|
Berners-Lee steps up to plate on data privacy with “Inrupt”; IAB wants to re-architect, but is Apple at the table or in Cambridge at the W3C?
The man credited with inventing the World Wide Web — Sir Tim Berners-Lee, announced this week the management team of a Boston-based for-profit he’s formed to take his ideas for the future of data privacy out of the labs of MIT and elsewhere. He’s calling the new company “Inrupt” and it’s backed by Britain’s Octopus Ventures.
Berners-Lee began talking about the idea — dubbed “Solid” — in 2018 and last November, The Telegraph (U.K.) said the then-stealth Inrupt business would aim “to develop a new browser and software backbone of a new web that would prevent the likes of Facebook and Google from tracking people online.”
Then last week, Wired’s UK site had more details in a piece by K.G. Orphanides (see Quote of the Week, below), saying Berners-Lee’s goal is to change how we share data. Instead of a company storing personal data about you on its servers, the data would be in a personal data “pod” that the individual controls.
The concept is not new — it has been under discussion for years at the Berkman-Klein Center for Internet and Society at Harvard Law School under the Project VRM title and originated by “Doc” Searls. Two years ago, the non-profit Sovrin Foundation formed and took control of technology for creating “self-sovereign” data wallets and spun out a for-profit startup, Evernym Inc., to commercialize it.
Who controls user data is an urgent issue for advertisers, publishers and ad-tech companies because of Google’s announcement three weeks ago that it will act to disable third-party cookies in the Chrome browser within two years.
As a result, the Interactive Advertising Bureau — the trade group for ad tech, some publishers and brands — has announced “Project ReArc” to come up with cookie alternatives. IAB said it would bring together in a “great collaboration” governmental, and other industry/consumer organizations to create standards of behavior, codes of conduct, legal agreements, and enabling technologies to address consumer demands for harmonizing, personalization, and community.
At the same time, there is a Privacy Community Group at the World Wide Web Consortium (W3C) working. The W3C group includes Apple, Mozilla and Microsoft. Apple and Mozilla are not members of IAB. And since Apple’s Safari browser handles at least a third of open-web traffic, that’s important. The W3C group is focused on improving user privacy through enhanced browser software behavior.
RELATED LINKS
AFTER THE ‘COOKIE’
ADVERTISING TECHNOLOGY
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
DATA AND PRIVACY
In ‘privacy paradox” paper, GWU expert argues regulations should specify how data is stored and used, not how consumers manage it
Why is it that people often say in surveys they are concerned about privacy, but they fail to take actions that prove it? George Washington University Law School professor and privacy expert Daniel J. Solove has proposed a framework for answering that question in a provocative draft white paper, “The Myth of the Privacy Paradox.” He writes about it on his blog.
Solove argues that the privacy paradox is a myth created by faulty logic. The behavior involved in privacy paradox studies typically involves people making decisions about risk in very specific contexts. But Solove says that isn’t the real world, where attitudes are much more general in nature. “It is a leap in logic,” he writes, “to generalize from people’s risk decisions involving specific personal data in specific contexts to reach broader conclusions about how people value their own privacy.”
Solove says regulations that force data handlers to give the public multiple privacy choices is sub-optimal because people are confused or unwilling to make the effort in a “vast, complex and never-ending project that does not scale.” The behaviors in privacy-paradox studies don’t lead to a conclusion for less regulation, he concludes. Instead, he says, regulation should focus “on regulating the architecture that structures the way information is used, maintained and transferred.”
PERSONAL PRIVACY
-
Ring will change its privacy settings after recent criticism | Dan Grabham, Pocket-lint
-
“I freaked out when I saw what sites were telling Facebook about me” | Mark Sullivan, FastCompany.com
-
No, Facebook’s not telling you everything | unsigned, PrivacyInternational.org
-
What happens to privacy when China has personal data and the social graph of nearly everyone in the US? | Glyn Moody, Privacy News Online
-
Facebook Needs Regulation to Win User Trust, Zuckerberg Says | Natalia Drozdiak, Bloomberg
-
UCLA won’t use facial recognition on its campus after it receives backlash | Allison Matyus, Digital Trends
-
Facial Recognition Moves Into a New Front: Schools | Davey Alba, New York Times
-
MIT researchers find vulnerabilities in Voatz mobile voting app | Benjamin Freed, State Scoop
|
|
|
Barr keynotes talk about amending Section 230 — could changes put liability for ‘fake’ info onto Facebook and YouTube?
For more than two decades, internet service providers, online services, social media and video platforms that post “user-generated content” (UGC) have been inoculated from U.S. legal liability for what those users write by a small part of the Communications Decency Act of 1996 — Section 230. The section enabled the growth of free-wheeling comment — and commerce — from the web’s infancy until today.
But now there is rumbling in Washington about whether Section 230 should be dissected, and platforms such as Facebook and YouTube handed legal liability for any provable lies or defamatory remarks that their services carry — as a newspaper or broadcaster must bear some legal liability for such misstatements in articles or letters to the editor.
It’s a hot-button issue for Silicon Valley business models build on being treated like a mere carrier — like a public utility — yet also not subject to price or other regulation like a public utility. And the general assumption is that curating or editing UGC would be super costly. The effect of Section 230 has been the subject of research by Public Knowledge and others, including the Berkman Klein Center at Harvard.
“No longer are tech companies the underdog upstarts — they have become titans,” U.S. Atty. Gen. William Barr said in opening a Justice Department-sponsored event on Feb. 19: “Section 230 — Nurturing Innovation or Fostering Unaccountability?”” (VIDEO OF BARR and panel discussions).
Since 1996, the Internet has evolved substantially, Barr said. “At that time almost 25 years ago, immunity was seen as vital to protecting new technology in its incipiency, Today, online platforms have become essential to Americans’ daily lives, often serving as the primary conduit for how we receive and share information.”
Barr said the Trump administration does not have a position on changes to Section 230. But he said there are valid questions about whether it’s broad immunity is still warranted. Because they rely on advertising, the businesses of online platforms may not always align with the interests of consumers, he said.
WASHINGTON BEAT | SECTION 230
|
|
CCPA WEEK EIGHT
Advertiser spokesman reiterates concerns about CCPA in blog post;
A key spokesman says advertisers are not happy with allowing consumers to specify a a general privacy preference in their web-browsing software and have that apply to all their browsing. Dan Jaffe, EVP for government relations of the U.S.-based Association of National Advertisers, voiced the concern in a blog post this week.
Jaffe was comment on draft regulations implementing the California Consumer Privacy Act made public Feb. 10 by the state’s attorney general. Public comments on the draft are due on Monday (Feb. 24). The regs say a global privacy setting must be interpreted to override a site-specific setting.
“The proposed mandated browser signal provisions would preclude consumers from making individual choices about data transfers by specific businesses, hindering the advertising community’s ability to market specifically to that consumer,” Jaffe writes.
RELATED LINKS
-
Proposed California Privacy Rules Draw Mixed Reaction From ANA | Wendy Davis, MediaPost
-
Earlier: Advertising trades urge CCPA enforcement delay | Monica Marie Zorrilla, AdWeek.com
-
California’s data privacy rules get clearer | Michael Osakwe, Venture Beat
-
7 Ways to Be CCPA Compliant and Improve ROI in 2020 | Neha Pradhan, MarTech Advisor
-
First lawsuit citing CCPA filed over Hanna Andersson/SalesForce data breach | Michael Vatis & Daniel. W. Podair, Steptoe law firm
-
Analysis of Feb. 10 modifications to Becerra’s CCPA draft regs | Billee Elliot McAuliffe et. al, LewisRice law firm
-
Definition of personal information revised by Becerra’s draft; comments due Feb. 24 | Katherine Armstrong & Michael Jaeger, Faegre Baker Daniels law firm
-
CCPA continues to rock ad industry | BakerHostetler
-
CCPA regulations encompass users with disabilities | Angela Matney, Loeb & Loeb LLP
-
CCPA regs: “When is a household not a household”? | Peter McLaughlin, Womble Bond Dickinson
-
More bullet points about CCPA regulations | Joelle Hupp, Colton Driver & Roy Wyman, Nelson Mullins law firm
-
Analysis of do-not-track and ‘personal info’ in CCPA regulations | Ryan Sulkin et. al, Michael Best & Friedrich LLP
-
Responding to requests to know and requests to delete | Jim Halpert et. al, DLA Piper (MORE ON REQUESTS)
|
|
EUROPE / GDPR
-
OPINION: Facebook must not be allowed to dictate its own EU regulation | Damian Collins, Wired.co.uk
-
Failure to enforce the GDPR enables Google’s monopoly | Johnny Ryan, Brave
-
Google to revoke EU data protection for UK users | Sead Fadilpasic, ITProPortal
-
Google users in UK to use EU data protection, Reuters says | Joseph Menn, Reuters.com
-
EU releases a “European Strategy for Data” | Jeffrey Neuburger, Proskauer law firm | (STRATEGY TEXT)
-
EDPB suggests minor updates in GDPR evaluation | IAPP
-
European Commission publishes data strategy, AI white paper | IAPP
-
Google users in UK to lose EU data protection – sources | EURACTIV
-
Why the EU’s General Data Protection Regulation (GDPR) risks turning into a paper tiger | Glyn Moody, Privacy News Online
-
Automated facial recognition breaches GDPR, says EU digital chief | Thomas Macaulay, The Next Web
-
1.26M Danish citizens have ID numbers exposed | IAPP
-
A Europe Fit for the Digital Age | European Commission
-
Vestager: Facial recognition tech breaches EU data protection rules | Jorge Valero, EURACTIV
STATE LAW | REGULATION
-
Cable/broadband supplier sue to block Maine’s new privacy law | Wendy Davis, MediaPost.com
-
In Albany, a state senator reintroduces NY privacy bill with “data fiduciary” concept | Kathryn Lundstrom, AdWeek.com
-
New Hampshire legislature considers CCPA-like bill — with a private right of action | James P. Harris, NH Business Review
-
Class action suit in Illinois federal court takes on biometrics firm | Cadwaladar Cabinet Newsletter
-
Washington state senate approves SB 6281 — what’s in it? | John Landolfi et.al, Vorys, Sater, Seymour
-
Privacy Bill Clears Washington State Senate | Wendy Davis, MediaPost
-
Washington state lawmakers divided over private right of action | Natasha Kohne et. al, Akin Gump law firm
-
Arizona privacy legislation — right, left and center(ish) | Maurice Wutscher, MauriceWutscher law firm
-
State regulations privacy guide | AdWeek
PRIVACY BUSINESS
JOURNALISM / CONTENT
|
|
QUOTE OF THE WEEK
Two views about data — pods or platforms?
“Since 2015, Berners-Lee has been working on a new web infrastructure called Solid, which rethinks how web apps store and share personal data. Inrupt aims to drive the development of the Solid platform and transform it from an innovative idea to a viable platform for businesses and consumers …The big idea behind Solid is that, instead of a company storing all your personal data on their servers, you would keep it on your own personal data “pod”, located on a Solid server. You could run your own server or host it with a provider, much like a personal website. You could then give individual apps permission to read and write to your pod. When you want to stop using an app, you just revoke its access. The data remains on your pod, and businesses making apps never have to worry about storing it, deleting it, or making it easily exportable…Bruce and Berners-Lee aren’t waiting for the current generation of tech giants to switch to an open and decentralised model; Amazon and Facebook are unlikely to ever give up their user data caches. But they hope their alternative model will be adopted by an increasingly privacy-aware population of web users and the organisations that wish to cater to them.”
– Excerpts from K.G. Orphanides’ article at Wired.co.uk about Sir Tim Berners-Lee’s creating of a Boston-based for-profit, Inrupt, to develop his distributed, user-controlled data “pods” vision.
“The strategy document lays out a number of concerns, problems and obstacles to achieving its vision. One theme that runs throughout is the need to create common interoperable data platforms offering small and medium enterprises (SMEs) access to a host of cloud services and advanced data processing capabilities. As the Commission sees the current state of the data environment as dominated by the big tech companies, it noted that such a high degree of market power can “enable large players to set the rules on the platform and unilaterally impose conditions for access and use of data.” But what incentives would exist for companies to share certain data to an EU platform? The Commission states that organizations contributing data “would get a return in the form of increased access to data of other contributors, analytical results from the data pool, services such as predictive maintenance services, or licence fees.”
– Excerpt from attorney Jeffrey Neuburger’s Feb. 19 analysis of the European Commission’s “Strategy for Data” white paper.
|
|
ABOUT PRIVACY BEAT
Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.
|
|
|
|
|
|