How Discussions at the World Wide Web Consortium Could Undermine Efforts to Strengthen Privacy

Posted on Jul 29, 2021 by Glyn Moody

One of the surest signs that privacy is becoming a major factor in the online world is the attempt by major Internet companies to claim that they value it. Mark Zuckerberg proclaimed that “The future is private“, while Google wrote that “Privacy is paramount to us“. As part of that attempt to jump on the privacy bandwagon, Google announced its “Privacy Sandbox”. This essentially blocks third-party cookies in Google’s Chrome browser, and replaces them with a new set of tools that Google claims will protect privacy better.

In January of this year, Google offered a progress update on the Privacy Sandbox. But a couple of weeks before that blog post, Google’s plans were thrown into disarray by a press release from the UK’s Competition and Markets Authority (CMA), which works “to promote competition for the benefit of consumers, both within and outside the UK”. The announcement revealed that the CMA had opened an investigation into Google’s proposals to drop third-party cookies from Chrome. As a result of this unexpected turn of events, Google seems to have slammed on the brakes for the Privacy Sandbox: it now says that “it’s become clear that more time is needed across the ecosystem to get this right.” Actually, behind the scenes, rather more is happening than simply slowing things down a little. The UK’s CMA is getting quite deeply involved in the project:

The CMA is to take up a role in the design and development of Google’s Privacy Sandbox proposals to ensure they do not distort competition. The CMA is now launching a consultation on whether to accept Google’s commitments. If accepted, the commitments would be legally binding.

Although the new commitments from Google are chiefly addressing UK’s competition concerns , the CMA rightly notes that “they are likely to have implications for the global implementation of Google’s Privacy Sandbox proposals.” As with the EU’s GDPR, the global nature of privacy is evident.

The original press release notes that the CMA acted after receiving a complaint from a group calling themselves “Marketers for an Open Web“. Alongside “privacy”, “open” is another much-abused word. The organization’s site says: “Marketers For An Open Web has a shared goal of preserving the web as an open platform for diverse and rich experiences provided by multiple parties.” But this isn’t about openness, which is a technical issue to do with computer standards, it’s about fighting the domination of Google in the online ad market. That’s certainly a problem – one that this site was writing about many years ago.

It’s also about defending advertisers and their use of surveillance advertising – “Advertising Funds the Open Web“, another section claims. But advertising doesn’t fund the “open Web”, which is a set of non-proprietary technical standards; advertising does fund much of the free Web, but that’s largely a historical accident, a consequence of how the Internet embraced commerce in the 1990s. Indeed, today there is a major move away from ad-funded material, towards subscriptions policed by paywalls. Not that advertising itself is problematic: as this blog has reported for some time, what is harmful is the massive tracking it draws on, and its use of micro-targeted ads delivered through real-time bidding. There are alternatives that work perfectly well, but not ones that the advertising industry likes, given its huge investment in surveillance technologies.

The attack by Marketers For An Open Web on Google is not limited to its complaint to the CMA. A rich and fascinating feature by Issie Lapowsky on Protocol reveals that the director of the group, James Roswell, has become extremely active in some discussions run by the World Wide Web Consortium (W3C), one of the key global institutions for defining new online standards. According to Lapowsky’s reporting, Roswell has concerns not just about Google’s Privacy Sandbox, which are justified insofar as they touch on the way it strengthens Google’s grip on the online ad sector, but also about other key players that produce Web browsers – companies such as Apple and Microsoft. However:

the engineers and privacy advocates who have long held W3C territory aren’t convinced. They say the W3C is under siege by an insurgency that’s thwarting browsers from developing new and important privacy protections for all web users. “They use cynical terms like: ‘We’re here to protect user choice’ or ‘We’re here to protect the open web’ or, frankly, horseshit like this,” said Pete Snyder, director of privacy at Brave, which makes an anti-tracking browser. “They’re there to slow down privacy protections that the browsers are creating.”

Snyder and others argue these new arrivals, who drape themselves in the flag of competition, are really just concern trolls, capitalizing on fears about Big Tech’s power to cement the position of existing privacy-invasive technologies.

This is the real danger here. Under the guise of challenging Internet giants, a false dichotomy between privacy and competition is being created in order to blunt efforts to implement effective new standards that enshrine data protection in browsers and elsewhere. In fact, stopping all companies from tracking people online would boost both privacy and competition. The Protocol article makes clear that the arguments around privacy are now so heated and confusing that some policymakers may give up trying understand what is best, and simply leave the status quo, where everyone online is tracked relentlessly and invasively – exactly what the advertising industry wants. The exception could be those in the EU, fortified by the global recognition of the GDPR as the gold standard for data protection. As a previous post noted, there are already calls in Europe for micro-targeted advertising to be regulated or even banned.

Featured image by trainer24.