New interest in decentralized “self-sovereign identity” signaled by $30M Berners-Lee investment and Reed company merger

Privacy Beat

Your weekly privacy news update.


New interest in decentralized “self-sovereign identity” signaled by $30M Berners-Lee investment and Reed sale

Two key entrepreneurs known for decades-long work around Internet privacy and identity announced key moves. They signal growing investor and business interest in putting more control in the hands of consumers rather than big platforms like Google, Facebook, Apple and Amazon.

First, the person credited with inventing the key building blocks of the World Wide Web — Tim Berners-Lee — said his startup Inrupt had landed a fresh $30 million in venture investment to focus on creating a system where consumers can manage their own data and choose who to share it with — and when. 

Second, Evernym Inc., a company co-founded by Drummond Reed, a co-author of a key emerging standard known as “self-sovereign identity” said it would be acquired by Avast, a Czech Republic company with 435 million global users for whom it manages identity. “Evernym’s groundbreaking approach to digital identity provides consumers with autonomy over their online presence by keeping their personal information with them and out of centralized databases,” Avast stated.

The web has never had a standard for managing user identity and as a result, major platform companies collect, share and sell user information with impunity so long as they can do so without violating law.  Both Berners-Lee and Reed, while operating separately, are focused on building new infrastructure that will distribute user data widely but under the explicit control of the end user.

Reed has advised ITEGA, sponsor of Privacy Beat. Ideas about user data control have been discussed for years at the Berkman-Klein Center for Internet and Society at Harvard Law School under the Project VRM title and originated by “Doc” Searls. Three years ago, the non-profit Sovrin Foundation formed and took control of technology for creating “self-sovereign” data wallets and spun out Reed’s for-profit startup, Evernym Inc., to commercialize it.

Who controls user data is an urgent issue for advertisers, publishers and ad-tech companies because of Google’s intention to to disable third-party cookies in the Chrome browser by 2023.

The Berners-Lee and Reed moves come as the advertising-technology industry continues to merge, partner and struggle to figure out how it can continue to prosper under a “surveillance capitalism” data model (see items under AD TECH, below). 



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

IAPP deep-dive on third-party cookies unsure if  eight possible replacements will be better for privacy

A two-part online series published by the non-profit International Association of Privacy Professionals (IAPP) backgrounds the status of the so-called third-party cookie and what comes next. It’s a fact-filled must-read overview, with lots of embedded links.

“[W]hat’s good for industry has not been good for user privacy—and the tide is starting to turn,” writes IAPP Staff Contributor Taylor Kay Lively. Her pieces explore current “cookies” law and regulation in the European Union and United Kingdom, and alternative.  She writes in part one of the two-parter:  “Many of these European developments are still in the works, but it’s clear the third-party cookies landscape is undergoing significant changes.”

In the second installment, Lively describes eight alternatives or supplements to third-party cookies: Cohort-based advertising, micro groupings, first-party cookies, zero-party data, universal identifiers, fingerprinting, conversion measurement, contextual targeting 

She concludes:  “Google Chrome may be successful in phasing out third-party cookies by late 2023, but the big question is whether the alternatives will be better for privacy” adding: “The continuing developments of these alternatives have yet to reveal a definite ‘winner,’ but it’s clear that companies should start experimenting with these alternatives sooner than later.





Verbal sparring over ad-tech data and GDPR escalates between Irish authorities and privacy advocates

A war of words between Ireland’s data-privacy enforcer and privacy advocates seems to be escalating over the handling of Facebook, Google and their advertising services.  The issue is important because Ireland is the European Union regional headquarters for many tech companies so the island nation has a financial stake in keeping them happy.  

Because they are based in Ireland, the Irish Data Protection Authority has lead responsibility for enforcing provisions of the EU’s General Data Protection Regulation (GDPR).  Privacy groups assert the current real-time bidding system for digital advertising violates GDPR; the authorities have yet to reach any such firm conclusion but are studying it, documents show.

Four links gathered this week provide a good read on the issues and points of view:





Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


Open Rights Group: “The end of the AdTech industry is nigh and our ICO complaint has had a crucial role in bringing this about”

  • The following is an edited excerpt of remarks by the London-based nonprofit Open Rights Group about its challenge to the real-time-bidding advertising ecosystem on privacy grounds. 

“In September 2018, we started a challenge to surveillance advertising and the widespread illegality in the field of online advertising and tracking. Jim Killock from Open Rights Group and Dr Michael Veale from University College London filed a complaint to the Information Commissioner’s Office (ICO) against Real-Time-Bidding (RTB), in particular the Interactive Advertising Bureau’s “Open RTB” and Google’s “Authorised Buyers” systems. 

“Supporting our complaint was an expert report from Dr Johnny Ryan, now Senior Fellow at the Irish Council of Civil Liberties (ICCL). Privacy International filed a separate category of submission to the UK’s Information Commissioner’s Office (ICO), a “Request for an Assessment Notice”, against different AdTech actors in November 2019, citing our complaints.

“ . . . The basic idea and tools of RTB, to be able to distinguish between individuals to show them very different messages, infiltrates the political and commercial spheres, including attempts at voter suppression through microtargeting or illegal price discrimination. The same infrastructures used and developed by AdTech have also long been piggybacked on by intelligence agencies for the purposes of mass surveillance, as revealed as far back as the Snowden revelations. 

“These practices are not even justified by supporting legitimate publishers to keep their content open and affordable, as the orchestrators and intermediaries of these technologies take a whopping proportion of any advertising revenue and obscure the effectiveness of their advertising to keep the cash flowing. And far from an open market, the powerful central coordinating actors of RTB regularly use their power to change the way that advertising systems work to retain the upper hand.

“Today, online advertising is, slowly, undergoing reform. Regulatory pressure has mounted in the United States and the European Union alike. The AdTech industry is also trying to reshuffle their cards, with Google announcing plans to eliminate third-party cookies but replace them with another infrastructure they control, Google Chrome. Other AdTech players trying to propose their own tweaks to RTB, largely trying to resuscitate the transparency and consent framework that is inherently unfit for purpose for a huge, opaque system of tracking and data transfers . . . the industry is facing a reckoning that they cannot comply with the GDPR. 

“Finally – the most significant for last! As with our previous actions to force the ICO to consider AdTech, it appears that this judgment has spurred the ICO into further action on the industry: on the same day as our case received its judgment, the ICO released a further report on AdTech, again highlighting widespread illegality. 

“The end of the AdTech industry is nigh and our ICO complaint has had a crucial role in bringing this about . . . At the same time as this judgment, the ICO released another AdTech report analysing the shortcomings of industry proposals that are meant to replace RTB. We welcome the ICO’s findings about the utter incompatibility of these systems with legal and ethical requirements.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2021 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp