Engineers from the Mozilla Foundation and Meta’s Facebook together unveiled a server-based approach to managing user identity and profiling for advertising called “Privacy Preserving Attribution for Advertising” or “Interoperable Privacy Attribution” (IPA). It involves the use of privacy-enhancing Multi-Party Computation (MPC) servers.

In a virtual discussion on Thursday, Google representatives peppered proponents with questions, asking, for example, if the initiative would be too expensive to implement.

In a 56-slide presentation, two engineers from Meta’s Facebook and one from the Mozilla Foundation revealed details of their idea — to have web, app and TV clicks, taps or views to advertisements — and any resulting purchase attributions — be sent and logged to a common server (or two servers).  But the identity of each individual user would be double-encrypted. In theory, only the logging service would be able to connect a view to an individual purchase.

EXCERPTS FROM IPA DESCRIPTION: SEE “QUOTE OF THE WEEK” BELOW

Advertisers could obtain (presumably for a price) trustworthy “conversion reports” from the service — absent  any user-identifying information. “Attribution is how advertisers know if their advertising campaigns are working,” observes Mozilla’s Martin Thomson in a Feb. 8 blog post about the PPA/IPA proposal, adding: “We hope this contribution will help make privacy-preserving attribution a reality.”

Importantly, nothing appears in the proposal about who would own or control the logging and conversion-tracking service — a key trustworthiness challenge. But the important point is that advertisers would no longer have to rely upon proprietary logging or conversion services of multiple independent networks such as Google, Apple or Meta.  Also unclear in the proposal is what would happen if browser makers boycotted the reporting of clicks and other events to the MPC servers. “Will they confirm they will not interfere with solutions that do not require them to make changes?” Zucker-Scharff asked in one comment thread.

After at least two years of fussing about how to eliminate third-party cookies and improve web privacy at the same time, the proposal represents somewhat of an about face. And it’s noteworthy to have it come from Facebook and Mozilla, rather than from Google, Apple or Microsoft, the dominant browser software makers.

First discussions about the PPA/IPA scheme came Feb. 9-10 (AGENDA) during the first virtual meeting (MINUTES) of a new World Wide Consortium (W3C) discussion forum, the “Privacy Advertising Technology Community Group” or PATCG.  The co-chairs are Aram Zucker-Scharff of The Washington Post, and a veteran Internet Engineer Task Force (IETF) consultant, Sean Turner.  The Post is owned personally by Jeff Bezos, founder of Amazon, and is fielding its own advertising management system for publishers, called Zeus.

It is more typical for W3C groups to have browser makers among group chairs, rather than a publisher. And typically few publishers or advertisers participate in a W3C group. Notably absent so far are originators of two leading efforts at network user identity management, The Trade Desk (UID2) and the Local Media Consortium (NewsPassID). Nevertheless, PATCG already has 216 member participants including:

• Advertisers/Agencies: Procter & Gamble, Omnicom Group, DPG Media, Meredith Corp., Ford Motor Company, Dentsu Group, Taboola, CafeMedia
• Publishers: The Washington Post, The New York Times, Axel Springer, British Broadcasting Corp.
• Major tech and ad-tech platforms: Google, Microsoft, Amazon, Mozilla Foundation, Twitter, Yahoo, CafeMedia, SalesForce, Facebook, Cisco, eyeo GmbH, MediaMath, AT&T, IAB Tech Lab, Duck Duck Go, Epsilon, LiveRamp, OpenX, Adobe, Salesforce, 51Degrees, Brave Software, Cloudflare, Magnite, IndexExchange, Criteo
• NGOs: News Media Alliance, Future of Privacy Forum, Digital Advertising Alliance, Information Trust Exchange Governing Association, Wesleyan University.

The group’s stated mission: “[T]o incubate web features and APIs that support advertising while acting in the interests of users, in particular providing strong privacy assurances.” It says it won’t consider “non-technical” solutions supporting privacy, which may explain why ownership and governance of the logging/attribution service were not discussed.

GOOGLE,  ‘TOPICS’ &  IDENTITY

• Google Has a New Plan to Kill Cookies. People Are Still Mad | Matt Burgess, Wired.com
• VENDOR VIEW: “Google still controls every aspect of the process” with TOPICS | Amy Fox, Blis via AdExchanger.com
• Eye/o posts positively about Google “Topics”; seeks collaboration | Eye/o blog
• Experts say TOPICS, Google’s Third-Party Cookie Replacement, Is Flawed | Mayank Sharma, Lifewire.com
• Google’s FLoC was doomed from the beginning. So is its Topics API | Ameilia Waddington, TheDrum.com
• Topics Is Replacing FLoC – But Will It Be Useful For Advertisers? | Allison Schiff, AdExchanger.com/
• VENDOR VIEW: What Is Google Topics API, and the reaction to it so far? | Simon Harris, DPG Media via AdMonsters.com

WASHINGTON WATCH 

• Cassidy-Ossoff-Trahan bill could force data brokers to delete your data | Andrew Wyrich, DailyDot.com
• Two Senate antitrust bills contain expansive web privacy provisions | Jessica Rich & Maggy Crosswy, Kelley Drye law firm
• Senate Advances Bill That Could Undermine Encryption, Hinder Online Speech | Wendy Davis, PolicyBlog/MediaPost.com

GOVERNMENT AND FACIAL RECOGNITION

• Reversing Course, IRS Retreats From Facial Recognition | Wendy Davis, DigitalNewsDaily/MediaPost.com
• Facial recognition and surveillance: Should we fix it or ignore it? | Zoe Samudzi, The Daily Beast/MIC
•  Treasury weighs alternatives to ID.me after privacy concerns raised | David Lawder, Reuters PLC
• ID.me privacy tension grows, here’s what’s next for IRS tax tech plans | Michaela Althouse, Technical.ly
• Government’s Use of Facial Recognition Under Scrutiny | Edward C. Baig, AARP.org
• Government agencies are tapping a facial recognition company to prove you’re you – here’s why that raises concerns about privacy, accuracy and fairness | James Hendler, Renselaear Polytechnic Institute via TheConversation.com
• How do the CPRA, CPA & VCDPA treat biometric information? | David Stauss, Malia Rogers & Mike Summers, HuschBlackwell law firm

STATEHOUSE BEAT

• Georgia Introduces Privacy Bill Stricter than CCPA – the Top 10 Issues | Daniel Felz, Alston & Bird law firm
• In Florida, data-privacy measure emerges from contentious hearing | Renzo Downey, FloridaPolitics.com
• Massachusetts lawmakers advancing online data privacy bill | Steve LeBlanc, Associated Press
• RELATED STORY
• What Marketers Should Know If Massachusetts’ Privacy Law Goes Through | Trisha Ostwal, AdWeek.com
• First rulemaking for Colorado privacy law expected in fall | Sophie L. Kletzien et al., Holland & Knight law firm
• Colorado AG to Engage in Robust Colorado Privacy Act Rulemaking | David Stauss, Malia Rogers & Shelby Dolen, Husch Blackwell law firm
• Indiana Senate passes privacy bill modeled after Virginia’s | David Stauss, HuschBlackwell law firm

Newspaper group LMC reports NewsPassID identity-sharing tag lifts “cookie-less” advertising rates 90%

A trade association of U.S. news publishers, the Local Media Consortium (LMC), says in a report this week that piloting of a new user-identity sharing service, NewsPassID, showed a “90% uplift in revenue in most cookieless environments.”  LMC is trying to find ways to stop the disintermediation of publishers in the ad-tech stack, while maintaining a privacy brand promise. NewsPassID is part of an overall “NewsNext” initiative.

“As the local news industry prepares for the elimination of the third-party cookie in 2023, NewsPassID provides a promising new path for generating revenue in a privacy-compliant way,” said Fran Wills, CEO of the LMC. Among the “cookieless” environments tested were Apple’s Safari browser and iPhones and Google’s AMP service.

The trial results and LMC’s next steps are outlined in a news release and accompanying 11-page white paper by ad-tech veteran Scott Cunningham, an LMC consultant.

The LMC’s statement said it built the NewsPassID technology and A-B tested it with LMC members McClatchy, Lee Enterprises, E.W. SCripps and Tegna in real-time bidding advertising auctions.  “NewsPassID provides a scalable way for local media to e-establish the value of their audiences, reposition their standing in the online ecosystem and accelerate the growth of their digital businesses,” Media News Group (MNG) chief digital officer Chris Loretto said in a statement. MNG, the second-largest U.S. newspaper chain, is an LMC member. “We are really encouraged by these positive results and look forward to deployment for all LMC members.”

DigiDay reporter Max Willens wrote  the biggest lift “came in cookieless environments including Safari and AMP, where the NEwsPassID impressions sold at CPMs 90% higher than control ones.”  Tested against cookies, however, NewsPassID faces significant hurdles, Willens wrote. LMC said it tested 45%-50% “revenue uplift” in cookie-supporting environments.

AD TECH, IDENTITY & PRIVACY 

• Publisher collaboration on taxonomies — not identity — pitched by News Corp. exec at IAB | Ronan Shields, DigiDay.com | LOOKBACK: Seller-defined audiences
• ANALYSIS: Is Momentum Shifting Toward a Ban on Behavioral Advertising? | Julia Angwin, TheMarkup.org
• IAB Tech Lab sets March 4 meeting to consider privacy-enhancing tech | Allison Schiff, AdExchanger.com
• IAB: Marketers Misunderstand Cookieless Measurement, Unprepared For ‘Blackout’ | Laurie Sullivan, DigitalNewsDaily/MediaPost.com
• IAB’s report on their research: Warning of measurement “blackout” | Interactive Advertising Bureau statement via PRNewswire.com
• French privacy regulator finds using Google Analytics can breach GDPR | Campbell Kwan, ZDNet.com | RELATED STORY
• Indiana Senate Passes Bill Giving Consumers Right To Reject Ad Targeting | Wendy Davis, DigitalNewsDaily/MediaPost.com
• Biometric Privacy Claims Not Preempted by Illinois Law | Jake Holland, BloombergLaw.com
• California says its time to disclosure loyalty payments in exchange for data | David Stauss, Malia Rogers & Shelby Dolen, HuschBlackwell law firm
• California AG Warns Companies Over Loyalty Programs | Wendy Davis, DigitalNewsDaily/MediaPost.com | RELATED REPORT | RELATED REPORT
• Privacy and Security Enforcement: State AGs Flex Their Muscles | Maneesha Mithal, Wilson Sonsini law firm
• Treasury Considering State and Local Grants to Implement Digital ID Systems | Mariam Baksh, NextGov.com

PLATFORMS AND PRIVACY 

• Meta’s oversight board asks subsidiaries Facebook and Instagram to protect residential privacy | Sommer Brokaw, UPI.com | BOARD’S REPORT  SUMMARY
• Privacy Code Applies To ‘Device Fingerprinting,’ Better Business Bureau warns | Laurie Sullivan, DigitalNewsDaily/MediaPost.com | RELATED STORY
• A Change by Apple Is Tormenting Internet Companies, Especially Meta | Kate Conger and Brian X. Chen, NYTimes.com
• Apple’s iOS privacy changes cost Meta, Snap, Twitter and Pinterest $315B in market cap so far | Matthew Fox, BusinessInsider.com
• EDITORIAL OPINION: Big tech must respect privacy; regulation needed | Seattle Times via Post-Gazette.com
• Mozilla adds four privacy-centric orgs to Data Futures Lab, awards each with $100,000 | Jonathan Greig, ZDNet.com | MOZILLA’S STATEMENT

PERSONAL PRIVACY

• VIDEO: FBI and Cybersecurity experts warn about QR code privacy | WXII-NBC via Flipboard.com
• Where does all the personal data TikTok acquires go? | Peter Aitken, FoxBusiness.com
• WHITE PAPER: The limitations of personal privacy rights | Daniel J. Solove, TeachPrivacy.com
• Five Data Privacy Trends to Watch in 2022 | Jessica B. Lee, Loeb & Loeb LLP law firm via AdMonsters
• Google Workspace to strip privacy control from admins, re-enable tracking | Ron Amadeo, ArsTechnica.com
• Health Sites Let Ads Track Visitors Without Telling Them | Lily Hay Newman, Wired.com
• Exploring “dark patterns” — tricks affecting buying and privacy | Paul Singer & Jessica Rich, Kelley Drye law firm | PART TWO on Dark Patterns
• Apple AirTag trackers to receive privacy update amid stalking concerns | Brett Molina, USAToday.com
• Do People Always Have the Right to Withdraw Consent? | David A. Zetoony, Greenberg Traurig LLP law firm

EU and UK news on three fronts makes major changes in data-privacy and advertising likely; a Meta EU exit?

Sea changes in the handling of privacy and advertising seem likely in the European Union and the United Kingdom after a set of legal and regulatory decisions this month. And the impacts could spread worldwide eventually.  The big question: Will the changes just make the U.S. ad-tech platforms (Google, Meta/Facbook and Amazon) stronger in the long run?

The developments:

• Belgium’s data authority found the ad industry’s way of handling privacy consent is illegal. An industry group, IAB Europe, threatened legal action.
• Facebook/Instagram threatened to leave Europe if they can’t put personal data on U.S. servers
• Google and the U.K.’s data-privacy authority agreed on terms for eliminating third-party cookies

Belgium DPA Chairman of the Litigation Chamber Hielke Hijmans said IAB Europe’s current version of TCF is “is incompatible with the GDPR, due to an inherent breach of the principle of fairness and lawfulness.”  He added:  “People are invited to give consent, whereas most of them don’t know that their profiles are being sold a great number of times a day in order to expose them to personalized ads,” Hijmans said. “Although it concerns the TCF, and not the whole real time bidding system, our decision today will have a major impact on the protection of the personal data of internet users. Order must be restored in the TCF system so that users can regain control over their data.”

“We reject the finding that we are a data controller in the context of the TCF,” according to IAB Europe’s statement. “We believe this finding is wrong in law and will have major unintended negative consequences going well beyond the digital advertising industry. We are considering all options with respect to a legal challenge.”

THE BELGIUM DECISION 

• IAB Europe’s Consent Framework Violates Privacy Law, Regulator Says | Wendy Davis, DigitalNewsDaily/MediaPost.com | RELATED REPORT | BELGIUM DECISION (127 pages)
• TCF – IAB Europe’s GDPR Workaround – Got Shot Down By Belgium’s DPA, With Six Months To Fix | James Hercher, AdExchanger.com
• IAEU orders all personal data collected through ad consent pop-ups be deleted | Rich Stanton, PCGamer.com
• EU Regulators Rule Ad Tech Industry’s TCF Framework Violates GDPR | Gary A. Kibel, Global Advertising Lawyers Alliance
• IAB Europe has two months to fix EU privacy violations in dominant ad tech | Kirk Nahra, Martin Braun and Amy Gopinathan, Wilmer Hale law firm

SOME  DECISION REACTION

• GDPR enforcer rules that IAB Europe’s consent popups are unlawful | Irish Council for Civil Liberties
• From IAB Europe leadership — consider legal options
• ProjectVRM Blog post about the IAB TCF decision
• From Johnny Ryan, who brought complaint
• From CafeMedia’s Paul Bannister on Twitter

GOOGLE, UK AND COOKIES 

• UK accepts Google’s post-cookie pledges, will ‘closely monitor’ Privacy Sandbox | Natasha Lomas, TechCrunch.com | GOOGLE’S COMMITMENTS | GOOGLE’S STATEMENT | UK REGULATOR’S STATEMENT
• UK watchdog accepts Google’s revised pledges on browser cookies | James Davey, Reuters PLC
• The UK’s competition regulator will keep a ‘close eye’ on development | Jon Porter, TheVerge.com

FACEBOOK EU PULLOUT?

• Facebook Threatens to Pull Out of Europe, Europe Says “Please Do” | Victor Tangermann, Futurism.com
• Zuckerberg considers closing Facebook and Instagram in Europe if Meta can not process EU data on US servers | Michiel Willems, CityAM.com
• Cross-border data transfer dispute at heart of Facebook pullout threat | David Meyer, Fortune.com
• Privacy Shield talks: EU citizens might get right to challenge US access to their data | Lindsay Clark, TheRegister.com
• On Meta’s ‘regulatory headwinds’ in the EU and adtech’s privacy reckoning | Natasha Lomas, TechCrunch.com
• Meta’s WhatsApp issued EU ultimatum over data use | Stephen Warwick, iMORE.com

MORE EU PRIVACY NEWS

• BACKGROUNDER: Europe’s New Ruling On Data Consent Pop-Ups Challenges Privacy Policies For Publishers And Advertisers | Marty Swant, Forbes.com
• UK seeks leadership role in global privacy, says new watchdog head | Jules Menten, FT.com via CaliforniaNewsTimes.com
• GDPR: Hidden Failure of the World’s Biggest Privacy Law? | Shoshana Wodinsky, GizModo.com
• A Digital Magna Carta? The European Declaration of Digital Rights | Christopher Nubing & Dominik Arncken, Morris & Foerster law firm

GLOBAL PRIVACY 

• India’s Data Protection Bill Worries Facebook Parent Meta | TheQuint.com
• National digital ID plan sparks ‘Australia Card’ warnings | Nick Bonyhady, BrisbaneTimes.com.AU
• Ten things you need to know about British Columbia’s privacy law protectins | Jeremy Hainsworth, CoastReporter.net
• OPINION: An argument for why “Web3” will be good for privacy | Adam agol, CoinTelegraph.com
• OPINION: China’s Olympian invasions of privacy and other abuses | Dustin Carmack, Heriitage Foundation via. Tribune News and Olean Times Herald

PUBLISHERS, PLATFORMS & ANTITRUST

• Senate Panel Considers Bill Allowing News Organizations To Band Together | Wendy Davis, DigitalNewsDaily/MediaPost.com
• OPINION: Why This Week’s Senate Hearing On Journalism Was Urgently Needed | Tony Silber, PublishingInsider/MediaPost.com
• RELATED: Publisher trade provides Judiciary Committee pre-hearing talking points | Staff, NewsMediaAlliance.org | AUDIO interview with NMA’s Danielle Coffey 
• Colorado lawmaker proposes $250 tax credit for subscribing to newspaper | Corey Hutchins, ColoradoMedia.Substack.com
• Local Papers Find Hints of Success With Online Subscriptions | Marc Tracy, NYTimes.com

UPCOMING EVENTS

• MEETING: California Privacy Protection Agency Board (CPPA) | Feb. 17. 12:30 p.m. U.S. Eastern Standard time
• WEBINAR: Tracking Proposed State Privacy Legislation |  Feb. 23, Husch & Blackwell law firm
• LIVE/VIRTUAL: IAPP Global Privacy Summit | April 10-11, Washington, D.C.
• IAPP Global Privacy Summit 2022 | April 12-13, Washington, D.C. | (discount offer)
• LIST: Omidyar Good ID project lists upcoming identity gathering

QUOTE OF THE WEEK

Explaining the privacy approach of Multi-Party Computation: A Facebook/Mozilla challenge to Google Chrome identities?

• Engineers from the Mozilla Foundation and Meta’s Facebook this week together unveiled a server-based approach to managing user identity and profiling for advertising called “Privacy Preserving Attribution for Advertising” or “Interoperable Privacy Attribution” (IPA). It involves the use of privacy-enhancing Multi-Party Computation (MPC) servers.  The following are edited excerpts from a joint 56-slide presentation.

“In designing IPA, we set out to find a win-win-win solution for cross platform conversion measurement that met our goals across privacy, utility, and competition. Our privacy goal is to limit the total amount of information IPA releases about an individual over a given period of time. Our utility goal is to support all the major aggregate conversion measurement use-cases. Our competition goal is to ensure equal function for all existing and new ad-tech players . . . .

“[IPA] would allow businesses to see the conversions from ad impressions to purchases, without sharing the personal data of customers . . . With IPA, we can level the playing field so that every ad tech provider can get data on cross device conversions, not just the large companies.

“When ad-buyers spend across multiple ad-platforms, multiple companies may take credit for the same conversion.  This makes it difficult to understand and compare effectiveness of ad campaigns . . . Customers may see multiple ads for a product before they purchase it.Which ad impression should get the credit?  . . .  [T]he IPA proposal could potentially enable cross-publisher attribution; while preserving individual privacy. 

“With ‘multi-touch attribution’, everyone gets a fraction of the credit. If Jane saw an ad on Instagram, a newspaper article and Google search, each of those services might get a third of the credit. In the current system, this is hard to impossible. But with IPA, it might be feasible. With IPA, ad buyers can run their own queries to measure their ad conversions. Because everything is connected there is no double counting. Ad buyers can choose how to apportion credit in cases of multiple touch points. This means one interface to get reporting across all your channels and less need to trust the results an ad-platform tells you.

“After decryption, values from the same person still match up, but since the values are scrambled their identity is unknown . . . The actual values of the match-keys are hidden from the MPC [server] itself. “With IPA, businesses would see accurate ad reporting without sharing personal data with ad-tech companies or anyone else . . . . 

“In this system, instead of sending personal data directly to ad-tech companies, impression and conversion reports with match keys are encrypted using asymmetric encryption and sent to a trusted server . . . The server decrypts the data and matches events up to count how many times someone saw an ad and then made a purchase. They share that count with the ad-tech companies but keep the personal data secret.”

“An ad impression / conversion event that has been encrypted appears as undecipherable ciphertext to ad tech companies . . . In this system, when the server receives the encrypted data, they first apply a ‘blinding factor’, changing the encrypted numbers. Now they decrypt the data – but it has already been changed. So even once decrypted, the server can’t see the original match key . . . “

“Events originating from the same person still have the same value of the blinded match key, so it’s still possible to match up ad impressions and purchases from the same person, but the value of the blinded match key is un-linkable to that person’s identity….Blinding encrypted data is a way for servers to alter user data so that it is still useful, but can no longer identify people personally . . .

?Can we avoid having a single trusted server?  With double encryption, two servers can process the data without either seeing the identity of the user. One solution is to intentionally add a small amount of randomness to the results . . . IPA ensures individual purchase values are never visible to anyone.”