Robin Berjon, vp, New York Times (Photo, Smashing Magazine)
NY Times privacy exec compares website tracking to a bookstore; says technologists and policymakers must collaborate
A top data-governance executive at The New York Times says privacy is an unsolved problem on the web. In a “Pushing Back on Privacy” essay on the Smashing Magazine website, RobIn Berjon uses the analogy of a bookstore to explain when privacy goes awry on a website. “As you browse freely from site to site, your privacy is not in trustworthy hands,” he writes.
Berjon says privacy solutions “will require cooperation between technologists and policymakers.” He says makers of browser software are doing excellent work toward preventing web tracking, and Google’s Chrome, the biggest holdout, “has promised change in 2023.”
Imagine, says Berjon, if a bookstore has security cameras that are used for the sole purpose of confirming shoplifting and the images captured never leave the store premises. Imagine also if the bookstore has a separate system of unobtrusive small cameras that watch book browser behavior and send it to an off-premises third party for marketing purposes.
The analogy, he says, is like a news website that may track users for internal purposes, but also allow a variety of third-party trackers on site as well. The consumer might well trust the first use but be uncomfortable about the second one, Berjon explains. He touts The Markup’s Blacklight as a way to check what such third-party services are doing with data.
“We build for users, not to milk them of their data. The Web has made it hard for them to stand for themselves — it’s on us to do it for them. Few of us who work on commercial sites will be able to produce perfect privacy outcomes immediately, but this should not stop us from doing better. The tide has turned and a privacy-friendly Web now seems possible.”
He also says it is important for teams with different functions in a web-publishing organization communicate and hold each other accountable.
“The reality of online business today is such that you might have to keep some trackers, but those that stay should be provably effective,” says Berjon. “By working closely with our marketing team, we were able to reduce the amount of data The Times shared with third-party data controllers by over 90 percent.”
Berjon also offered in this paragraph, embedded links to browser and other privacy proposals:
Detailing all the proposals on the table would require a whole other article, but Apple’s Private Click Measurement, Google’s FLEDGE, Microsoft’s PARAKEET, or, if you’ll allow me this shameless plug, The New York Times’s Garuda are all worth looking at, as is the work taking place in the Privacy CG. Some of the proposals discussed there, like Federated Learning of Cohorts (FLoC), have run into trouble, but that only underscores the value in building a solid understanding of privacy in the Web community in order to develop these novel solutions.
- What Does It Actually Mean When a Company Says, “We Do Not Sell Your Data”? | Alfred Ng, TheMarkup.org
- Apple is delays scanning iPhones for images of child sex abuse after privacy backlash | Francis Augustin, BusinessInsider.com | RELATED STORY
- Twitter testing new privacy-focused tools, including archiving and hiding old tweets and editing follower lists | Kurt Wagner, Bloomberg.co
- Apps can kick the door open to your personal information | Zafar Anjum, CRI Fraud Insider
- Apple Must Face Privacy Claims Over Siri | Wendy Davis, DigitaNewsDaily/MediaPost.com
- Lawsuits say Siri and Google are listening, even when they’re not supposed to | Rachel Lerman, WashingtonPost.com
- Apple Just Traded Your Privacy for $15 Billion from Google | Jason Aten, Inc Magazine
- There’s no escape from Facebook, even if you don’t use it | Geoffrey A. Fowler, WashingtonPost.com
- Big Tech failed with contact tracing. Can it do better with vaccine passport apps? | Samantha Murphy Kelly, CNN.COM via MercuryNews
- Federal investigators used “geo-fencing” tech to track down Kenosha protesters | Russell Brandon, TheVerge.com
- Here’s how I tracked down the people selling my data, then stopped them | Shubham Agarwal, DigitalTrends.com
- Data Brokers Are Advertising Data on U.S. Military Personnel | Justin Sherman, LawfareBlog.com
- Google’s vague privacy cure-all is showing up in new proposals, but some say it could break the internet | Kate Kaye, DigiDay.com
- Alfi’s facial detection ad technology sparks privacy concerns | Brody Ford, Bloomberg via IAPP Privacy Blog
- Google, Privacy, and FLoC: Lamb or Wolf in Sheep’s Clothing? | Gabriel Nicholas, Center for Democracy and Technology via TechPolicy.Press
- With iOS 15, Apple Will Get Permission Before Serving Its Own Targeted Ads | Allison Schiff, AdExchanger.com
- Chrome Beta Can Display Competitors When Customers Are On Your Site | Barry Schwartz, Search Engine Roundtable
- Adtech execs weigh up pros and cons of UK plans to diverge from GDPR | John McCarthy, TheDrum.com
- Despite Better Than Expected Tracking Opt-In Rates, iOS Continues To Lose Share To Android | Joe Mandese, MobileInsider/MediaPost.com
Does your organization need customized privacy compliance solutions? ITEGA can help.
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
Clear concepts and rules to guide behavior and inform consumers are key to federal privacy law, lawyer says
A federal privacy law should be focused on defining certain key concepts, and then creating straightforward rules to guide behavior, inform consumers, and provide enforcement measuring sticks, a veteran privacy lawyer says.
‘Data is the engine that is driving commerce around the world—so much so that data practices of large tech companies are now leading Congress and others to investigate technology companies for antitrust violations based on their data activities,” attorney Kirk J. Nahra says in a Seton Hall Law Review article published in July on a blog from his law firm, Wilmer Cutler Pickering Hale and Dorr LLP. DOWNLOAD ARTICLE.
“There are few court decisions, and a lot of open issues, as regulated entities struggle to understand and apply these relatively new provisions,” Nahra writes, adding later: “The legal structure for protecting privacy in appropriate ways is one of the defining debates of our society today, with no signs of slowing down in the foreseeable future.”
Nahra’s journal article reviews the history of U.S. privacy law going back to 1970s-era government papers, expanding in the 1990s into regulation of health records and, in 2002, breach-notice laws. He says California’s recent privacy laws and COVID-19 have accelerated interest and concern with data privacy. The key issues raised so far are whether federal law should preempt state laws, and whether consumers should have the right to sue for privacy violations.
“We should be pursuing a comprehensive law that provides meaningful consumer protections that are understandable, but at the same time, imposes obligations on corporate entities that provide realistic and appropriate restrictions while still permitting efficient cooperation of those permitted activities,” Nahra writes.
California’s matrix of health and general privacy laws create a difficult compliance challenge for companies because they are use specific, Nahra says. This means regulation has little to do with actual behavior and create consumer confusion with the various structures. By contrast, under Europe’s GDPR “all data is protected in virtually all settings—including health information—regardless of who holds it.” He says both EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) “have introduced a wider vision of individual rights that should apply to personal data, including the right to access, the right to correct, the right to amend, even the right to delete.”
PLATFORMS AND ANTITRUST
Public frowns on using personal data for profit; but laws enable it. Three Texas A&M profs say that needs review
A 500-person survey of U.S. residents by a Texas A&M research team finds a big disconnect between the way consumer health and marketing data use is regulated, and how the public would like it regulated. A key finding — the public doesn’t prefer information about them shared for profit.
Professors Cason Schmit, Brian N. Larson and Hye-Chung Kum report their findings in an article at TheConversation.com entited: “Data privacy laws in the US protect profit but prevent sharing data for public good — people want the opposite”. They suggest legal barriers preventing using data for common good should be changed to facilitate research and public health. (See QUOTE OF THE WEEK, below, for details)
PLATFORMS AND PUBLISHERS
- WEBINAR: Audience Connect: Balancing privacy, personalization and safety | Sept. 15, IAB
- WEBINAR: Addressability Solutions Roadshow w/Tony Katsur | Sept. 16, IAB Tech Lab
- WEBINAR: Privacy Security Forum | Jennifer Urban keynote | Sept. 30, TeachPrivacy/Daniel Solovy
- SYMPOSIUM: “Applications of Contextual Integrity”, Sept. 30-Oct. 1, Privacy.io
- WEBINAR: “Yes We Trust Summit”, Oct. 7, Didomi.io
- CONFERENCE: Next Generation Privacy, Addressability and Safety | Oct. 14, IAB Tech Lab
- CONFERENCE: Programmatic I/O — Digital Marketing | Oct. 25-26, AdExchanger.com
QUOTE OF THE WEEK
Public frowns on using personal data for profit; but laws enable it. Three Texas A&M profs say that needs review
- The following is excerpted from a report of research by three Texas A&M professors, Cason Schmit, Brian N. Larson and Hye-Chung Kum. They surveyed 500 U.S. residents’ attitudes on uses of private data.
“We wanted to ask a simple question: Do U.S. privacy laws actually protect data in the ways that Americans want? Using a national survey, we found that the public’s preferences are inconsistent with the restrictions imposed by U.S. privacy laws.
“Our research suggests that current legal barriers that prevent using data for the common good stand in stark contrast to the public’s wishes. As laws are revised or put into place, they could be designed to represent the public’s desires and facilitate research and public health. Until then, U.S. data privacy laws will continue to favor profit over the public good.
“At their core, data protection laws are concerned with three questions: What data should be protected? Who can use the data? And what can someone do with the data?
“Our team conducted a survey of over 500 U.S. residents to find out what uses people are most comfortable with. We presented participants with pairs of 72 different data use scenarios. For example, are you more comfortable with a business using education data for marketing or a government using economic activity data for research? In each case, we asked participants which scenario they were more comfortable with. We then compared those preferences with U.S. law – particularly in terms of types of data being used, who is using that data, and how
“Under U.S. law, the type of data matters tremendously in determining which rules apply. For example, health data is heavily regulated, while shopping data is not. But surprisingly, we found that the type of data companies or organizations use was not particularly important to U.S. residents. Far more important was what the data was being used for, and by whom.
“The public was most comfortable with groups using data for public health or research purposes. The public was also comfortable with the idea of universities or nonprofits using data as opposed to businesses or governments. They were less comfortable with organizations using data for profit-driven or law enforcement purposes. The public was least comfortable with businesses using economic data to increase profits – a use that is widespread and loosely regulated.
“Overall, our results show that the public tends to be more comfortable with altruistic uses of personal data as opposed to self-serving data uses. The law more or less promotes the opposite.
“In the absence of federal legislation, some states have voted to put more comprehensive laws into place. California did in 2018 and 2020, Virginia and Colorado in 2021, and other states are likely to follow suit. If new laws are going on the books, we believe it is vitally important that the public has a say on what data uses should be restricted and which should be permitted.”
|ABOUT PRIVACY BEAT
Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to email@example.com.