prove central to the future of influential, cost-effective ad targeting . . . .


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2021 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp