PRIVACY BEAT:  Apple, Google debate who should share users across domains; Mozilla, Stanford testing journalism’s impact

Privacy Beat

Your weekly privacy news update.


 (Privacy Beat will be on vacation Friday, July 9)

Who can share users across domains? And when? Apple, Google discussions playing out in W3C group; SSO at stake? 

When a user logs in on one website, how and when should that log in be carried forward to other websites? The answer to that question could affect most organizations that operate multiple domains and websites, and could have a significant impact on users, too.  Answering that question is not simple, it appears from discussions in a public interest group maintained by the World Wide Web Consortium (W3C). Not surprisingly, the two most important players — Google and Apple — are not yet in agreement. 

The discussion — quite technical and difficult to follow — continued last week (June 24) during an online web meeting of the W3C Privacy Community Group, with 45-50 participants. The discussion (see minutes) was opened by Google Chrome Privacy Sandbox lead engineering manager Kaustubha Govind, who was updating the group on Chrome’s First Party Sets proposal. A key respondent was John Wilander, Apple WebKit security and privacy engineer, who works on the Safari browser.  Both are working on a variety of privacy initiatives to tighten the way browsers handle “cookies” and exchange of user data. 

In the June 24 session, a key question was who should decide when two different domains in common corporate ownership — say and — should be permitted to share information through a user’s browser? Or, say, and Or, and Or what if a trade collaboration such wants to run a federated single-sign on (SSO) service for hundreds of member news sites and share common user data? 

“How do you actually prevent this from bad-faith actors making — claims that they’re the same first party when they’re not,” asked Govind.  She said Google was thinking of a policy-based process to work where the technology might not. Browser software makers Google and Apple are debating the possibility of having a independent third party provide a “white list” of domain names that are considered to be in common ownership or affiliation — rather than have a single browser vendor do so.  The browser software could query the third party to determine whether a particular domain could ‘share identity’ with another one. 

“I”m very encouraged by the prospect of having something that can be automatically checked in order to avoid a lot of potential future policy debates,” observed Don Marti, of, which manages advertising for hundreds of publishers. 

Facebook Connect and Google Accounts provide login across multiple websites. It’s not clear how they would be affected by the W3C discussions, or how federated Single Sign On (SSO) services would be cleared to share logins. 




Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

 Privacy Beat will be on vacation Friday, July 9


Stanford, Princeton working with Mozilla on opt-in research data use to test investigative journalism’s impact

For two decades, Internet visionaries have held out the promise that citizens who use the web should have ultimate control of information about who they are, what they like — and what they do.  But it hasn’t worked out that way.  Instead, books like Shoshana Zuboff’s “Age of Surveillance Capitalism” have popularized the idea that major tech platforms profit by collect user activity and using it to make money.

Now, Mozilla Inc., operator of the Firefox web browser, wants to find out how many web users are willing to share their personal data for research rather than profit with an initiative called “Mozilla Rally.”  It’s starting two research projects, and one of them involves study of how to help pay for journalism. Mozilla is owned by the Mozilla Foundation, a 501(c)3 nonprofit organization. 

Mozilla is working with researchers at Princeton University (on COVID-19 and the news) and Stanford University, on a study called “Beyond the Paywall,” a reference to how many news organizations control access and payment to web information. A GitHub description of the paywall project is designed “to measure both the accountability impact of, and consumers’ willingness to pay for, investigative journalism by local outlets . . . . “ At Stanford, Gregory Martin is the project director ( | 650-498-3321).

“Your data is valuable,” the pitch page for the initiative begins. “But for too long, online services have pilfered, swapped and exploited your data without your awareness. Privacy violations and filter bubbles are all consequences of a surveillance data economy. But what if, instead of companies taking your data without giving you a way, you could select who gets access to your data and put it to work for public good?” 

At the moment, Rally is meant to appeal to a kind of civic instinct in internet users, DigiDay reporter Max Willens wrote in his account. He says Mozilla and its collaborators hope eventually to share information back with users “as a kind of value exchange and also as a way of understanding the picture that some of the largest digital companies can and do draw from their consumers.”





California data reporting kicks in 

Knight-UMass research vision of “platform” future: Smaller communities focused neighborliness and citizenship

A new vision of social-media platforms running at the scale of real communities — rather than hundreds of millions of users — and focused on how to support better neighbors and better citizens, should be the focus of efforts to replace YouTube, Facebook and Amazon in their current forms, academic researchers have heard. 

The vision was laid out in pieces during a week-long virtual symposium in May organized by Columbia University’s Knight First Amendment Institute and the University of Massachusetts-Amherst’s public-policy school.  The “Reimagine the Internet” sessions were viewed by at least 1,400 people according to organizers, including Ethan Zuckerman, a visiting scholar at the Knight institute who is now a professor at UMass.  

Zuckerman said a big problem with prominent internet communities is that they are too big to be communities.

“It’s not too late to fix things,” Zuckerman was quoted in a summary report of the proceedings, as saying. “But the key is that we have to stop fixing what exists right now and start imaging something else is possible. It’s not about fixing Facebook, It’s not about fixing YouTube. It’s not about fixing Google. It’s about imaging and building alternatives to what exists now.” 

In research leading up to the symposium, Zuckerman looked at some nascent alternatives, including WikiPedia, and Front Porch Forum.  It would help if multiple community networks operated in such a way as to make it easy for people to move their data from one to the other or use more than one in the same fashion.  This was termed, variously, “adversarial interoperability” or “competitive compatibility,” according to the summary report by A. Adam Glenn. 

“The internet and the relationships that we have with each other on it are just too important to leave up to to the market,” Glenn quoted Zuckerman as saying. “It’s not just about what becomes the most popular, what becomes the most successful. We actually need tools that are designed specifically to help us to be better citizens and to be better neighbors.”




Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

(Privacy Beat will be on vacation July 9)


Speculation abounds on why Google delayed cookie death knell; what is Apollo Global thinking? A clue

Analysis by ad-tech publishers and just about every other stakeholder continued this week after Google’s announcement last week that it would delay at least until the end of 2023 the block of third-party cookies by its dominant Chrome web browser.  As Privacy Beat wrote last week, Google’s decision took off the table a potential antitrust talking point for competing ad-tech and publishers.  But it was also a relief to them, because nobody is pleased with the alternatives yet.

Among the most intriguing comments was a blog post from Ivan Markman, chief business officer of Verizon Media, the spinout of Verizon that is now owned by Apollo Global Management Inc. Markman’s reaction piece, “What we can learn from Google’s cookie deprecation delay,” ends with a invitation to Google “Let’s design the future together.”  Apollo’s Verizon owns AOL, Yahoo, Tech Crunch and a host of websites which together comprise one of the biggest collection of monthly users outside of the biggest platforms like Google, Facebook and Amazon.  Verizon Media has been working on its own solution to identity management that is competitive — or complementary depending on our point of view — with Google initiatives such as FLoC. 

Back in December, Verizon Media said its “unified identity solution” — ConnectID — would link to 600 million impressions with advertisers, according to Laurie Sullivan’s account at   In the account by Ronan Shields at a total of 900 million “customer touch points” was cited by Verizon.





Judge Boasberg explains why the FTC needs to better state its allegations of antitrust violations against Facebook

  • The following are excerpts from a 53-page decision by D.C. Circuit Judge James F. Boasberg from his Jun. 28 decision dismissing FTC v. Facebook Inc., the antitrust case brought by the U.S. Federal Trade Commission against the social-media giant.  Boasberg ruled the FTC had not sufficiently alleged conduct in violation of antitrust laws, for the case to proceed to discovery. But he gave the agency 30 days to attempt to refile its complaint with revised allegations. 

“At the time of the last great antitrust battle in our courthouse — between the United States and Microsoft — Mark Zuckerberg was still in high school. Only after his arrival at Harvard did he launch “The Facebook” from his dorm room. 

“Nearly 20 years later, both federal and state regulators contend, in two separate actions before this Court, that Facebook is now the one violating the antitrust laws. The company, they allege, has long had a monopoly in the market for what they call “Personal Social Networking Services.” And it has allegedly maintained that monopoly, in violation of Section 2 of the Sherman Act, through two different kinds of actions: first, by acquiring firms that it believed were well positioned to erode its monopoly — most notably, Instagram and WhatsApp; and second, by adopting policies preventing interoperability between Facebook and certain other apps that it saw as threats, thereby impeding their growth into viable competitors. 

“Both suits seek equitable relief from this conduct, including forced “divestiture or reconstruction of businesses” as well as orders not to undertake similar conduct in the future . . . . First, even if the FTC had sufficiently pleaded market power, its challenge to Facebook’s policy of refusing interoperability permissions with competing apps fails to state a claim for injunctive relief . . . Second, the agency is on firmer ground in scrutinizing the acquisitions of Instagram and WhatsApp, as the Court rejects Facebook’s argument that the FTC lacks authority to seek injunctive relief against those purchases. Whether other issues arise in a subsequent phase of litigation is dependent on how the Government wishes to proceed . . . .

“Here, given the Court’s conclusions above, the FTC cannot use 13(b) to challenge Facebook’s Platform-related conduct because it has not pleaded that any actual Section 2 violation is ongoing or about to occur. The closest the agency comes is its allegation that, “[h]aving suspended its anti competitive platform policies [in December 2018] in response to anticipated public scrutiny, Facebook is likely to reinstitute such policies if such scrutiny passes.” Redacted Compl., ¶ 149 (emphasis added). Even if the mere resumption of Facebook’s no-dealing-with-competitors policies were itself unlawful — which, as just explained at length, it is not — that conditional and conclusory allegation would be insufficient to establish the requisite imminence . . . . “

“ . . . [W]hile it is possible that Facebook’s alleged scheme of revoking API access from competitor apps could form the basis of a plausible refusal-to-deal claim under Aspen Skiing, the Court need not address that question. Even assuming the answer is yes, injunctive relief is not available now for such a claim as a matter of law . . . in summary, the Court concludes — and advises the parties going forward — that in its view, Facebook’s “imposition and enforcement of anti competitive conditions on access to [its] APIs,” id., ¶ 71, as that conduct has been pleaded, either does not amount to exclusionary conduct violating Section 2 of the Sherman Act or, to the extent that it might, cannot be the basis for an injunction under Section 13(b) of the FTC Act . . . .

“ . . . At this point, the Court simply holds that, contrary to the company’s main contention, an injunction under Section 13(b) is a theoretically available remedy in a Section 2 challenge to long-ago mergers so long as the defendant still holds the purchased assets or stock, as is the case here . . . .

“For the foregoing reasons, the Court will grant Facebook’s Motion to Dismiss, but it will dismiss without prejudice only the Complaint, not the case. The Court will also grant leave to amend and order Plaintiff to file any amended Complaint within 30 days.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2021 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp