The Open Web - No Time To Die
In February 2020 I wrote a Bond themed opinion piece concerning Google’s motives behind “Privacy Sandbox” and the associated unintended consequences.
Eighteen months later we have multiple regulator’s reports and redacted internal big tech documents that support my analysis. This is progress, but misunderstandings, confusion, and inaction mean the Open Web is imperiled.
Pro Privacy & Anti Sandbox
A common misunderstanding is that Privacy Sandbox improves privacy because it includes the word “privacy”. This is a clever illusion. This article unpacks the magic, before outlining the features of an enduring solution that will improve privacy in practice for everyone.
One can dislike Privacy Sandbox and be pro privacy.
First Party Data ≠?Privacy
Like the plot of classic Bond film Goldfinger, the villain’s objective was not to steal the gold, but to make other people’s gold unusable thus increasing the value of theirs. Similarly, whilst Google’s removal or interference with web interoperability will apply equally to their own services, Google are uniquely placed to increase the value of the first party data they control which remains safe from their impairment efforts. Google are the world’s largest marketer/ad tech and identity company.
Nudge
Google nudge people to remain logged into Google’s services as they navigate their digital world. The logged in browser experience which helps people easily log into websites, and instantly sign up all embed big tech into the fabric of the web.
Even Twitter have succumbed to the big tech “sign up with” features.
Gmail or the Android operating system only work with a Google account which most people remain permanently logged into. Apple iOS is similar.
This dominance gives Google’s data black box unrivalled opportunity to collect and combine first party data. The CMA were among the first to recognise this.
Customer Match
Google Customer Match enables Google to monetise these free services. Marketers just upload a list of email addresses, or other directly identifiable personal data, and Google’s magic does the rest. See the 3 step instructions from Google’s documentation. See the simple instructions Google provide below.
Doritos
PepsiCo recently featured in a case study with Google concerning first party data. I’m assuming that PepsiCo would not have done so had they not been using Customer Match among other Google offerings.
Accessing PepsiCo’s Dorito’s US website results in an immediate ask by PepsiCo (the owner of the Dorito’s brand and not obviously known to the user) for an email address in return for “tasty rewards”.
The PepsiCo privacy policy explains that the email address, or any other personal information provided, can be shared across PepsiCo and its suppliers. “third party” or “third parties” appears 29 times in the privacy policy and does not explicitly include or exclude any specific vendors including Google.
“& More!” in the title above the text box is ambiguous and covers a lot of data sharing and purposes!
The UK website for the Doritos brand does not ask for an email address or any personal information. It operates under a completely difference privacy policy and displays a single consent button banner on first visit.
Clearly the collection and use of first party data varies significantly by geography across the Dorito’s brand. I suspect that is the reason the Google case study refers to Canada, Mexico, Turkey, and US where GDPR does not apply.
领英推荐
Encouraging advertisers and publishers to adopt first party data strategies is clearly good for Google, who has the largest body of data and the most opportunities to engage people. No one else can compete with them.
Hypocrisy
Fortunately, competition regulators recognize Google’s hypocrisy and are investigating. They need to speed up.
Customer Match explains Google hashes the data, does not keep the original data, or use the data for any purpose other than the purposes envisioned by Google Ads’ Customer Match (e.g., targeting content and measuring effectiveness). How do we know they’re doing that? Is there a compliance program in place with reporting to the same standard as financial or other compliance reporting? The answer is of course “no”. The answer is “trust us we’re Google”. Do people really trust Google?
In any case why can’t other third parties (after all that is Google’s relationship with PepsiCo and all other brands’ sites) be trusted? Who are Google (or other web browser vendors for that matter) to assert that others are untrustworthy and restrict their activities? Any classic liberal cannot help but be shocked by this hypocrisy.
Privacy
We can all recognize there are privacy issues associated with the sharing of personal information. If there weren’t, then we would not see the difference between Dorito’s UK and US websites.
Given Google, Apple and Mozilla’s interference with rival’s transfers of data, organizations are increasingly turning to hashed emails (such as UID2), instead of the pseudo anonymous identifiers that have traditionally been shared in third-party cookies.
Thus, web browsers and W3C are increasing privacy risks for billions of people. Using personal data, such as an email address, which is hard to change and does not adhere to privacy-by-design principles is a step backwards. Capturing and sharing consent preferences, even for companies trying to do the right thing like PepsiCo, is very hard.
Replacement
Just like Bond, a replacement is needed.
Privacy Sandbox is being applied to outdated notions in web architecture where “privacy” is bounded by registerable domain names, rather than data protection laws. Why should youtube.com and google.com be considered less of a privacy threat than pepsico.com and google.com? Yet Google are attempting to provide a loop-hole for themselves with First Party Sets.
Data protection laws focus on which organization is accountable for the harm it perpetrates, not on notions of how they’ve structured the navigation of their web sites or whether they must rely on partners to operate and grow their business. A first party can harm people just as much as a third party.
Replacing the web privacy boundary to adhere to laws would eliminate the need for Privacy Sandbox which discriminates in favor of “large entities” and is harmful to the web.
Transparency
Shifting to a system where all personal data (both identity-linked and pseudonymous) is encoded with information about when, and who collected it, and made transparent when it is used would go far further in fixing many of the privacy problems in today’s digital economy. Data would instantly be accompanied with authorized processing purposes communicated in a language that people could understand. All recipients would be able to confirm the validity of data with the collector as well as the identity of the data sender. This would not only improve the situation for people, but for marketers who could better detect and publishers who could better understand whether an organization in the bid stream is adding any value to their business. Standard contracts would be developed to cover these common data sharing purposes and use cases.
Within the web browser, the interface could prompt people if visiting a site that did not adhere to a common contract that specified what would be done with their personal data. I’ve proposed this to the W3C.
People have choice and privacy that they decide, not big tech.
Audit
If big profits come from processing data, then adherence to the laws associated with data sharing and processing must be given more prominence. Extending regulations like Sarbanes Oxley to include the governance of data processing and sharing will incentivizes compliance, identifying bad actors and bringing them to justice. Such audit should apply to all participants, not just the very largest.
Think Differently
Remedies to the problems of privacy and choice require an appreciation of laws and economic incentives as well as engineering. Advocating for a rethink of web privacy boundaries and a delay to Privacy Sandbox does not make me anti privacy. Far from it.
The Open Web is not yet ready to die, but it will take many more varied voices advocating for privacy and choice to make it live for another 25 years.
Find out more about these ideas at swan.community.
Good one James!