Technologists and policymakers must collaborate in privacy, NYTimes exec says | what should be in federal law?

Privacy Beat

Your weekly privacy news update.



Robin Berjon, vp, New York Times  (Photo, Smashing Magazine)

NY Times privacy exec compares website tracking to a bookstore; says technologists and policymakers must collaborate

A top data-governance executive at The New York Times says privacy is an unsolved problem on the web.  In a “Pushing Back on Privacy” essay on the Smashing Magazine website, RobIn Berjon uses the analogy of a bookstore to explain when privacy goes awry on a website. “As you browse freely from site to site, your privacy is not in trustworthy hands,” he writes.

Berjon says privacy solutions “will require cooperation between technologists and policymakers.” He says makers of browser software are doing excellent work toward preventing web tracking, and Google’s Chrome, the biggest holdout, “has promised change in 2023.”

Imagine, says Berjon, if a bookstore has security cameras that are used for the sole purpose of confirming shoplifting and the images captured never leave the store premises. Imagine also if the bookstore has a separate system of unobtrusive small cameras that watch book browser behavior and send it to an off-premises third party for marketing purposes.

The analogy, he says, is like a news website that may track users for internal purposes, but also allow a variety of third-party trackers on site as well.  The consumer might well trust the first use but be uncomfortable about the second one, Berjon explains. He touts The Markup’s Blacklight as a way to check what such third-party services are doing with data.

 “We build for users, not to milk them of their data. The Web has made it hard for them to stand for themselves — it’s on us to do it for them. Few of us who work on commercial sites will be able to produce perfect privacy outcomes immediately, but this should not stop us from doing better. The tide has turned and a privacy-friendly Web now seems possible.”

He also says it is important for teams with different functions in a web-publishing organization communicate and hold each other accountable.

“The reality of online business today is such that you might have to keep some trackers, but those that stay should be provably effective,” says Berjon. “By working closely with our marketing team, we were able to reduce the amount of data The Times shared with third-party data controllers by over 90 percent.”

Berjon also offered in this paragraph, embedded links to browser and other privacy proposals:

Detailing all the proposals on the table would require a whole other article, but Apple’s Private Click Measurement, Google’s FLEDGE, Microsoft’s PARAKEET, or, if you’ll allow me this shameless plug, The New York Times’s Garuda are all worth looking at, as is the work taking place in the Privacy CG. Some of the proposals discussed there, like Federated Learning of Cohorts (FLoC), have run into trouble, but that only underscores the value in building a solid understanding of privacy in the Web community in order to develop these novel solutions.



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Clear concepts and rules to guide behavior and inform consumers are key to federal privacy law, lawyer says

A federal privacy law should be focused on defining certain key concepts, and then creating straightforward rules to guide behavior, inform consumers, and provide enforcement measuring sticks, a veteran privacy lawyer says.

‘Data is the engine that is driving commerce around the world—so much so that data practices of large tech companies are now leading Congress and others to investigate technology companies for antitrust violations based on their data activities,” attorney Kirk J. Nahra says in a Seton Hall Law Review article published in July on a blog from his law firm, Wilmer Cutler Pickering Hale and Dorr LLP. DOWNLOAD ARTICLE.

“There are few court decisions, and a lot of open issues, as regulated entities struggle to understand and apply these relatively new provisions,” Nahra writes, adding later: “The legal structure for protecting privacy in appropriate ways is one of the defining debates of our society today, with no signs of slowing down in the foreseeable future.”

Nahra’s journal article reviews the history of U.S. privacy law going back to 1970s-era government papers, expanding in the 1990s into regulation of health records and, in 2002, breach-notice laws. He says California’s recent privacy laws and COVID-19 have accelerated interest and concern with data privacy.  The key issues raised so far are whether federal law should preempt state laws, and whether consumers should have the right to sue for privacy violations.

“We should be pursuing a comprehensive law that provides meaningful consumer protections that are understandable, but at the same time, imposes obligations on corporate entities that provide realistic and appropriate restrictions while still permitting efficient cooperation of those permitted activities,” Nahra writes.

California’s matrix of health and general privacy laws create a difficult compliance challenge for companies because they are use specific, Nahra says. This means regulation has little to do with actual behavior and create consumer confusion with the various structures. By contrast, under Europe’s GDPR “all data is protected in virtually all settings—including health information—regardless of who holds it.” He says  both EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) “have introduced a wider vision of individual rights that should apply to personal data, including the right to access, the right to correct, the right to amend, even the right to delete.”





Public frowns on using personal data for profit; but laws enable it. Three Texas A&M profs say that needs review

A 500-person survey of U.S. residents by a Texas A&M research team finds a big disconnect between the way consumer health and marketing data use is regulated, and how the public would like it regulated. A key finding — the public doesn’t prefer information about them shared for profit.

Professors Cason Schmit, Brian N. Larson and Hye-Chung Kum report their findings in an article at entited: “Data privacy laws in the US protect profit but prevent sharing data for public good — people want the opposite”.  They suggest legal barriers preventing using data for common good should be changed to facilitate research and public health. (See QUOTE OF THE WEEK, below, for details)



Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat




Public frowns on using personal data for profit; but laws enable it. Three Texas A&M profs say that needs review

  • The following is excerpted from a report of research by three Texas A&M professors, Cason Schmit, Brian N. Larson and Hye-Chung Kum. They surveyed 500 U.S. residents’ attitudes on uses of private data.

“We wanted to ask a simple question: Do U.S. privacy laws actually protect data in the ways that Americans want? Using a national survey, we found that the public’s preferences are inconsistent with the restrictions imposed by U.S. privacy laws.

“Our research suggests that current legal barriers that prevent using data for the common good stand in stark contrast to the public’s wishes. As laws are revised or put into place, they could be designed to represent the public’s desires and facilitate research and public health. Until then, U.S. data privacy laws will continue to favor profit over the public good.

“At their core, data protection laws are concerned with three questions: What data should be protected? Who can use the data? And what can someone do with the data?

“Our team conducted a survey of over 500 U.S. residents to find out what uses people are most comfortable with. We presented participants with pairs of 72 different data use scenarios. For example, are you more comfortable with a business using education data for marketing or a government using economic activity data for research? In each case, we asked participants which scenario they were more comfortable with. We then compared those preferences with U.S. law – particularly in terms of types of data being used, who is using that data, and how

“Under U.S. law, the type of data matters tremendously in determining which rules apply. For example, health data is heavily regulated, while shopping data is not. But surprisingly, we found that the type of data companies or organizations use was not particularly important to U.S. residents. Far more important was what the data was being used for, and by whom.

“The public was most comfortable with groups using data for public health or research purposes. The public was also comfortable with the idea of universities or nonprofits using data as opposed to businesses or governments. They were less comfortable with organizations using data for profit-driven or law enforcement purposes. The public was least comfortable with businesses using economic data to increase profits – a use that is widespread and loosely regulated.

“Overall, our results show that the public tends to be more comfortable with altruistic uses of personal data as opposed to self-serving data uses. The law more or less promotes the opposite.

“In the absence of federal legislation, some states have voted to put more comprehensive laws into place. California did in 2018 and 2020, Virginia and Colorado in 2021, and other states are likely to follow suit. If new laws are going on the books, we believe it is vitally important that the public has a say on what data uses should be restricted and which should be permitted.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2021 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp