New interest in decentralized “self-sovereign identity” signaled by $30M Berners-Lee investment and Reed sale

Two key entrepreneurs known for decades-long work around Internet privacy and identity announced key moves. They signal growing investor and business interest in putting more control in the hands of consumers rather than big platforms like Google, Facebook, Apple and Amazon.

• Digital identity pioneer Evernym acquired by Czech Republic’s Avast | Evernym blog | NEWS RELEASE 
• Web creator Tim Berners-Lee’s privacy/identity startup Inrupt raises $30 million | Manish Singh, TechCrunch.com | RELATED STORY
• How Decentralized Identity Is Reshaping Privacy For Digital Identities | Darren Shou, Forbes.com

First, the person credited with inventing the key building blocks of the World Wide Web — Tim Berners-Lee — said his startup Inrupt had landed a fresh $30 million in venture investment to focus on creating a system where consumers can manage their own data and choose who to share it with — and when. 

Second, Evernym Inc., a company co-founded by Drummond Reed, a co-author of a key emerging standard known as “self-sovereign identity” said it would be acquired by Avast, a Czech Republic company with 435 million global users for whom it manages identity. “Evernym’s groundbreaking approach to digital identity provides consumers with autonomy over their online presence by keeping their personal information with them and out of centralized databases,” Avast stated.

The web has never had a standard for managing user identity and as a result, major platform companies collect, share and sell user information with impunity so long as they can do so without violating law.  Both Berners-Lee and Reed, while operating separately, are focused on building new infrastructure that will distribute user data widely but under the explicit control of the end user.

Reed has advised ITEGA, sponsor of Privacy Beat. Ideas about user data control have been discussed for years at the Berkman-Klein Center for Internet and Society at Harvard Law School under the Project VRM title and originated by “Doc” Searls. Three years ago, the non-profit Sovrin Foundation formed and took control of technology for creating “self-sovereign” data wallets and spun out Reed’s for-profit startup, Evernym Inc., to commercialize it.

Who controls user data is an urgent issue for advertisers, publishers and ad-tech companies because of Google’s intention to to disable third-party cookies in the Chrome browser by 2023.

The Berners-Lee and Reed moves come as the advertising-technology industry continues to merge, partner and struggle to figure out how it can continue to prosper under a “surveillance capitalism” data model (see items under AD TECH, below). 

AD TECH

• Is Magnite on track to undermine our next U.S. election by sharing midstream data? | Claire Atkin and Nandini Jammi, CheckMyAds.org
• Why Criteo is purchasing best-kept-secret IPONWEB for $380M | Ronan Shields, DigiDay.com  | RELATED STORY
• Criteo’s CEO Megan Clarken On Why The IPONWEB Deal Is All About First-Party Data | Allison Schiff, AdExchanger.com
• Lotame And LiveRamp Expand Customer ID Partnership | Ray Schultz, EmailMarketingDaily/MediaPost.com
• Alternate identifiers now figure in advertising deals for two thirds of publishers | Max Willets, DigiDay.com ($)
• Why does an Amazon book ad underpricing Barnes & Noble appear on BN website? | Allan Sloan, WashingtonPost.com

PERSONAL PRIVACY

• Financial Times reports iOS Users Who Opt-Out of App Tracking Continue to Be Tracked by Facebook and Snapchat | Hartley Charleton, MacRumors.com  | RELATED STORY | RELATED STORY
• Ad-tech watchdog “Check My ads” fights disinformation, hate speech | Kelly Pau, CoolHunting.com
• Personal Data Is Worth Billions. These Startups Want You to Get a Cut | Patience Higgins, WSJ via IAPP Daily Dashboard
• AUDIO: As More Schools Surveil Students Online, Privacy Concerns Intensify | Mina Kim, KQED.org
• Mozilla rolls out GPC for all Firefox users, but enforcement limited to two states | Jonathan Greig, ZDNet.com
• How to Stop Verizon, AT&T, and T-Mobile From Collecting Your Phone Data to Sell Ads | Brendan Hesse, LifeHacker.com
• Verizon tracks almost everything you do on iPhone. Here’s how to stop it | Killian Bell, CultOfMac.com
• Consumer Reports study of VPNs — they’re a mixed bag for privacy | Lucas Kopek, GizModo.com
• The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users | Jon Keegan & Alfred Ng, TheMarkup.org
• Apple and Google have reportedly banned a major data broker from collecting location data from users’ phones | Tyler Sonnemaker, BusinessInsider.com

IAPP deep-dive on third-party cookies unsure if  eight possible replacements will be better for privacy

A two-part online series published by the non-profit International Association of Privacy Professionals (IAPP) backgrounds the status of the so-called third-party cookie and what comes next. It’s a fact-filled must-read overview, with lots of embedded links.

“[W]hat’s good for industry has not been good for user privacy—and the tide is starting to turn,” writes IAPP Staff Contributor Taylor Kay Lively. Her pieces explore current “cookies” law and regulation in the European Union and United Kingdom, and alternative.  She writes in part one of the two-parter:  “Many of these European developments are still in the works, but it’s clear the third-party cookies landscape is undergoing significant changes.”

In the second installment, Lively describes eight alternatives or supplements to third-party cookies: Cohort-based advertising, micro groupings, first-party cookies, zero-party data, universal identifiers, fingerprinting, conversion measurement, contextual targeting 

She concludes:  “Google Chrome may be successful in phasing out third-party cookies by late 2023, but the big question is whether the alternatives will be better for privacy” adding: “The continuing developments of these alternatives have yet to reveal a definite ‘winner,’ but it’s clear that companies should start experimenting with these alternatives sooner than later.

WASHINGTON WATCH

• 44 House Dems Urge FCC, FTC to Boost Privacy Protections for Consumers’ Location Data | Brett Wilkins, CommonDreams.org
• Sen. Wyden Doubles Down On Data Privacy, Sends Letter to CFPB | Alexandra Kelley, NextGov.com | LETTER TEXT
• Lawmakers Choose the Wrong Privacy Path, With New Anti-Algorithm Bill | Joe Mullen, Electronic Frontier Foundation
• Senate hearing focuses spotlight on data-brokerage industry | Joseph Duball, IAPP Staff Contributor
• How Law Enforcement and Intelligence Agencies Are Buying Your Data from Brokers | Sharon Bradford Franklin et al., Center for Democracy & Technology
• Utility companies will no longer share data with ICE — but loopholes remain | Corin Faife, TheVerge.com
• OPINION: We Need Less Talk and More Action From Congress on Tech | Kara Swisher, nytimes.com

STATEHOUSE BEAT

• Massachusetts eyes private right of action and big damages provision | Kristin Bryan & Gicel Tomimbang, ConsumerPrivacyWorld.com
• Why Ohio’s data privacy bill is on hold for now | Jo Ingles, Statehouse News Bureau
• Virginia Is For [Data Privacy] Lovers: Introduction to New Consumer Protection Law | Brittney Justice et al., Bracewell LLP law firm

ANTITRUST 

• Over 200 Newspapers Are Suing Facebook and Google for Decimating Their Advertising | Lucas Kopek, GizModo.com | RELATED STORY | ACCESS TO COURT CASE | LIST OF PLAINTIFF NEWSPAPERS
• Newspapers vs Big Tech: Antitrust Tackles the Problems That Copyright Just Can’t Fix | Cory Doctorow, Electronic Frontier Foundation 
• Warren Calls on DOJ and SEC to Open Criminal and Civil Investigations into Facebook | via Benton Institute | RELATED STORY

PRIVACY BUSINESS

• Microsoft’s Julie Brill says new privacy laws should allow “responsible use and sharing” | Microsoft Corporate Blog 
• Federal litigation in 53-million user T-Mobile data breach consolidated | Sarah Merken, Reuters PLC
• OPINION: Why Blockchain is The Key to Data Privacy in The Future | Vasid Qureshi, TechBullion.com

Verbal sparring over ad-tech data and GDPR escalates between Irish authorities and privacy advocates

A war of words between Ireland’s data-privacy enforcer and privacy advocates seems to be escalating over the handling of Facebook, Google and their advertising services.  The issue is important because Ireland is the European Union regional headquarters for many tech companies so the island nation has a financial stake in keeping them happy.  

Because they are based in Ireland, the Irish Data Protection Authority has lead responsibility for enforcing provisions of the EU’s General Data Protection Regulation (GDPR).  Privacy groups assert the current real-time bidding system for digital advertising violates GDPR; the authorities have yet to reach any such firm conclusion but are studying it, documents show.

Four links gathered this week provide a good read on the issues and points of view:

IRELAND AND DATA PRIVACY 

• Schrems-released documents suggest Irish DPA tried to weaken GDPR by contracts | Glyn Moody, Privacy News Online 
• ‘Contrary to everything we believe in’: Irish data watchdog lobbied for business-friendly GDPR | Vincent Manancourt, Politico.EU
• IRISH DPA’S RESPONSE: “Baseless allegations of bad faith”
• BACKGROUND: Privacy advocacy group details its clash with Irish DPA | OpenRightsGroup.org
• OPINION: Ireland’s the Wrong Privacy Watchdog for Europe | Parmy Olson, Bloomberg.com
• Irish data watchdog rejects accusations it lobbied on behalf of tech giants | Cianan Brennan & Daniel McConnell, IrishExaminer.com

EU & UK PRIVACY 

• German court rules cookie preference service that shared IP addresses with US firm should be halted | Lindsay Clark, TheRegister.com
• Irish DPC submits Article 60 draft decision on inquiry into Instagram | Irish DPC press release
• How a civil rights group is holding Europe’s online ad industry to account | Daniel Cooper, Engadget.com
• Biden administration has ‘serious concerns’ over EU digital proposals | Margaret Harding McGill & Ashley Gold, Axios.com
• UK and USA seek new world order for cross-border data sharing and privacy | Laura Dobberstein, TheRegister.com
• ANALYSIS: EU’s digital strategy and what it means for privacy | Jennifer Bryant, IAPP Staff Contributor

GLOBAL PRIVACY 

• India’s data-protection bill may be discussed at Dec. 21 Parliament meeting | IndiaTimes.com
• Russia blocks privacy service Tor, ratcheting up internet control | Alexander Marrow et al., Reuters PLC
• China internet crackdown: Beijing orders app stores to remove Douban and 105 other apps | Josh Ye & Coco Feng, South China Morning Post
• Ten steps to prepare for the UAE’s Personal Data Protection Law | Benjamin Crew & Jack Fletcher, IAPP Privacy Advisor
• Canadian commissioner calls to prioritize privacy law reform | OPC Canada
• Canada’s privacy commissioner warns about “cashing in on your data” | Rachel Gilmore, GlobalNews.ca
• How Israel turned Palestine into a surveillance tech dystopia | Nadim Nashif, MiddleEastEye.net
• Privacy law reform in Australia – the good, the bad and the ugly | Anna Johnston, SalingerPrivacy.com
• Canada’s news industry expects up to $150m annual windfall from Australia-style big tech crackdown | William Turvill, PressGazette.co.uk

UPCOMING EVENTS 

• WEBINAR: Accelerating Data Transparency And Quality ForDigital Supply Chain | Dec. 13, IAB Tech Lab
• CONFERENCE/VIRTUAL: Annual Leadership Meeting (ALM), Feb. 7-10, New York City, Interactive Advertising Bureau
• WEBINAR: MozFest Festival 2022 | March 7-10, Mozilla Foundation
• LIST: Omidyar Good ID project lists upcoming identity gathering