‘A common set of interests between publishers and privacy nerds’: Why publishers are backing the sequel to ‘Do Not Track’
The New York Times, Washington Post and Financial Times earlier this week announced their backing of a new proposal that seeks to give consumers a simpler way to prevent their data being shared carte blanche between the websites they visit and other third-party companies.
Dubbed the Global Privacy Control, the proposal sets out a way for users to signal — via a setting in their browser or in browser extension — to every website that they visit that they do not want their data to be sold or shared.
Since the California Consumer Privacy Act came into effect in January 2020, websites must display a “clear and conspicuous” link on their homepages titled “Do Not Sell My Personal Information” so that California residents can request that they stop selling their data. The problem, though, is that users must manually do so on each and every site they visit — which can currently present a complicated and time-consuming task, according to research published earlier this month from Consumer Reports. (There still remains a little ambiguity about what constitutes a “sale” under the CCPA — though that could be resolved if California voters approve the California Privacy Privacy Rights Act — essentially a CCPA 2.0 — on the November 2020 ballot.)
The coalition of organizations and researchers hopes to succeed where the “Do Not Track” initiative failed.
That effort, first proposed in 2009, ultimately wound down due to lack of industry adoption, largely because adherence to the standard was not legally binding. The difference this time is that the GPC builds on the current CCPA regulation that states businesses must also adhere to the requests of users who opt out from the sales of their data using “user-enabled global privacy controls, such as a browser plugin on privacy setting.”
Further down the line, the hope is that the GPC signal could also extend to become a legally binding mechanism under other global privacy jurisdictions, such as Europe’s General Data Protection Regulation. During its initial experimental phase, the GPC signal is not intended to convey legally binding requests.
Other backers of the GPC include WordPress owner Automattic, search engine DuckDuckGo, the Disconnect tracker blocker, privacy-focused browser Brave, Firefox owner Mozilla, former FTC chief technology officer Ashkan Soltani and Wesleyan computer science professor Sebastian Zimmeck.
“For a while there’s been a realization that there’s a common set of interests between publishers and the privacy nerds,” said Don Marti, a privacy blogger and member of the GitHub developer organization. “The privacy nerds don’t want their information shared with companies that they aren’t aware of and publishers don’t want to lose control of their audience data.”
Until recently, while there had been an obvious shared economic interest between the two groups, there hadn’t been an organizational connection between the technical people on the publisher side and privacy developers on the other, Marti added. The involvement of publishers will aid early real-world live testing of the tool.
The GPC was developed with knowledge of, and with a view to interoperating with, the existing IAB-CCPA compliance framework, meaning the process of adding the GPC should — in theory at least — be fairly straightforward for publishers.
The New York Times is adopting the GPC signal for both CCPA and GDPR.
“The value we see is a very strong link between privacy and trust,” said Robin Berjon, vp of data governance at The New York Times. “As a news publisher the trust of our readers is absolutely essential so we need to be worthy of that trust in pretty much everything we do and how we operate as a business.”
There’s also a business incentive: The less a publishers’ data gets leaked downstream, the more the value of that unique audience data is likely to increase, Berjon said. A consumer opting out from a website selling their data doesn’t stop ad tech companies from being able to serve that user personalized advertising on the site, but it does require that those third-party companies don’t use the data for anything else downstream.
“Much of the [privacy-focused] changes we have seen with browsers, or happening in the law, are a result of the industry not properly aligning with consumer expectations,” said Jason Kint, CEO of publisher trade body Digital Content Next, which is also supporting the GPC proposal. “So left to third-parties and ad tech companies and even tech platforms who have amassed considerable profits and wealth off of using people’s data outside their expectations we will once again fail as an industry to get to solutions.”
The GPC proposal has also received support from influential figures outside the media and tech industry.
California Attorney General Xavier Becerra, who will make the ultimate decision on whether the tool will be legally binding in the state, tweeted on Oct. 7 “This proposed standard is a first step towards a meaningful global privacy control that will make it simple and easy for consumers to exercise their privacy rights online.”
Elsewhere, Sen. Ron Wyden (D-OR) has also supported the initiative.
“It’s past time to give consumers a real and enforceable way to stop companies from tracking and selling their data,” Wyden said in an emailed statement. “My Mind Your Own Business Act would do just that, and this project shows it’s possible.”
Wyden’s bill was introduced to the U.S. Senate in October last year. It would give consumers the option to opt out of sharing data that can be used for ad targeting by imposing a federal Do Not Track requirement on businesses. The Federal Trade Commission would also be given the power to fine businesses up to 4% of their annual revenue for privacy violations. However, Senate Republicans have made clear they have no intention of allowing votes on Democratic privacy legislation this session.
Elsewhere, the Bermuda Privacy Commissioner Alexander White released a statement this week saying the GPC proposal marks “an example of the great potential of interoperability.”
The timeline for mass adoption of the GPC standard is hard to predict, said The New York Times’ Berjon. The proposal was briefly discussed during the Worldwide Web Consortium (W3C) privacy community group’s October 8 teleconference. The W3C is a voluntary consensus organizations that helps set web standards. Representatives from companies including Google, Apple, Microsoft and Facebook were on the call.
The most optimistic timeframe is a matter of weeks if the proposal is approved by the likes of the California attorney general or a European data protection authority — and if the world’s most popular browsers are willing to quickly ship a patch.
However, Berjon said, the GPC coalition is also prepared for opposition, particularly from ad tech, which could make the process stretch out for six months to a year — or even shut it down entirely.
‘I could barely walk’: Some COVID long-haulers radically reduce work hours to cope with symptoms
Professionals who are COVID long-haulers, have had to radically adjust their working schedules in order to cope with symptoms.
Member ExclusivePublishing Summit Recap: Publishers establish infrastructure to future-proof data sets
Publishers shared insights at the Digiday Publishing Summit at the end of September in Miami.
Dow Jones expands Twitter ad revenue-sharing deal to include more properties and for additional years
Dow Jones is adding Barron's, MarketWatch and Investor's Business Daily to become part of Twitter's Amplify program, which has helped the media company to attract social ad buyers.
SponsoredQuestion of the Day: The state of the holiday season for publishers
The Digiday Publishing Summit brought leaders in the world of media companies together with the platform and technology partners that work with them. Across the course of three days in Miami, in September 2021, experts and executives framed the state of publishing — identifying trends and next steps to follow in the year to come. In […]
Publisher and agency executives scrutinize email-based universal IDs as the third-party cookie’s long-term heir apparent
Email-based universal IDs may improve upon the cookie in some ways, but relying upon the email address can introduce privacy concerns.
Member ExclusiveMedia Buying Briefing: A look at the big topics at the Media Buying Summit this week
Media buyers, planners and clients’ efforts to adapt to a changed world will be addressed in a number of ways at Digiday’s Media Buying Summit in Miami this week.