Above: A “swan” depiction cached from the SWANN.community website

GOOGLE, TRACKING AND PRIVACY

A British-based group of ad-tech companies sought on Friday advice and input from a World Wide Web Consortium (W3C) group for a new web identity system that could reduce the need for a set of proposals advanced by Google. The request by a group called SWAN.commmunity was made by ad-tech executive James Rosewell, a persistent Google ad-tech critic. 

“SWAN.community would appreciate the opportunity to explain our approach and intentions,” said Rosewell’s email to the members of the W3C’s Privacy Community Group, which has been reviewing ad-related privacy and identity proposals from Google, Apple and elsewhere. “We would also appreciate feedback from this group, particularly in relation to the use of legal remedies to protect people’s important privacy rights.”

“The group says its Secure Web Addressability Network (SWAN) offers an alternative as Google plans to phase out third-party cookies on its dominant Chrome browser,” wrote reporter Charlotte Tobbitt of the British media-analysis site PressGazette.co.uk.  Tobbitt’s account said the SWAN group would be nonprofit. In its March 31 announcement, Rosewell was quoted as saying: “We are replacing third party cookies with a utility that won’t be run for excessive profit or proprietary gain.”

The idea appears to be an anonymized shared identification openingly offered to users who arrive at participating websites. The users are given the option to accept the ID or not. Participating websites have to accept take-it-or-leave-it  “model terms” to participate in the cross-site identity service, which Rosewell said depends upon first-party cookies to operate.

STORY CONTINUES | READ MORE 

PERSONALIZATION 

• End of cookies calls for better approach to personalization | Tim Gloms, Harvard Business Review

PERSONAL PRIVACY 

• Big-tech and advertisers don’t tell reporter who they share user data with globally | Joseph Cox, Motherboard/Vice.com | RELATED: Sen. Wyden request
• All the data Google’s apps collect about you and how to stop it | Matt Burgess, Wired.com
• Commerce Secretary Raimondo defends census privacy method | Mike Schneider, Associated Press

APPLE PRIVACY CRACKDOWN

• Apple to start enforcing new app privacy notifications in coming weeks | Reuters Staff
• Apple shares more details about its imminent App Tracking Transparency feature | Antony Ha, TechCrunch.com
• Apple to start enforcing new app privacy notifications in coming weeks | Reuters PLC
• Apple Is Rejecting Apps That Use Third-Party Code For Alleged Privacy Infractions | Allison Schiff, AdExchanger.com
• Tech Tent: The end of ad tracking? | Rory Cellan-Jones, BBC.CO.UK
• Apple’s pending privacy clampdown overwhelms domain database | Thomas Claborn, TheRegister.com
• When Apple’s IDFA Changes Hit “Nobody Really Knows” What To Expect | Andrew Bluestein, AdWeek.com
• Apple IDFA Reckoning Shows The Value Of Attribution Technology | David Gasparyan | Forbes.com
• How Apple’s Privacy Changes Could Affect Its App Store | Joshua Hawkins, LifeWire.com

breaking-privacy-gridlock

PRIVACY AND POLICY 

Breaking privacy gridlock: Scholars see third-party certification among remedies 

Certification bodies, self-regulatory organizations and “other gatekeepers” are among ideas providing improved consumer privacy protection for the web proposed in a paper released this week by four respected academic researchers.

“Divisions over two enforcement issues—private right of action and federal preemption—have long gridlocked the effort to enact federal consumer privacy legislation,” the scholars write, adding: “A look at regulatory systems outside the privacy field, however, reveals a complex landscape of en-forcement mechanisms and remedies, many of which have not yet received much attention in the privacy debate.”

The paper (PDF) takes a look at the current U.S. federal privacy-law stalemate and is based on a set of 2020 workshops which gathered ideas from experts in financial services, environmental law, labor law, intellectual property and other fields. Among other ideas: A focus on regulatory supervision in addition to enforcement, and the right of citizens to sue.

“Many regulatory systems also rely on private-sector enforcers, such as certification bodies, self-regualtry organizations, accountants, lawyers and other ‘gatekeepers”, regulating the conduct of their third-party service providers,” the researchers write in an blog overview of their paper, headlined: “A Broader Look and Privacy Remedies.”

Quoting the work of Boston University law professor Rory Van Loo, they say policymakers in some fields have begun to rely upon third-party enforcement by the real gatekeepers of the economy — firms controlling access to core product markets. “Policymakers may want to look for ways to further leverage the power of browsers, operating systems and other technical intermediaries.”

  The paper’s four authors are Jim Dempsey, executive director of the Berkeley Center for Law & Technology at the UC Berkeley Law School, Chris Jay Hoofnagle, professor and faculty director of that center, Ira Rubinstein, a senior fellow at the Information Law Institute, and Katherine J. Strandburg, director of New York University’s Information Law Institute and an interdisciplinary privacy research group at NYU.

ANTITRUST / PRIVACY POLICY

• FTC court pleading calls Facebook an illegal ‘personal social networking’ monopoly | Alexis Keenan, Yahoo News
• Federal Privacy Rules Must Get “Data Broker” Definitions Right | Justin Sherman, LawfareBlog.com
• Mactaggart interview: How the tech industry is sewing confusion about privacy laws | Mark Sullivan, FastCompany.com | SEE QUOTE OF THE WEEK, BELOW
• Platforms, not regulators, are driving data privacy enforcement | Jessica Davies, DigiDay.com
• Why Democracy Needs Privacy: To prevent unfair influence | Carissa Veliz, BostonReview.net
• Six ways data sharing can shape a better future | Cathy Mulligan et al., World Economic Forum
• From California to Brazil: Europe’s privacy laws have created a recipe for the world | Jonathan Keane, CNBC.com

Ireland’s oldest independent human-rights body issued on Friday a strong criticism of the nation’s Data Protection Commission (DPC),  accusing it of significant apparent inaction on allegations that Google and other major U.S. tech companies are violating the privacy rights of European Union citizens.

It was the latest carefully footnoted and documented complaint from Johnny Ryan of the Irish Council for Civil Liberties (ICCL), who is particularly peeved that his claims alleging privacy violations by Google’s Real Time Bidding (RTB) advertising system have been languishing at the DPC for years with no findings or outcome.

The Irish DPC hs “delivered decisions in only 2% of the 196 EU-wide cases where it is the EU “lead” authority, Ryan write in the April 9 post. The ICCL proposes the Irish government appoint two new data-privacy commissioners and a new commission chair, and apparent challenge to the DPC’s head, Helen Dixon.

It’s a tricky situation for Ireland, which for tax-preference reasons hosts the EU headquarters of Google, Facebook, Apple and Microsoft, among others. EU law therefore makes the Irish DPC the preferred handler of any privacy regulation EU-wide.  So Ryan’s argument is that lack of action by the DPC is stalling any enforcement of the General Data Protection Regulation (GDPR) throughout Europe.

“The DPC is the bottleneck of GDPR enforcement against Google, Facebook, Microsoft and Apple, everywhere in the EU,” the ICCL paper says.

EU PRIVACY

• Is CCPA deidentification the same thing as GDPR anonymization? | David A. Zetoony, GreenbergTraurig law firm

• The challenge of protecting European privacy from Uncle Sam’s snoopers | Dick Roche, Euractiv.com

• Facebook’s tardy disclosure of breach timing raises GDPR compliance questions | Natasha Lomas, TechCrunch.com
• Taking on Big Tech, French antitrust chief urges others to do the same | Mark Scott & Thibault Larger, Politico.EU
• Schrems claims Google Advertising ID on Android is unlawful, files French complaint | Tim Anderson, TheRegister.com | COMPLAINT DOCUMENT
• Android Ad Identifier Violates EU Privacy Law, Activist Claims | Wendy Davis, DigitalNewsDaily/MediaPost.com
• French data watchdog to start checking cookie policy compliance | Mathieu Pollet, Euractiv.com
• Booking.com fined $560,000 for GDPR data breach violation | Jessica Haworth, PortSwigger.com

FACEBOOK DATA LEAK 

• OPINION: Facebook and Health Net hacks drive home the need for a national privacy law | David Lazarus, Los Angeles Times
• Answers being sought from Facebook over latest data breach | Natasha Lomas, TechCrunch.com
• Facebook’s reply: “The facts on news reports about Facebook data” | Mike Clark, Facebook Blog
• Up to 533 million Facebook users’ phone numbers and personal data have been leaked online | Aaron Holmes, BusinessInsider.com
• Facebook leak exposes data on 533 million users; Facebook says “scraping” caused it | C. Douglas Golden
• EU privacy chief victim of Facebook data leak | Aurens Cerulus & Vincent Manancourt, Politico.EU
• Facebook will not notify more than 530m users exposed in 2019 breach | Kari Paul, TheGuardian.com
• Wired’s Lily Hay Newman: “Another Day Another Data Leak” | via Marketplace Radio