Robin Berjon, vp, New York Times  (Photo, Smashing Magazine)

NY Times privacy exec compares website tracking to a bookstore; says technologists and policymakers must collaborate

A top data-governance executive at The New York Times says privacy is an unsolved problem on the web.  In a “Pushing Back on Privacy” essay on the Smashing Magazine website, RobIn Berjon uses the analogy of a bookstore to explain when privacy goes awry on a website. “As you browse freely from site to site, your privacy is not in trustworthy hands,” he writes.

Berjon says privacy solutions “will require cooperation between technologists and policymakers.” He says makers of browser software are doing excellent work toward preventing web tracking, and Google’s Chrome, the biggest holdout, “has promised change in 2023.”

Imagine, says Berjon, if a bookstore has security cameras that are used for the sole purpose of confirming shoplifting and the images captured never leave the store premises. Imagine also if the bookstore has a separate system of unobtrusive small cameras that watch book browser behavior and send it to an off-premises third party for marketing purposes.

The analogy, he says, is like a news website that may track users for internal purposes, but also allow a variety of third-party trackers on site as well.  The consumer might well trust the first use but be uncomfortable about the second one, Berjon explains. He touts The Markup’s Blacklight as a way to check what such third-party services are doing with data.

 “We build for users, not to milk them of their data. The Web has made it hard for them to stand for themselves — it’s on us to do it for them. Few of us who work on commercial sites will be able to produce perfect privacy outcomes immediately, but this should not stop us from doing better. The tide has turned and a privacy-friendly Web now seems possible.”

He also says it is important for teams with different functions in a web-publishing organization communicate and hold each other accountable.

“The reality of online business today is such that you might have to keep some trackers, but those that stay should be provably effective,” says Berjon. “By working closely with our marketing team, we were able to reduce the amount of data The Times shared with third-party data controllers by over 90 percent.”

Berjon also offered in this paragraph, embedded links to browser and other privacy proposals:

Detailing all the proposals on the table would require a whole other article, but Apple’s Private Click Measurement, Google’s FLEDGE, Microsoft’s PARAKEET, or, if you’ll allow me this shameless plug, The New York Times’s Garuda are all worth looking at, as is the work taking place in the Privacy CG. Some of the proposals discussed there, like Federated Learning of Cohorts (FLoC), have run into trouble, but that only underscores the value in building a solid understanding of privacy in the Web community in order to develop these novel solutions.

PERSONAL PRIVACY 

• What Does It Actually Mean When a Company Says, “We Do Not Sell Your Data”? | Alfred Ng, TheMarkup.org
• Apple is delays scanning iPhones for images of child sex abuse after privacy backlash | Francis Augustin, BusinessInsider.com | RELATED STORY
• Twitter testing new privacy-focused tools, including archiving and hiding old tweets and editing follower lists | Kurt Wagner, Bloomberg.co
• Apps can kick the door open to your personal information | Zafar Anjum, CRI Fraud Insider
• Apple Must Face Privacy Claims Over Siri | Wendy Davis, DigitaNewsDaily/MediaPost.com
• Lawsuits say Siri and Google are listening, even when they’re not supposed to | Rachel Lerman, WashingtonPost.com
• Apple Just Traded Your Privacy for $15 Billion from Google | Jason Aten, Inc Magazine
• There’s no escape from Facebook, even if you don’t use it | Geoffrey A. Fowler, WashingtonPost.com
• Big Tech failed with contact tracing. Can it do better with vaccine passport apps? | Samantha Murphy Kelly, CNN.COM via MercuryNews
• Federal investigators used “geo-fencing” tech to track down Kenosha protesters | Russell Brandon, TheVerge.com
• Here’s how I tracked down the people selling my data, then stopped them | Shubham Agarwal, DigitalTrends.com
• Data Brokers Are Advertising Data on U.S. Military Personnel | Justin Sherman, LawfareBlog.com

AD TECH

• Google’s vague privacy cure-all is showing up in new proposals, but some say it could break the internet | Kate Kaye, DigiDay.com
• Alfi’s facial detection ad technology sparks privacy concerns | Brody Ford, Bloomberg via IAPP Privacy Blog
• Google, Privacy, and FLoC: Lamb or Wolf in Sheep’s Clothing? | Gabriel Nicholas, Center for Democracy and Technology via TechPolicy.Press
• With iOS 15, Apple Will Get Permission Before Serving Its Own Targeted Ads | Allison Schiff, AdExchanger.com
• Chrome Beta Can Display Competitors When Customers Are On Your Site | Barry Schwartz, Search Engine Roundtable
• Adtech execs weigh up pros and cons of UK plans to diverge from GDPR | John McCarthy, TheDrum.com
• Despite Better Than Expected Tracking Opt-In Rates, iOS Continues To Lose Share To Android | Joe Mandese, MobileInsider/MediaPost.com

Clear concepts and rules to guide behavior and inform consumers are key to federal privacy law, lawyer says

A federal privacy law should be focused on defining certain key concepts, and then creating straightforward rules to guide behavior, inform consumers, and provide enforcement measuring sticks, a veteran privacy lawyer says.

‘Data is the engine that is driving commerce around the world—so much so that data practices of large tech companies are now leading Congress and others to investigate technology companies for antitrust violations based on their data activities,” attorney Kirk J. Nahra says in a Seton Hall Law Review article published in July on a blog from his law firm, Wilmer Cutler Pickering Hale and Dorr LLP. DOWNLOAD ARTICLE.

“There are few court decisions, and a lot of open issues, as regulated entities struggle to understand and apply these relatively new provisions,” Nahra writes, adding later: “The legal structure for protecting privacy in appropriate ways is one of the defining debates of our society today, with no signs of slowing down in the foreseeable future.”

Nahra’s journal article reviews the history of U.S. privacy law going back to 1970s-era government papers, expanding in the 1990s into regulation of health records and, in 2002, breach-notice laws. He says California’s recent privacy laws and COVID-19 have accelerated interest and concern with data privacy.  The key issues raised so far are whether federal law should preempt state laws, and whether consumers should have the right to sue for privacy violations.

“We should be pursuing a comprehensive law that provides meaningful consumer protections that are understandable, but at the same time, imposes obligations on corporate entities that provide realistic and appropriate restrictions while still permitting efficient cooperation of those permitted activities,” Nahra writes.

California’s matrix of health and general privacy laws create a difficult compliance challenge for companies because they are use specific, Nahra says. This means regulation has little to do with actual behavior and create consumer confusion with the various structures. By contrast, under Europe’s GDPR “all data is protected in virtually all settings—including health information—regardless of who holds it.” He says  both EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) “have introduced a wider vision of individual rights that should apply to personal data, including the right to access, the right to correct, the right to amend, even the right to delete.”

PLATFORMS AND  ANTITRUST 

• Publisher association head dissects latest FTC complaint against Facebook | Jason Kint, Digital Content Next, via TechPolicy.Press
• Apple to allow media apps to link to outside payment options | Tm Higgins, WSJ via MarketWatch.com | APPLE STATEMENT
• Apple allows direct contact between  apps and users — but only in the USA | Simon Sharwood, TheRegister.com | RELATED STORY
• Apple agrees to give some App Store developers more control over customer relationships | Reed Albergotti, WashingtonPost.com
• Korean says Apple must allow other payment system on App Store | Mitchell Clark & Jon Porter, TheVerge.com

WASHINGTON BEAT

• Dems push for federal probe of alleged ad collusion between Google and Facebook | Kim Lyons, TheVerge.com
• Justice Dept. Is Said to Accelerate Google Advertising Inquiry | Cecilia Kang, NYTimes.com | RELATED STORY
• DOJ Preparing To Sue Google Over Alleged Ad Monopoly: Report | Karlene Lukovitz, DigitalNewsDaily/MediaPost.com
• Public Knowledge and 56 other groups urge passage of House big-tech antitrust bills | Shiva Stella, PublicKnowledge.org
• Reviewing the terms of Sen. Gillibrand’s data-privacy act | Graham Dean & Ronald Raether, Troutman Pepper law firm
• Facebook refuses inquiry by Reps. Eshoo and Schakowsky on COVID-19 misinfo | Justin Hendrix, TechPolicy.press

STATEHOUSE WATCH 

• As CCPA enforcement increases in California, here are tips for compliance | John Brigagliano et al., Kilpatrick Townsend & Stockton law firm
• Ohio Introduces CCPA-like Consumer Privacy Bill | Delonie Plummer, Jackson Lewis PC law firm | BILL TEXT 
• Arizona, Georgia first states to allow storing of drivers licenses on iPhones | Chris Welch, TheVerge.com | APPLE STATEMENT

Public frowns on using personal data for profit; but laws enable it. Three Texas A&M profs say that needs review

A 500-person survey of U.S. residents by a Texas A&M research team finds a big disconnect between the way consumer health and marketing data use is regulated, and how the public would like it regulated. A key finding — the public doesn’t prefer information about them shared for profit.

Professors Cason Schmit, Brian N. Larson and Hye-Chung Kum report their findings in an article at TheConversation.com entited: “Data privacy laws in the US protect profit but prevent sharing data for public good — people want the opposite”.  They suggest legal barriers preventing using data for common good should be changed to facilitate research and public health. (See QUOTE OF THE WEEK, below, for details)

EU PRIVACY

• Ireland fines Facebook’s WhatsApp $270M for failing to disclose privacy abuses to users | Sam Schechner, WSJ.com | RELATED STORY | RELATED STORY
• Advice on how to implement Standard Contractual Clauses for EU data transfer | Tatiana Cruise, Danton’s law firm

GLOBAL PRIVACY 

• With new privacy law, China could reshape cross-border data rules similar to Europe’s GDPR | Josh Ye, South China Morning Post
• China’s personal privacy law enforcement begins Nov. 1 | Sherry Gong & Mark Parsons, Hogan Lovells
• China’s privacy law is stricter than EU’s GDPR, law-firm says | Henry Chen, Danton’s law firm
• Guidelines issued for Japan’s upcoming data privacy law amendments | Hiroto Imai & Mizue Kakiuchi, Hogan Lovells law firm
• Israel DPA says collecting employee location is a privacy violation | IAPP Privacy Blog