Google proposes independent organization to govern data and cookie sharing among “first parties” | Apple smashed over app store

Privacy Beat

Your weekly privacy news update.

VIEW IN YOUR BROWSER


Google proposes independent entity to verify  cross-site privacy and first-party data sharing

Weaving a path between privacy protection and effective advertising, a tech-industry discussion group is struggling to determine whether browser software makers alone or, as Google suggests, an independent entity, are better positioned to provide a trustworthy privacy/sharing balance. 

This week, the discussion got specific during a Sept. 9 virtual meeting of the World Wide Web Consortium’s (W3C) Privacy Community Group. (EARLIER STORY)

Browser makers Apple, Google and Mozilla have been working for at least a couple of years on proposals that would have their software manage or outright prohibit the use of “cookies” to track users between websites — as a privacy enhancement.  

But the problem is that publishers, advertisers and some merchants find it useful to share information across-site — about individual users.  The W3C group is struggling to find a way for browser software to block “inappropriate” tracking but still allow tracking that is desired by the consumer — such as a network subscription content. 

Should websites that have a common owner be able to share cookie data via a proposed browser approach from Google termed “First Party Sets”?  But what if privacy policies differ across their sites?  Should websites that are in some way affiliated, but not by common ownership, be allowed to participate in a federated single-sign-on service? 

And the toughest question: Who decides whether one website is legitimately affiliated with another website for purposes desired by the end user?  The First Party Sets idea has gathered an array of comments, all documented publicly. 

It was that question that underlay Thursday’s discussion, begun by Apple browser developer John Wilander around his “Private Click Measurement” proposal. Then the talk turned to First Party Sets, and a proposal from Don Marti, who works for publisher ad network CafeMedia. Others commented.  The discussion was moderated by Kaustubha Govind, Google’s engineering manager for the Chrome browser, and the co-author of Google’s “FIrst Party Sets” proposal as well as a proposed policy for “User Agents” (the browser software).

Marti described in pre-meeting documents the idea of an “Independent Enforcement Entity” (IEE)  that could have a global role of deciding and publicizing legitimate affiliations.  Marti’s implication was that Safari, Chrome, Firefox and other browsers could then choose to rely upon the IEE’s determinations and either allow or disallow cross-site tracking.  The need for an independent enforcement entity was first proposed Aug. 12 by Google during a ad-hoc meeting of the W3C privacy community group. (See the Aug. 12 proposal slide deck)

“You’re basically describing a law-enforcement agency,” said Aram Zucker-Scharff, of  The Washington Post.  “In the U.S. there are probably four different ways you could incorporate that would have radically different structures with different consequences,” Zucker-Scharff.  “Inherently enforcing this becomes very messy.” He suggested instead that decisions about data sharing could be based on a website’s status as a transparent data “controller” under European Union or other law, rather than its brand or corporate ownership. 

“I would like to be able to not have an IEEE,” said Sam Weiler, a MIT engineer who leads the W3C’s efforts to improve privacy and security on the web. He did not elaborate.

Other participants in the discussion suggested the independent enforcement entity (IEE) could be organized to require certified statements from websites about their privacy and data-handling practices; that these statements could be maintained in a searchable public database on which the public and browser makers could rely. 

Marti said he thought “if there is going to be a reasonable-sized IEEE it needs to be focused on the uses of peoples’ personal information that are something that actually has an impact on users.” He added: “I think we can come up with a set of reasonably cost-effective ways to do a significant portion of the IEE’s task.”

Google’s Govind, the moderator, said she thought “some people see the scope of the IEEE as being much more expansive” with transparent maintenance of documents, a mechanism to report problem issues and spot-checking of some operations by the IEEE. 

(DISCLOSURE: The Information Trust Exchange Governing Association (ITEGA), is a independent, nonprofit entity established to manage trust, identity and privacy on the web). 

AD TECH

PLATFORMS AND PRIVACY

PERSONAL PRIVACY 

Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Federal judge orders Apple to allow alternate payments within app store; but says company is not a monopolist

Apple Inc. and Epic Games Inc. put different spins on the impact of a permanent injunction issued by a U.S. District Court judge on Friday in California.  In a lengthy statement, Apple attorney Katherine Adams called the decision a “resounding victory” because it did not label Apple a monopolist. Epic said it would appeal the decision even though the judge decided Apple’s rules about subscriptions off the Apple Store violated California law.

Judge Yvonne Gonzalez Rogersdecision and injunction ran 185 pages.  Wrote The AP’s account in part: “Now Gonzalez Rogers is ordering Apple to go even further by allowing links and buttons for non-Apple payment options directly within apps, something Apple has steadfastly resisted.” Apple has 90 days to start allowing outside app payments, or appeal the judge’s decision.

Some stories described the decision as a big blow to Apple, and its stock initially dropped 2% after the decision became public. VentureBeat.com’s headline read: “Epic Games wins injunction favoring alternative payments in antitrust lawsuit against Apple.” 

Politico’s Leah Nylen described the nuance this way in her account, writing the judge “found that Apple has been violating [California’s Unfair Competition Law] by writing contracts with developers that prohibit them from telling customers that cheaper options exist online outside the App Store. She ordered the company to eliminate those provisions.

The Daily Dot’s lead paragraph captured the nuance: “A federal judge in California ruled on Friday that Epic Games failed to prove that Apple was a monopoly. However, she barred Apple from forcing developers to use its in-app payment system.”  Apple announced two weeks ago that it was reducing some commissions it charges in App Store subscriptions to 15% from 30%.

ANTITRUST 

GOVERNMENTS AND IDENTITY

PRIVACY RESEARCH 

COVID 19 AND PRIVACY 


ACLU’s advice to Congress: Mass Surveillance is Not the Way Forward | (See QUOTE OF THE WEEK, below) 
 

WASHINGTON WATCH 

STATEHOUSE BEAT

EU AND UK PRIVACY 

GLOBAL PRIVACY

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

MEDIA AND PLATFORMS

PRIVACY BUSINESS

UPCOMING EVENTS

QUOTE OF THE WEEK

The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward

“Twenty years after 9/11, the pervasive power of our government’s mass surveillance regime is clearer than ever — and it’s past time for change. Congress now has the opportunity to enact essential reforms, by looking to the lessons of the last two decades to impose restraints that will protect us in the face of even more powerful and invasive technologies going forward . . . . 

” . . . Executive branch agencies still have entirely too much power and discretion when conducting surveillance for intelligence purposes. Congress must put an end to mass spying — by ensuring that surveillance is targeted, that there is robust judicial oversight, and that people whose lives are invaded by government surveillance can challenge that spying in court. . . . .

” . . . In 2013, Edward Snowden’s revelations about the breadth of U.S. government surveillance shocked the world . . . In addition, whistleblowers and media reports revealed that the NSA was conducting bulk surveillance abroad, without any judicial oversight whatsoever, under an authority known as Executive Order 12333. . .  . 

 ” . . . The human toll of government surveillance is undeniable . . . In the years since the Snowden revelations, Congress and the courts have placed some limited restraints on the government’s ability to spy on Americans and others. The danger of surveillance becoming normalized is that the very technologies we depend on will instead be used against us, to track us wherever we go and whatever we do.

“Congress can ensure this never happens . . . .

“.. .. .By reining in mass surveillance, Congress can begin the process of righting the privacy harms of the last twenty years. And looking toward the future, Congress can help ensure that the next generation of Americans are able to speak and associate freely, without fear of unwarranted government scrutiny.

ABOUT PRIVACY BEAT

Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to newsletter@itega.org

Share Share

Tweet Tweet

Share Share

Forward Forward

Facebook

Twitter

Website

Copyright © 2021 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp