W3C group discusses role for “independent enforcement entity” ; new pressure on Congress for privacy action

Privacy Beat

Your weekly privacy news update.



Aug. 12, 2021 slide provided by Google to W3C meeting

Google’s Chrome to allow user to disable cross-site tracking; W3C group discusses role for “independent enforcement entity”

Google says its Chrome browser will allow consumers to turn off its cross-site tracking authorization system when it replaces third-party cookies, in a move which could disable those consumers’ ability to save certain logins.  The disclosure came in a regular meeting of a World Wide Web Consortium (W3C) group in which browser-maker engineers and others are debating the future of web identity and privacy services.

The ability of browsers to control cross-site tracking is a hot debate in W3C groups, but now there are proposals to include an independent third-party entity in the governance of tracking, referred to as an “Independent Enforcement Entity” (IEE).  In addition, users should also have the right to “toggle” such features on or off, a key technologist says.

“[Chrome] as a browser is also going to offer a toggle,” Kaustubha Govind, engineering manager for Google’s Chrome privacy initiatives, remarked during a Jan. 13 virtual meeting of the W3C Privacy Community Group involving more than 40 people online. “We do have privacy-conscious users that probably do really understand what domains are and do want to disable all cross-site features.”

Govind first broached the idea of an IEE in a slide deck she and a colleague prepared for an Aug. 12, 2021 meeting of the W3C Privacy Community Group. (Slide shown above, and an earlier story in Privacy Beat, Sept. 10, 2021.)


Since the 1990s, web sites have used “cookie” files to store in a user’s device  login status across different websites. Gradually, the advertising-technology industry exploited that feature as “third parties” to surreptitiously track user activity across multiple sites to compile dossiers for targeting advertising. As Apple, Mozilla and eventually Google code their browser software to block third-party cookies, engineers are now debating whether there is anything cookies should still be allowed to do — such as login or data-sharing among sites that are in some way related to each other.

Google’s First Party Sets (FPS) proposal, and others, would centralize decisions about cookie use in the browser technology. At Friday’s meeting however, a two-person team with backgrounds in journalism (Scott Yates)  and the cable-TV industry (Ralph Brown) proposed that an IEE — through JournalList.net — govern which sites should be considered editorially trustworthy and and thus entitled to share data across sites. The FPS proposal has focused more on business trustworthiness. The Jan. 14 session left unsettled whether the two concepts should be merged or separate. The debate continues on an email list. 

Meanwhile, the ad-tech industry continues to struggle with what should govern the use of hashed email identifiers in the Unified ID 2.0 service initiated by The Trade Desk, a major ad-tech operator. Trade Desk continues to haggle over terms under which it will turn over “key management” for UID2 to an independent third party.  So far, the IAB Tech Lab board has said it doesn’t want to control who gets booted from the UID2 system for data-privacy violations.

The Information Trust Exchange Governing Association, sponsor of this newsletter, is an independent 501(c)3 nonprofit organization chartered to help manage privacy and identity among participating web services.  It has been mentioned as a possible candidate to operate as an IEE in both the identity context as well as as a governor of when advertisers should be allowed to share user data.

There were these other developments in web identity and privacy:

  • Consumer Reports’ Digital Lab and the MIT Media Lab are collaborating to release a standard protocol for how websites respond to consumer requests to stop sharing and provide copies of stored personal data. The “Data Rights Protocol” (DRP) is being championed in part by Wesleyan University computer scientist Sebastian Zimmeck, who also helped write code for the Global Privacy Control (GPC) browser application. California privacy regulators are seeking to require any website that receives a GPC “signal” to stop tracking them to comply; the idea would be to make that compliance consistent using a DRP.  Consumer Reports CEO Marta L. Tellado headlined a YouTube video in October in which technologies explained the ideas beind the Data Rights Protocol. CR has six million members. The video included Prof. Sandy Pentland’s summary of alternate forms of data ownership (slide above).
  • Adding to at least two other existing “community groups” addressing similar subjects, a Mozilla Corp. engineer has spearheaded another effort to accelerate solutions for cross-site web identity sharing as the so-called third-party cookie is increasingly shunned as a privacy problem

AD TECH — EU and Google analytics


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Image from a Politico/”Morning Consult” poll of U.S. voter privacy attitudes 

Business, advertisers vaguely pressure Congress for privacy law; new poll find general public — and bipartisan — support

As enforcement of California’s law begins and Florida lawmakers renew debate over a state privacy law, a powerful lobbying group lead by the U.S. Chamber of Commerce is trying to move Congress from talk to action on a U.S. Federal privacy law.

The coalition’s letter, including major advertising interests, seeks  “bipartisan and durable national data protection legislation” but includes no details, leaving it up to Congress to wrangle over key policy issues: (1) Should individual citizens have the right to sue over privacy violations and (2) Should tougher state laws such as California’s be permanently or temporarily pre-empted. Business interests answer “no” and “yes”, consumer advocates answer “yes” and “no.” So far, that’s equaled stalemate until middle ground is found.

The Chamber-lead push was unveiled in the same week that Politico/“Morning Consult” released a 2,000-person poll showing that 56% of U.S.-registered voters — across the political spectrum — say they support federal privacy legislation.  Democratic votes are the must enthusiastic bloc, the poll found.


Mactaggart and Rep. DelBene debate features of potential federal privacy law | Gicel Tomimbang, Squire Patton Boggs (US) LLP




The case for continued antitrust scrutiny of Google gains ground with unredacted Texas suit disclosures; news publishers press their claims

A spate of stories last week  — and on Jan. 17 — followed public release on Friday (Jan. 14) of blockbuster claims of collusion in a case brought by state attorneys general under federal antitrust law. The claims were made when the suit was filed by the Texas attorney general last week — but they were shielded from public view at the request of Google’s lawyers. AFter hearing, a judge ordered them “unredacted.”

At the same time, a separate set of antitrust actions filed by smaller U.S. newspaper publishers and a big British one are being consolidated into federal court in New York City. These cases, started by a West Virginia newspaper family, were covered in a video by Editor & Publisher magazine, which has started an updating standing page with information as the proceeds.




Google said to step up lobbying as EU parliament debates self-preferencing curbs; ban on targeted advertising sought

Britain’s Financial Times daily published last week a remarkable account of what it called a “last-ditch effort” by Google to lobby European Parliament members against their likely passage this week of an EU Digital Makets Act (DMA) — on the grounds it will harm its advertising and self-preferencing search businesses.  The story implies that the IAB Tech Lab’s European arm was coordinating the lobbying effort.

A Dutch parliament member termed the effort a “marked escalation in lobbying” in recent weeks, The FT report said.  The DMA targets the perceived power of Big Tech platforms which Germany’s competition watchdog formally calls “gatekeepers.”  The EU’s transparency registered, reviewed by the FT reporter, shows Google invested about six million Euros in lobbying-related activities in 2020 and has roughly eight in-house lobbyists in Brussels, as well as external lawyers and consultants.  Google, in a statement quoted by the paper, said it has engaged “openly and constructively” with pollcymakers “to put across our point of view.”




Unsecured TransCredit database leaked over 800K records of US drivers | Jay Jay, Teiss.co.uk



Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


Journalist and ex-cable exec propose a method for learning “trustworthiness” of news web services 

  • Below are edit excerpts from the website of JournalList.net, a nonprofit initiative aiming to create a method for the public to determine the trustworthiness of news sources. It would reply upon existing trade groups to certify membership, and create a method for websites to exchange such “trust” information in real time.

“Who gets to decide who publishes the news? We think government should not decide who is a journalist or a publisher. The platforms shouldn’t either, but they are the ones essentially ho do these days. In short: news publishers should get to decide for themselves.

“Journalists have great standards and organizations right now, but they aren’t doing much good in a digital world. JournalList.net and the trust.txt framework makes that good work pay off. If a group of news publishers makes its own group, the members of that group get to decide who is and is not in that group. The very fact of that association is a signal of trust, based on the other members of the group, and the actions of the group over time.

“JournalList, Inc., is a non-profit membership organization that maintains the trust.txt Reference Document.
We are currently governed by a board of three people. Much of the groundwork for JournalList came from the Certified Content Coalition, a now-dormant organization. The CCC was an outgrowth of the Innovator In Residence program, part of the UpRamp suite of initiatives at CableLabs, the research arm of the cable and broadband industry based in Colorado.

“JournalList is one thing: manager of the trust.txt framework, which makes it easy to build a machine-readable file showing the networked listing of all the publishers, and all the groups that they choose to belong to.

“The JournalList system relies on the existing networks of publishers who come together in any form. Think anything from the members of the Associated Press to the Wyoming Press Association. Those associations join JournalList, and then encourage their members to do the same. Anyone who publishes news on a URL and belongs to any association will want to join on this site. This will help advertisers, platforms and more know that you are who you say you are. JournalList will compile the data, and publish it in a machine-readable format the advertisers and platforms will love.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to newsletter@itega.org.

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2022 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp