Governance needed for “decentralized” web, McCourt says | Who decides when user data can be shared?

Privacy Beat

Your weekly privacy news update.



McCourt’s Project Liberty says ‘governance’ is part of three-legged stool for disrupting Internet Big Tech with “decentralized” approaches

Billlionaire Frank McCourt’s Project Liberty, a $75-$100-million effort to break down and decentralize the web, is focusing on governance as one plank of a three-part strategy that also involves working on new technology and mass-adoption strategies.  McCourt and Project Liberty’s key executive, Braxton Woodham, outline their thinking in a video posted this week.

Project Liberty is not just a tech initiative, McCourt told interviewer Sara Fischer, of, in a staged discussion Sept. 26 during Project LIberty’s kickoff “Unfinished Live” event in New York City. “Tech needs to be part of the solution ut the governance is critical because we skipped that in Web 2.0 and now we are where we are.”

Project LIberty is backing developers of a “Decentralized Social Networking Protocol” ( that Woodham and McCourt say is aimed at putting control — and ownership — of personal data back into the hands of individuals so, in McCourt’s words “the platforms would no longer have sole control of the data.”  But the technology has to be under an umbrella of governance, he says, and there has to be an effective strategy for getting millions of people to switch to the new approach.

“Adoption will require incentives and motivation,” Woodham told Fischer.  Project LIberty has to succeed at “unlocking value for people to participate in the economy” and a new social-graph infrastructure not controlled by one company.  “Decentralized information storage unlocks a lot of use cases,” he said.

For more details on Project LIberty see Sept. 24 Privacy Beat: “Billionaire kicks off effort to challenge social networks with ‘distributed identity.’ ”  Videos of all of the Unfinished Live conference sessions are HERE and  HERE.




Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More



W3C group ponders who should decide when user data sharing is sanctioned — and for what purposes?

A World Wide Web Consortium (W3C) “community  group” working on standards for transferring user identity and data raised key questions about privacy during a working virtual session earlier this week (Sept. 27).

The Federated Identity Community Group was continuing to try and define what is “sanctioned” vs. “unsanctioned” tracking of users across websites. One question raised, but not answered — who defines the terms — the consumer end-user, the place where they are logged in or registered, or a site they are visiting for services or content.

One point of view expressed was to simply say that if a user has not given permission for a particular use of their data, that use is automatically “unsanctioned” and potentially subject to being blocked by browser technologies. The W3C group is developing a library of hypothetical use cases for user identity information shared across websites using federated Single Sign On or other technologies.

Google engineer Sam Goto offered an example of a hypothetical New York Times user logged in with their Facebook account and looking at furniture articles about couches.  Later, they go to the Washington Post or Amazon and either of those sites present ads for couches.  Would that secondary use be termed sanctioned? “If you are sharing global identifiers and by sharing them you allow the NYTimes to sell your browser history to anyone selling couches,” he theorized.

Working-group participant Hirsch Singhai of Microsoft questioned whether the charter of the Federated ID group encompassed deciding on illegitimate data uses.

“There’s going to be privacy-related concerns about what happens to my data after my actions and that is definitely worth considering but it is a bit out of scope,” said Heather Flangan, a co-chair of the working group who is a consultant to Google. “I thik of what we’re trying to do which is to make sure that federated workflow is as consented as it needs to be. And I think ‘as consented as it needs to be’ is one of the hardest things this group is going to do.”

Sanctioned ought to be defined as anything the user agrees to, said Kris Chapman, of, another co-chair. “If I am a New York Times subscriber who has said ‘sell my data so I can get a cheaper rate’, I should be allowed to do that,” she suggested.


(see Quote of the Week, below) 




Agency, ad-tech, publisher group increases pressure on EU Commission to dig up Google’s “Privacy Sandbox”

An vague group of publishers and marketers, aligned with ad-tech companies seeking alternatives to Google’s data-privacy moves to replace the third-party cookie, is turning up the heat on the search giant with British regulators.

In a statement, “Movement for an Open Web” (MOW) — earlier known as “Marketers for an Open Web,” and originally as backers of the “SWAN” identity-tracking initiative, says Google’s “Privacy Sandbox” initiative will restrict open web advertising competition and impair ad-fraud detection.

“We’re asking that the EU Commission create a level playing field for all digital businesses, to maintain and protect an open web,” London antitrust barrister Tim Cowen, who advises MOW, was quoted by the Daily Mail as saying. “Google says they’re strengthening privacy for end users but they’re not — what they’re really proposing is a creepy data-mining party.”

MOW spokesman and apparent leader James Rosewell has declined to reveal MOW’s membership, but says it includes both British and U.S.-based companies.  Roswell is co-founder of a British mobile-marketing company, 51Degrees. 

“MOW is calling upon the EU Commission to use its wide-ranging powers to stop Google from enclosing the Open Web, allow increased end-user choice and promote independent data management to allow increased privacy and diversity,” the Sept. 28 statement says.

Google has struggled so to get buy-in from other web browser makers or the ad-tech industry generally for its “Privacy Sandbox” initiative, postponing several deadlines. The Reuters news agency has reported that Google has sought to settle the MOW complaint with the EU Commission.




Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

Sen. Wicker at privacy hearing 







The Accountable Tech petition: Surveillance advertising defined — and an argument for why the FTC should prohibit it

  • The following excerpts are from a petition filed this week with the U.S. Federal Trade Commission by Accountable Tech, a Washington, D.C., nonprofit advocacy group, seeking to end the sale of web advertising based on tracking individual users.  It was signed by the group’s co-founder, Nicole Gill and Jesse Lehrich.

The Commission should initiate rulemaking to prohibit surveillance advertising as an unfair method of competition  . . . .

Without a rule to bar the practice, enforcement and regulatory actions will simply continue to set up dominoes of harm for the next dominant surveillance advertising firm to knock down. The most effective, efficient, and administrable solution to these problems is a full ban on the surveillance advertising business model as an unfair method of competition . . . .

Surveillance advertising consists of two major elements: 1) an information or communication platform collecting personal data and 2) targeting advertisements at users, based on that personal data, as they traverse the internet, including other digital platforms. 

The strongest and simplest remedy is to issue a rule prohibiting online platforms from using personal data for the purpose of delivering advertisements. . . . .Another version of the rule would address the second element of surveillance advertising: the sharing or use of personal data to target advertisements at users as they traverse the internet. This more restrained rule would prohibit businesses from sharing user data, for the purposes of advertising, to any business line, website, advertising technology, or tracker other than the business or service with which a user intentionally interacts. 

The harms to competition and consumers from surveillance advertising cannot be separated from the business model that produces them. Everywhere it is employed, the surveillance advertising business model unfairly extracts data from users in ways that users would not otherwise accept; it monetizes user data—including from unwilling users or non-users—in ways that unfairly subsidize and entrench the surveillance advertising businesses; it cross-leverages that data to create unfair dominance in other markets, further expanding its practice across the economy; and it relies on anticompetitive and exclusive dealing to prevent the emergence and success of non-surveillance competitors.

The current giants that employ this model demonstrate the extent to which this conduct is integrated, and that businesses that engage in some portion of these practices ultimately engage in all of them as they gain market dominance. Further, the harms that proceed from this business model are inextricably linked. 

The increasing collection of personal data erodes the privacy of users and non-users alike, and effectively increases prices. It allows the surveillance advertising giants to target ads in harmful ways, grants them unfair streams of monetization, and entrenches their algorithmic sophistication and dominance. With their troves of data, dominant surveillance advertising firms gain the ability and incentive to consolidate other market segments by cross leveraging their data and monetization advantages. 

These factors place rival businesses on a fundamentally uneven playing field, undermining competition across the economy, including in critical ad-supported fields like journalism. 

Finally, with the monopoly power that comes from these practices, surveillance advertising platforms engage in exclusive dealing and anticompetitive acquisitions as additional armor against even nascent threats to their exploitative business model.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2021 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp