Authors: Philippe Le Hegaret, Ralph Swick
Status: Final
Visibility: Public
Public records of formal objections
Those formal objections were included by reference as part of the 2023 formal objections.
The Charter for this group states that its scope is to improve privacy in relation to digital advertising.
[W3C Member 2022.1] shares the tenets of this group that advertising as a funding model for the web is beneficial. Along with many other W3C members, [W3C Member 2022.1] supports efforts to ensure advertising remains an effective and efficient funding mechanism available to these digital businesses. The risks to the open web are well documented, should proposed mechanisms for advertising fail to adequately support decentralized digital properties:
“Second, blocking cookies without another way to deliver relevant ads significantly reduces publishers’ primary means of funding, which jeopardizes the future of the vibrant web. Many publishers have been able to continue to invest in freely accessible content because they can be confident that their advertising will fund their costs. If this funding is cut, we are concerned that we will see much less accessible
content for everyone. Recent studies have shown that when advertising is made less relevant by removing cookies, funding for publishers falls by 52% on average.”
[Building a more private web]
Advertising is a business process
Advertising is a business process. Digital advertising is paid by a marketer to a media owner, and hence is primarily a business-to-business process. Of course, the goals of both marketer and media owners are to attract, engage and achieve positive responses from consumers who are exposed to such paid content. To support the needs of responsible advertising, the Charter would benefit from clarifying some concepts.
Given both publishers and marketers wish to understand which ads are driving business outcomes relatively better than others, some feedback loop is required. Ensuring some controls exist to act on this feedback enables marketers to improve the effectiveness of their spend, driving increased revenues for publishers. This exchange of information between publisher and marketer organizations is by definition a cross-context or cross-site exchange of data.
We do not believe the above is in dispute, as the Charter explicitly focuses on cross-context and cross-site processing of Personal Information for advertising business purposes, such as remarketing, frequency capping and attribution as being in scope.
Improving privacy when conducting business processing
We are all interested in improving privacy when conducting business processing of Personal Information.
We note in forming this working group, the drafters were unable to align on a clear definition of “privacy,” and instead took as its focus appropriate risk mitigation.
To mitigate risks to specific individuals, the group often focuses on the output of data provided after the advertising business processing has been conducted. However, to appropriately address the concerns raised, we believe the Charter must also address concerns regarding the collection and processing of the input Personal Information.
Appropriate processing of Personal Information should be the focus, rather than which organization does such processing. There should be multiple mechanisms for web authors and media owners to work with business partners of their choice, rather than relying exclusively on consumer software manufacturers who also offer business advertising solutions for such processing. All actors must comply with regional data protection regulations, so any additional risk mitigations ought to be explicitly defined as to how a proposal reduces risks when an implementor processes Personal Information.
[W3C Member 2022.1] is concerned that without modifications to the Charter language, there is a high risk of restricting competition for improved digital advertising while we seek to improve privacy outcomes for individuals.
By appropriately addressing these issues during the Charter stage, we believe this will improve the overall focus of the group and the utility of its work product. It will allow a full discussion of the range of use cases which may come up with no arbitrary limitation or framing so as to privilege particular businesses or their views on the appropriate role of the technology when it intersects important policy issues.
In line with the above, [W3C Member 2022.1] has grave concerns and, in a constructive spirit, raises a Formal Objection regarding the Private Advertising Technology Working Group Charter to ensure we can appropriately mitigate some potential, unintended consequences in the standard specifications this group proposes to develop.
Issue 22.1-1: The Charter is silent on which risk mitigation methods are in scope to address concerns
The Charter text states:
"The Working Group may consider designs that allow user agents for the same user — including non-browser agents, like Operating Systems — to collaborate in providing advertising features."
The Charter would be greatly improved from listing specific concerns and mitigation methods that it will pursue for this collection and processing of the input Personal Information, especially when collaborating in providing advertising features. For example, the Charter might rely on meaningfully informed consumer consent as the basis for reducing risk from such processing. If it were to pursue this approach, then how to meaningfully inform consumers of business processing of Personal Information would also be in scope.
Assuming it is useful for consumers to select the business software used by the digital properties they visit, logically one would expect the Charter not to limit which choices a user would have to enable different software providers to “collaborate in providing advertising features.”
Consumers are unlikely to be informed of all business processing purposes or solution providers that support the digital properties they frequent, and it is questionable whether burdening them with such education is an appropriate approach to the necessary handling of business-initiated exchanges of innocuous Personal Information in our data-driven world. Yet without such information about business
processing, consumers cannot make meaningful decisions regarding such processing decisions. If alternately one were to believe consumers should select which business solutions the digital properties they frequent should use, then one ought to suggest that consumers should be free to choose other software solutions to perform this business processing rather than limit their choice exclusively to consumer software manufacturers. We note that some reliance on software processing outside the user agent is contemplated in the Charter when mentioning specific use cases (e.g., Private Attribution). Thus it would be useful to further define which factors are considered in stating such processing is appropriate or alternately increases risks to individuals.
If we look to the risks identified by data protection regulations, they include re-identification risks and illegal discrimination by using special category sensitive information, even when such data is not linked to a specific individual’s identity.
The Charter would be improved by making explicit exactly which safeguards must be in place by any software that will collect and process the input Personal Information and how any business software could apply the safe processing of cross-context and cross-site data that is envisaged to be conducted by OS and browser manufactures for advertising purposes in the current draft. Examples of mitigation measures might include:
- relying solely on de-identified input data for all processing, rather than identity-linked data,
- conducting such business processing only with prior explicit, opt-in consent, or
- ensuring audit logs for the records of such processing activity are easily available to end users.
Indeed, there is a notable absence of this final point, namely establishing practices and technologies that can aid software designers in proving compliance with risk-mitigated data processing.
Issue 22.1-2: The Charter is silent on how appropriate cross-context or cross-site business processing can be conducted
The Charter text states:
Here "privacy" minimally refers to appropriate processing of personal information.
The Charter admirably seeks to improve privacy for individuals, when interacting with ad-funded digital businesses.
The Charter explicitly mentions the collection and processing or Personal Information for business advertising needs such as “remarketing,” “frequency and recency controls” (aka “frequency capping”) and “attribution.”
Given all the above business use cases require collection of user activity cross-site and cross-context to perform the appropriate processing that produces:
1. the output eligibility for a specific business’ advertising campaign (e.g., remarketing),
2. restricting delivery based on marketer-initiated parameters (e.g., frequency capping), and
3. the value to a marketer for prior exposures across media owners inventory (e.g., attribution),
the group expects that it is possible for such data collection and processing to be done appropriately.
If software envisaged by this Charter is to responsibly process cross-site or cross context information for digital advertising (such as frequency capping and attribution), it would be useful to ensure how such processing is improving end user privacy.
However, the Charter fails to describe how to distinguish among the appropriate from inappropriate cross-context and cross-site data collection and processing to support these business use cases. Without such guidance referenced in the Charter, it is difficult to understand which proposals or data processing practices would or would not properly be in scope.
We recognize that there are a wide range of perspectives on defining “privacy” as well as what is “appropriate” – and indeed for this very reason would like to ensure the Working Group remains open to responsible uses of data exchanges that benefit individuals, particularly from smaller organizations that by definition of their size must rely on more partners than their larger rivals.
Issue 22.1-3: The Charter is silent on how trade offs in utility will be applied relative to reductions in risk
The Charter focuses on addressing the needs of individual web users that must be balanced with those of businesses involved in digital advertising. When a particular topic is too subjective, then it may make sense to not preclude future innovation by overly constraining how software may function, but err on the side of openness and choice. As regards the Charter, this is simply the principle of keeping a more balanced perspective at the chartering stage. For example, there are serious concerns about arbitrary restrictions on some types of highly responsible and secure data handling on the basis that it involves moving data between sites or contexts. This is not always harmful and sometimes can be very helpful (e.g., frequency capping can reduce annoyance that comes from over exposure). The Charter ought to bear in mind these forms of use cases. We feel that the Charter can be improved by making explicit its intent to balance the rights of users with the freedoms required to support the advertising needs of the decentralized open web publishers. If helpful and beneficial data exchanges are restricted, this could have negative implications for end users as well as society.
The Charter ought to identify the weighting criteria involved for balancing the trade offs among improved effectiveness for business outcomes and reduced risks to specific individuals from the business processing of their Personal Information. While the weighting may be up for debate, the Charter ought to list the criteria it will use in making such judgment calls. A potential list of business factors could include:
- efficiency of exchanges required for digital advertising,
- relative ability of publishers to generate revenue from digital advertising,
- relative effectiveness of paid media for marketers,
- cost of implementation by publishers or marketers, and
- foreseeable impacts on competition.
Of course, the above criteria ought also to be balanced with some practical improvement for individuals. Accordingly, it would be useful to list which risks are eliminated by specific proposals, even if they reduce utility or increase costs.
As part of the risk-mitigation measures, data protection regulations provide guidance on the appropriate privacy-by-design measures, which are largely consistent across regions. These same regulations clearly articulate risk-mitigation measures associated with the processing of Personal Information that are meant to appropriately balance the rights of individuals with the freedoms of the organizations with whom they interact.
The Charter would be improved by similarly and explicitly recognizing this need for balance.
Issue 22.1-4: The Charter should ensure risk mitigation is proportional to the concern of processing Personal Information
If we look to data protection regulations, they suggest measures to reduce the risk to specific individuals from the processing of Personal Information.
Data protection regulations (e.g., CPRA & HIPPA in the US and GDPR in EEA) share the same goal of providing guidance on how to support responsible sharing of Personal Information, rather than preventing all sharing among organizations.
Differing regional data protection regulations supply largely conforming definitions of Personal Information (aka Personal Data). These same data protection regulations distinguish aggregate anonymous data from the concept of Personal Information. More importantly, these regulations distinguish identity-linked Personal Information that poses high risk, with pseudonymized Personal Information data that poses lower risk.
Many organizations that highlight their support for consumer privacy emphasize this key distinction. As just one example, Apple’s privacy policy notes that its software relies on such pseudonymous “random identifiers” that are not linked to the identity of Apple customers:
“Apple News leaves what you read off the record.
Apple News delivers content based on your interests, but it isn’t connected to your identity. So Apple doesn’t know what you’ve read. Many news sources keep track of your identity and create a profile of you. Apple News delivers personalized content without knowing who you are. The content you read is associated with a random identifier, not your Apple ID.
You get editor-curated content and a personalized newsfeed so you can stay up to date with the latest news and stories. And because Apple News uses machine learning, the more you use it, the better your app gets to know what you like — without Apple ever knowing what you’re into.”
[Apple Privacy Policy]
The Charter would be improved by ensuring that proposals to responsibly share lower risk input data for digital advertising are within scope.
Issue 22.1-5: The Charter should afford the same risk mitigation measures to users equally to all software manufacturers, regardless of whether a consumer-software manufacturer or business-software manufacturer provides the advertising solution
The Charter text states:
“Ways in which new features might enable inappropriate processing include (but are not limited to) enabling of cross-site or cross context recognition of users or enabling same-site or same-context recognition of users across the clearing of state.
The Working Group may consider designs that allow user agents for the same user — including non-browser agents, like Operating Systems — to collaborate in providing advertising features.”
The Charter fails to outline which safeguards must be in place by OS or browser manufacturers or other user-agents, in their own collection and processing personal information to address concerns related to cross-site or cross context recognition.
Most OS and browser manufacturers offer individuals the ability to register an account that discloses their identity to this consumer software. There must be some technical or organizational measures to ensure such organizations can collect and process digital activity, but not mingle it in ways that would increase risks to specific individual’s privacy. This recalls the example cited above, where when processing cross-site or cross-context information is associated with a random identifier rather than linked to individual’s identity.
The Charter could be improved by clarifying how other entities can rely on similar mechanisms as contemplated by user agents, browsers or operating systems to reduce the risk to specific individuals associated with the collection and processing of Personal Information.
It is practical to ensure we design solutions that enable individuals to disable recognition of the same user after clearing state. However, the Charter seems to overlook the need for individuals to clear recognition of their identity from the user agent or other web-navigating consumer software, while not interfering with their account recognition or even non-authenticated data that is a key part of their desired interaction with various digital properties across the open web.
Indeed, the second sentence quoted from the Charter above, seems to support enabling cross-device use cases that allow for matching of the same user’s activity for business processing purposes across devices or user agents, so long as these are provided by business-to-consumer software manufacturers.
Should the Charter mean that risk to specific individuals is reduced when a user agent, browser or OS manufacturer performs such business processing, then the Charter would be improved by explicitly describing which risks are eliminated when conducted by such consumer software.
Without such justification, the Charter suggests that it is concerned only with benefitting consumer software manufacturers that compete with software solutions provided by manufacturers that specialize only in business advertising solutions. While likely not intended, we note that this is the analogous concern to the TAG’s review of First Party Sets, which found that “proposal can result in detrimental effects to the greater web ecosystem. It is likely that this proposal only benefits powerful, large entities that control both an implementation and services.” [TAG Review]
Without such explicit guidance, the Charter would unintentionally favor organizations who have the time and resources to participate in the W3C without incorporating appropriate market feedback from the digital properties and marketers whose businesses this group seeks to provide advertising solutions.
Issue 22.1-6: Ensure the Charter does not inappropriately limit discussion to channels of distribution or divisions of markets that would violate the W3C Antitrust and Competition Guidance
The W3C Antitrust Guidelines include:
“W3C does not play any role in the competitive decisions of W3C participants nor in any way restrict competition…. For example, participants should not discuss product pricing, methods or channels of product distribution, division of markets, allocation of customers, or any other topic that should not be discussed among competitors.”
We note with approval that the Charter makes explicit reference to the W3C’s Antitrust policy.
However, to comply with this policy, the Charter could be improved by ensuring that it is not restricting “channels of product distribution” or “division of markets” by its current language that seems to limit all processing of personal information to being conducted inside user agents.
It is fair that business advertising software not involving use of consumer software as an input (e.g., content creation or media mix modeling) ought to be beyond the scope of this Charter. However, so long as the business advertising specifications contemplated by the Charter involve a user’s interaction with a digital property, then it seems prudent not to limit the appropriate business advertising processing exclusively to consumer software manufacturers to divide the market amongst themselves and their chosen partners or be the exclusive channel for accessing business advertising solutions. Were the Charter to limit scope of acceptable proposals to only those where business processing is controlled by business-to-consumer software manufactures, without evidence that such processing is putting the interests of users ahead of the business software manufacture themselves, then this poses a high risk of limiting rival business software providers ability to compete on the merits. What if the business-to-consumer software were only to charge rivals to participate in business solutions for digital markets?
As such, the current Charter raises competition concerns.
The Charter language as drafted does not provide guidance when the group considers preventing a given data processing practice altogether or only under specific circumstances, such as posing lower risk to a specific individual. Indeed, without modification the current draft suggests that a given business-processing purpose is less of a concern purely because it is bundled with the business-to-consumer software of the same manufacturer. This is unlikely to be the intent, as privacy risks adhere to the nature of what input data is collected and purpose for which it is processed and what reasonably likely harms could occur, rather than which software manufacturer conducts the same data processing of identical data inputs.
It is undeniable that a user interacting with a digital property must involve some consumer software. However, as stated above, there is currently a lack of definition around appropriate safeguards any business-to-business ad system must ensure is in place to conduct the processing of this input data for the business advertising solution appropriately.
If the Charter were to state that specific business advertising software processed on a server may have access to raw cross-context input data, but other software should not, then it must be more explicit on why certain server software may obtain this data, but other software should not. For example, the explicit reference to Private Attribution Measurement emphasizes how the post-processed output data will be protected from other recipients learning about the input data, but is silent on how this software itself reduces risks to specific individuals from the cross-site or cross-context processing of this same input data.
The Charter text states:
“Private Attribution Measurement
This specification defines how to privately measure advertisement attribution/conversion rates without revealing whether any individual user converts or does not.”
The Charter would be improved by explicitly listing the distinguishing characteristics of how responsible business-to-business software, specially that focused on meeting advertising needs, can be distinguished from business-to-business software conducting inappropriate cross-context and cross-site processing of personal information.
REFERENCES
- [Building a more private web] Justin Schuh, Director, Chrome Engineering, Google (August 22, 2019). https://www.blog.google/products/chrome/building-a-more-private-web
- [Apple Privacy Policy] Apple Privacy Policy (last accessed: September 19, 2022). https://www.apple.com/privacy
- [[TAG Review] TAG Review Feedback on First Party Sets (April 7, 2021). https://github.com/w3ctag/design-reviews/blob/main/reviews/first_party_sets_feedback.md
*51Degrees’ Formal Objection to Proposed Private Advertising Technology Working Group Charter**
**05 October 2022** - updated footnote 4, 8, spacing, and section related to W3C due process
Issue 22.2-0 - Due Process
The timeframe for review of this proposed charter was extended because "it did not gather enough reviews." The W3C process only allows for charter review to be extended when a member requests an extension. If the charter did not gain review from 5% of the membership within the alloted timeframe and no member requested an extension then the charter failed to gain sufficient review and the proposers would need to reflect on that before then considering resubmitting.
Indeed a proposed chair of the group rejected a request related to the timeframe for review prior to the AC review process commencing stating "I think that [the chartering process timeframe] should allow plenty of time...".
For those already skeptical of the W3C's impartiality the failure to follow due process for working group charters and formal objection handling further erodes confidence in the W3C.
**Introduction**
This note sets out objections from 51Degrees concerning the Proposed Private Advertising Technology Working Group Charter (“the Charter”).
51Degrees is a business-to-business (B2B) data company used in sectors including finance, insurance, travel, publishing, eCommerce, content management, analytics, fraud detection, and advertising. 51Degrees are a founding member of Movement for an Open (MOW)[^1] and are grateful for MOW’s support in preparing this Formal Objection (FO).
The Charter seeks to debate and create W3C recommendations for web advertising services that must be implemented to some extent within a web browser and therefore provide web browser vendors significant control over the business of web advertising services in practice. It is a Charter for a working group whose mere existence will impact on competition.
Such a charter is very different to one which seeks to debate and create W3C recommendations for general purpose features which are not intended for specific markets and are demonstrably competitively neutral. For example, Cascading Style Sheet (CSS) or accessibility. As such this FO must also encompass the inadequacies associated with W3C processes and practices where they relate to competition and due process.
All the issues raised can be addressed via modifications to the Charter text to detail exactly how the inadequacy will be addressed by the group[^2] and also optionally via changes to W3C policies and processes[^3] which would apply to all groups.
Further 51Degrees considers the Charter to be part of a mosaic of actions by those seeking to interfere with competition in digital markets via standards bodies. The discussions concerning advertising hosted by the W3C have already had an impact on competition even before a single recommendation has been drafted and passed to the AC for review.[^4] As such the Charter cannot be considered in isolation of these related actions and positions.
The objection relates to four issues and includes constrictive proposals to address them:
Issue 22.2-1: Starting assumptions about cross-site and cross-context data handling in relation to privacy.
We live in a data driven economy and while exceptions to the exchange of data that drives the economy are provided for in the law, the general position is that data exchange is permitted. The charter should revisit language that can be taken to read that some helpful data flows will be restricted.
- While there are areas where cross-site and cross-context can raise concerns, they are not universal, and there are also instances where handling innocuous data across domains and contexts can be beneficial to users.
- Instead of focusing on these data flows, there is a need for a workable definition of “privacy” the Charter must define the actual scope of “private advertising” and “privacy”. The handling of information using appropriate safeguards does not directly raise consumer harms, and can confer benefits, so undue limitation of the scope for use cases in the Charter language is unwelcome.
- The UK Competition and Markets Authority (CMA) and Information Commissioner’s Office (ICO) clearly state that there is no distinction between first and third party in their May 2021 joint statement in determining privacy risks.[^5] The Charter must explicitly acknowledge that position if those who accept this regulator’s position are to contribute.
- The Charter needs to specify the guidelines the group will use to mitigate risks to individuals from the collection and processing of their personal data regardless of which organisation is collecting and processing Personal Data.
- **Issue:** These are inadvertent implications of language choices that need to be clarified at the Charter stage. The Charter most not take the position that all data will be regulated, to avoid pre-empting a debate about which specific data handling practices raise concerns. Explicitly avoiding the use of first and third party and focusing on risk of harm will help this group and the work of the W3C more generally as requested in 51Degrees general communication in June 2022 concerning 1st and 3rd party thinking[^6].
Issue 22.2-2: Potential commercial sensitivity of some proposed focal areas.
There are issues associated with inadvertently embedding sensitive commercial decisions in the standards layer. This raises questions about the W3C’s antitrust guidelines[^7] and whether taking positions on certain specific functionalities complies with those policies. There is also a need to ensure that any standard, Working Group Charter, or debate, does not unduly restrict competition and that competing access to lawful data flows for responsible uses remains unimpeded.
- **Issue:** The Charter should omit references to commercially sensitive matters within standards definition, to be sure proposals discussed will not conflict with the antitrust policy. Alternatively, if sensitive matters are to be discussed, clean team arrangements should be in place to ensure that the commercial impact on participants in the debate is suitably firewalled.
Issue 22.2-3: Scope of success criteria.
Success criteria correctly identify users as a focus but omit other constituencies of direct and indirect system users.
- **Issue:** The success criteria should be extended to capture direct and indirect benefits from technology, such as foreseeable impacts on publishers including smaller publishers.
Issue 22.2-4: Due process and potential conflicts of interests.
Inevitably, and appropriately, large technology companies have a major role to play in developing new technological standards. However, there are conflicts of interest if W3C members face financial impacts from system design decisions. At present, these can be objected to under the W3C Process Document, but there is no clear framework for how a commercial conflict of interest should be addressed as part of the group’s design process, especially given the under representation of small businesses in the W3C. There is also a concern that proposed group members have strong views in some of these debates, which may not represent the breadth of views of the membership[^8] or all participants in the web. There is a need for demonstrable neutrality.
Unrestricted participation must be shown to demonstrate neutrality. Further work is needed on how unrestricted participation is assured within W3C. For example, it appears that the current W3C Process Document seeks to assure unrestricted participation by aiming for consensus and hence negotiated input from all where, at Section 5.2.1 it states that consensus is not achieved if anybody registers a Formal Objection. If that Formal Objection is arbitrated by a neutral party on an objective basis, then non-partisan participation can more readily be shown to be taking place.
**Issue:** The charter must articulate a clear framework to address conflicts of interest, particularly in those cases where debate and potential recommendations have a self-preferencing commercial impact. For example, there could be a process for such commercially affected members to stand aside while the matter is referred out to more neutral participants, such as consumers of the systems (e.g., publishers rather than technology vendors).
**Assessment**
The web is now used by five billion people and powers trillion US dollar markets where individual companies have market capitalizations measured in trillions of US dollars.
51Degrees observe that W3C fail to implement existing guidelines concerning antitrust[^9] and these guidelines are not suitable for a 501(c)(3) legal entity[^10] governing the web. These observations are the subject of separate correspondence from MOW and further examples can be provided.
The newly appointed Board of Directors must address these issues before this FO is assessed. Without a process that an objector has confidence will be followed fairly the objector can never be satisfied with the outcome. Recent FO assessment and resolution has not followed due process.
The Charter raises issues that are complex involving laws and economics. They are important to the mission of the W3C. If the W3C Team believes that the FO would be more efficiently handled by splitting out the different concerns, then 51Degrees are willing to consider doing so. It is not possible via the submission process for one organization to raise distinct FOs concerning the same charter.
Issue 22.2-11: Starting assumptions about cross-domain and cross-context data handling
*Elision of privacy and personal information*
The Charter refers to the interrelationship between advertising, privacy, and personal information as the core focus of the Working Group:
The purpose of these features is to support web advertising without compromising user privacy. Here “privacy" minimally refers to appropriate processing of personal information.
Indeed, “Privacy” within W3C has so far been defined as “Preventing the unintended or unauthorized disclosure of information about a person.”[^11] This definition aligns with applicable data protection regulations that recognize people’s privacy rights relate to information linked to specific consumers, natural persons, or data subjects.[^12]
However, it is becoming clear that the relationship between personal data and privacy is more nuanced:
- Privacy and personal information are not identical concepts. Sometimes, information that may link to a device, or even to a person, is not private –
especially when a user is interacting with other members of society. This would be so with innocuous data. Consider an example like height. Height is visible and allowing advertising to use it *responsibly* may well be helpful in some contexts, even on a tailored basis (e.g., tall people finding tall clothing stores).
- As explored below, much marketing data is not linked to specific individuals at all, e.g., through pseudonymisation or other appropriate privacy-by-design measures. But even if it were, substantial amounts of information sharing may be consumer friendly, if it helps people to more easily find products and services of interest. This also helps publishers to generate income, which indirectly helps consumers by funding their access to digital content and services.
- In other cases, data which is not about specific individuals might link to data protection or privacy concerns. Even a system that, strictly speaking, is not itself linking to identity could raise a concern if tailored content were to reveal something private, e.g. through shared device use. Privacy concerns could arise if identity can be revealed by someone else (e.g., another system user) and shows that the definition of privacy does not always align with personal data use from the user perspective.
- Still other situations involve data handling which is not personal at all (e.g., fully anonymised data) which seems not to raise a privacy concern at all. However, the legal side of the debate has not always taken that position. A reference to protecting “personal information” in all cases could be taken to imply this, limiting beneficial use cases where data should flow given the balance of interests favours the beneficial users over the risks to specific individuals.
In summary, because personal data and privacy are not the same thing, it would be mistaken to lay a foundation based on eliding the two. Instead, there should be an investigation to establish what is “private." The statement refers to “appropriate processing of personal information” and it may be that “appropriate” already catches this concern, but it would seem wise, at the Charter stage, to preserve the position as regards the interrelationship between privacy and personal data. Simply omitting the sentence on the relationship between privacy and personal information will allow an open-minded debate on point.
*Cross-site and cross-context data handling*
The Charter takes a position on the use of data across sites and contexts:
“Ways in which new features might enable inappropriate processing include (but are not limited to) enabling of cross-site or cross context recognition of users or enabling same-site or same-context recognition of users across the clearing of state.”
There will be circumstances in which cross-site and cross context data handling raises concerns. For example, medical records call for strong protections against out of context use. But as with the link between privacy and personal information, the picture is more nuanced.
Some user-friendly data handling happens across different sites and different contexts. Users have a strong interest in accessing free content. Personalised advertising can yield up to 71% more return on investment to a content publisher, indirectly furthering consumer interests. This was seen when Apple’s ITP began to block some of this data on Safari (See e.g., the UK Competition and Markets Authority’s Mobile Ecosystems Market Study Interim Report, p. 249)[^13]. For specialist websites with even more nuanced content, the figure may be even higher.
*Conformity with existing W3C approaches*
The web standards bodies and W3C members have proposed “origin,” “site” and “context”[^14] as potential boundaries across which user expectations may not align with lawful flows of data sharing. “Context” is frequently not a boundary of an origin (e.g., Wikipedia.org has multiple contexts but one origin per language), yet the ambiguous term of "context” is proposed for use in the Charter itself.
The Charter needs to specify what is the touchstone by which this group will work by to mitigates risks to individuals from the collection and processing of their personal data. The current language is not precise enough to provide sufficient guidance on when a proposal is improving privacy versus merely specifying which organizations or category of web participant this group believes ought to collect and process specific individual’s personal data.
**Example of helpful cross-site and cross context data handling:**
A freelance product review writes a specialist blog for children’s car seats. The reviewer measures how seats fit for relatively rare use cases such as requiring three car seats across a back seat. Some cars are large enough; others are not; and information available to the parents is poor.
The reviewer dutifully measures out the cars and provides reviews that save parents hours of time.
Using current cookie-based technology, the advertising technology behind the website would be able to provide at least some information on conversion and would allow at least some return on the investment of time via pay-for-performance or affiliate marketing commissions.
This funding increases the supply of helpful reviews from smaller blogs.
Proposals to stop cross-context or cross-site data handling would limit or even eliminate this use case, replacing it with contextual advertising, or turn it into a monopoly by the largest platforms or internet gatekeepers. In cases where the blog is no longer written, this effectively puts the blog out of business and means that the lost income is 100%. So the 71% average loss for some content producers may, in fact, be a low end estimate.
The loss of this added value to content producers harms the user interest:
- The user interest is in having the information on the car seat, and provided that privacy-by-design safeguards are used, there is no clear downside to the user from the data flowing, *including across contexts and domains*.
- On the contrary, there is an upside. This is especially true for specialist and minority interest which may be poorly catered to on purely contextual approaches, which have a “herd” tendency.
- There will be many similar examples where the consumer interest is in having innocuous data flow, provided that the relevant safeguards are in place. Indeed doodle.com[^15], often used by W3C participants to arrange meetings, is funded from advertising that operates as described and which the group intends to create web standards to interfere with.
This is a helpful use case, and Charter language should not diminish it at the debate framing stage, to ensure that the next generation of technology can cater to it.
*Reference to “users” rather than distinguishing between user identity vs pseudonymous identifiers kept distinct from identity-linked data*
There is also the difficulty that the reference to “users” elides the important difference between pseudonymised users and the identity of system users. This may not be intended, but may inadvertently decrease the scope for discussion of the role of privacy-by-design safeguards that have an important role to play in these debates.
However, there are also some positive points from 51Degrees’ point of view. For example, the reference to “inappropriate processing … across the clearing of state” seems sensible as a means to focus on what consumers want and to protect their choices (e.g., allowing those users who are concerned about a site or organization recognizing their web-enabled application after they exercise their right to be forgotten, such as by clearing state).
There is also much to like, from 51Degrees’ perspective, in the idea that “The Working Group may consider designs that allow user agents for the same user —
including non-browser agents, like Operating Systems — to collaborate in providing advertising features.” This seems sensible as it paves the way for focusing on risk management via a range of vendors and technical solutions, rather than isolating all control over data collection and processing to web browser vendors.
Indeed, this potentially helps to align with some trends in the wider data policy community with which the proposed standards and Working Group will engage.
It may simply be that the language about cross-site and cross domain handling, just like the privacy/personal information language, needs to be clarified in relation to protecting other rights (e.g., freedom of speech/expression, freedom to operate a business or cross-context data portability) to ensure it is not unduly restricting the scope for debate in the context of these developments.
**Developments in wider data protection circles regarding cross-site and cross context data use**
51Degrees appreciates that the desire of the Working Group is to focus on technology and not surrounding policy debates of general application. However, to the extent that de facto standards may contrast with the law and may be very widely deployed, it seems helpful to cast an eye on trends in developing data protection regulation. At least one participant, Google, is obliged to use legal definitions of privacy law in its proposals under a regulatory settlement[^16]
with the UK Competition and Markets Authority, reflecting concerns that shifting or vague privacy definitions can harm rivals seeking to design systems over time. So, it seems to behove the Working Group at least to be mindful of what these trends are and whether the Charter aligns with them. 51Degrees expects Google to note this issue in their response to the Charter.
Data protection regulation has moved on in recent years towards emphasis on risks from data processing, rather than the existence of processing across sites and contexts. A good example is the UK Information Commissioner’s Office’s November 2021 AdTech Opinion, which expressly states that regulators expect emphasis on identifiable risk rather than hypothetical hazards from data transmission. Indeed, Google successfully argued in Lloyd vs Google that the presence of third-party advertising tracking cookies is not unlawful[^17].
Indeed, W3C’s 2015 document Unsanctioned Tracking[^18] is now out of step with this, as it simply asserts some concerning hazards, rather than modelling risk. In its crucial definition of harm at section (3), the document chiefly relies on a relatively vague and unquantified hazard (“undermine user trust”) without information on the context of when this concern does, and does not, arise.
The 2015 document does give one very striking example: the revelation of pregnancy via the display of adverts, which would seem to be a core privacy concern. However, it does not engage with a *risk-based* approach to this hazard. Such an approach might consider more tailored responses, such as specifically banning health-related categorization. This would address areas of priority concern and allow a focus on them. It would also have the notable benefit of allowing other data to continue to flow, in cases where risk is low or even zero. By contrast, many recent proposals (e.g., First Party Sets[^19])
seem minded to apply the thinking from before this change in regulation and to implement this through restrictions in the technical standards layer.
It is unwise to build an obsolescent approach to these risks into the Working Group Charter as this would cut across the work undertaken by regulators to help prioritise high risk concerns, while allowing the benefits of non-harmful processing to continue. There is scope for the Working Group to help move forward the debate from the 2015 document, and the Charter should take an open-minded approach to the question.
*The role of privacy-by-design safeguards*
Privacy-by-design safeguards seem to be understated in the current scope definitions. A large part of the debate seems likely to concern how to design technical systems to ensure that privacy concerns do not arise, and the role of privacy-by-design measures to this end (as opposed to simply decreasing data flows) seems helpful to add. In the construction of the Charter draft participants were unwilling to recognise the role of non-engineering professions such as economists and lawyers in privacy-by-design solutions. This is a major concern to 51Degrees who do not believe optimum solutions to complex problems are found in only one profession. The Charter would fully embrace privacy-by-design by replacing the word “Technology” in the title with
“Solutions” and removing the words “primarily non-technical” from the text.
*Privacy Principles*
51Degrees object to the direction of the work underway by TAG to create a Privacy Principles note[^20]. These objections are articulated by MOW[^21] and are yet to be assessed by TAG or PING. As such a resolution to this concern that 51Degrees would find acceptable cannot be found in the Privacy Principles as currently drafted or under the direction of the current editor.
Issue 22.2-12: Potential commercial sensitivity of some proposed focal areas.
The section of the proposed Charter on Private Attribution Measurement raises some concerns about commercial sensitivity in technical design decisions:
- **Conversion data definition:** There is a starting assumption that user-level conversion data should not be gathered: “This specification defines how to privately measure advertisement attribution/conversion rates without revealing whether any individual user converts or does not.” This example helpfully illustrates again that some cross-context and cross-organizational data sharing (e.g., in this case attribution matching of user interactions with a marketer’s property to prior exposure to content on media owner properties) is both expected and beneficial. The Charter needs to clarify exactly why specific organizations should collect and process such data for business advertising purposes, and how the risk they pose to individuals is or can be appropriately mitigated such that other organizations and new entrants can follow suit without unreasonable barriers to entry.
- Without clarifying such rationales, this type of specification may restrict competition or unfairly discriminate against organizations that operate business-to-business (B2B) advertising solutions, but do not also manufacture business-to-consumer OS or web application software. As there may be no privacy concern (e.g., Random ID 123 bought shoes after seeing Ad ABC), it is unclear why this is ruled out of scope for only organizations that do not manufacture such software at the technical design stage.
- As another example, if “first party” were to be used as a criterion for a privacy boundary this would effectively favour larger incumbent content authors and media owners at the expense of smaller rivals whose niche content might appeal to otherwise underserved minority interests. Thus any specification that favours those organizations who already have larger audiences, would be using a technical standard to effectively distort the market away from sites that could otherwise provide the most user-centric ad-funded content and services.
- **The list of normative specifications:** Many of the specifications listed are the subject of competition between providers. Each of the three stages concerned raises commercial sensitivities, because different companies are affected by them differently:
- **Pre-campaign planning** including critical points on audience definition, context to engage the “right” audience, time of day, day of week by geo-region**;**
- **Intra-campaign optimization** including critical points on budget allocation, price, and messaging adjustment;
- **Post-campaign reporting and attribution** including critical points on feeding decision making to reduce waste in media spend that drives higher revenues for media owners**;**
In all three cases, there is scope for technical standards to cut across commercial business-to-business decision making. The risk is greatest if they were used by large browser vendors to prevent competing B2B data flows and processing which do not themselves raise consumer concerns. So while 51Degrees admires the desire to focus down on technical matters, any standard must ensure it does not restrict competition by focusing on which type of organizations engages in business-to-business processing of non-sensitive or low risk input data.
W3C’s existing Antitrust and Competition Guidance[^22] requires that:
“**W3C does not** play any role in the competitive decisions of W3C participants nor **in any way restrict competition**…. [P]articipants should not discuss product pricing, methods or channels of product distribution, division of markets, allocation of customers, or any other topic that should not be discussed among competitors.” (emphasis added)
An open standard allowing data flows among business-to-business processing required by the digital properties people choose to visit would support competition and hence not violate this W3C antitrust proscription. However, many of the proposed Attribution Measurement proposals seem to restrict which types of organizations are allowed to provide such business-to-business ad solutions, this could amount to transgressing the W3C’s antitrust policy, for example if defining certain audience-related capabilities effectively “allocate[s]
customers” (or at least demand) into particular vendors or amounts to a division of markets away from other rival solutions. “Methods or channels of product distribution” also seem to be implicated, because the definitions seem likely to affect how, by whom, and to whom advertising services are sold and provided hence “restrict[ing] competition.”
A worst-case scenario is that modelling how well proposals work directly implicates price and performance of products, which is an area where companies are required to compete and accordingly a topic which representatives should not discuss.
To the extent that standards framers from affected organisations necessarily must discuss commercially sensitive design decisions, care is needed to employ the antitrust guidelines. It will also be helpful to consider how restrictions on competition resulting from the application of standards, such as restrictions to data flows, could be addressed.
A typical means to do so is to apply a Fair Reasonable and Non-Discriminatory
(FRAND) licensing policy to any data flows that are brought under control by the standard. In this case, that would mean specifying what the relevant privacy safeguards are and applying the same criteria in a non-discriminatory manner so that other compliant businesses can serve a wide range of use cases. In many cases, closing off access to legally compliant data flows can impede valid use cases, and the requirement to define relevant safeguards for broad application would be a practical means to avoid undue limitations. Participants in the group need to agree to such licensing terms as a condition of membership.
Even if one were to believe that consumers should control the business-to-business advertising decisions that marketers make when choosing to subsidize specific publishers, then it would make more sense to enable consumers to choose which advertising vendors they wish to operate advertising solutions for the sites they visit, rather than have this choice removed by bundling business-to-business ad systems into the web browser they select to access various publisher’s digital content and services.
**It would be helpful to have some remarks on how this might be done in the Charter** given the sensitivity of a number of the listed topics**.**
**Possible practical safeguards: Clean teams and conflict of interest protocols**
A practical approach to these risks would be to adopt so-called “clean teams” from organisations affected, who could not see the impact of the standard on their business so as to have clean hands when coming to discussion. This could be done by pseudonymising data input and creating firewalls.
Indeed, participants are *already* required for at least one member (Google) under the UK CMA Privacy Sandbox Commitments[^23] (See especially Paragraph 30, requiring non-discriminatory design and implementation decisions). A “trust but verify” approach would require clean team safeguards to avoid risks of this taking place, given the significant potential conflict of interest.
As things stand, however, no such safeguards are in place, which seems unnecessarily to engage risk to the W3C and participants in such activity that would restrict competition in violation of the antitrust provisions incorporated into the Working Group Charter (section 10).
Issue 22.2-13: Scope of success criteria.
51Degrees agrees that it is important to consider what success looks like at the start of a project to compare the relative merits of alternate proposals. However, there are significant concerns that the current definition is incomplete:
Each normative specification should contain separate sections detailing all known **security and privacy implications** for implementers, Web authors, and end users.
There can be no doubt that these are correct criteria, but there are others besides security and privacy[^24]. The most secure web system would simply be to abolish the web, because then no data would flow, and there would be no risks to security or privacy. This is clearly, however, against the user interest and W3C mission. There are unspecified success criteria here, and they should be fleshed out. 51Degrees edited success criteria[^25] within the Improving Web Advertising Business Group which provides guidance on how this can be addressed. The proposers should incorporate and update that document as an appendix to the Charter before progressing.
There needs to be focus on other important considerations. The most important relates to how technical standards on advertising have indirect consumer impacts from the way that they can (sometimes inadvertently) alter incentives facing publishers and restrict beneficial access to those serving minority interests. For example, a paywall-led model or a logged-in model of the internet might maximise “security and privacy” but not be in the consumer interest for those who are economically disadvantaged. Issues arise with:
- **The user experience,** e.g., unnecessary pop ups to gain consent for business-to-business processing, where properly providing information to consumers makes informed decisions is challenging, even where data handling risks are low or zero.
- **Content creation** where this is supported by technologies that are not the *most* secure, but do not pose any meaningful security risk on an evidenced basis (e.g., a blog using an affiliate marketing system that relies on sponsorship payments).
- **Incentives towards paywalls** if free content is diminished. Given the likely discrimination against the economically disadvantaged, the user interest would be to ensure continued access of “free” ad-funded content, whereby the marketer subsidizes the consumer’s access, rather than restricting data flows, provided that safeguards are applied.
- **By requiring people to log in** to receive services when they would not otherwise need to does not advances people’s privacy online and is not considered privacy-by-design.
It is positive that “There should be testing plans for each specification, starting from the earliest drafts,” which addresses concerns about earlier unilateral proposals not showing a clear testing paper trail nor a balance of interests including the indirect interests of individuals alone or society, which represents groups of individuals. This is immensely welcome and helps to implement part of Google’s Commitments to the UK CMA (para 17© on testing).
However, for this testing to be meaningful, it will need to define things to test against, beyond just privacy of security, or, by definition, the sole focus on those prioritised variables (however defined) must logically predominate. The Charter authors need to include impacts on publishers and the consumer interest more broadly construed, to avoid testing from becoming too narrow and thus departing from the interest of users, including groups of users and indirect impacts on users. This reflects the fact that the user interest is not only in privacy and security maximisation, but in content creation and ad-funded access as well. Without sufficient competition among the business-to-business processing associated with ad-funded access, then content producers and media owners might pay more than what the competitive market rate would normally be, thus diminishing investments in consumer-facing innovations, content and services they ordinarily would have provided but-for the less.
The text of the charter needs to be modified to include an outline test plan and show clearly how a proposal will be tested from the perspective of competition and market impact. There will be no point conducting engineering tests of a proposal if it fails to pass a test of compliance with competition law.
Issue 22.2-14: Due process and potential conflicts of interests
51Degrees notes that the Charter proposes to follow the W3C Process Document[^26], with attention drawn specifically to Section 5, Decisions[^27]. 51Degrees agrees with and supports the desire for consensus expressed in Section 5.2,in particular.
However, there are concerns that the sensitivity of the commercial impact of the standards, as well as a number of fundamental points of debate about the role of data handling, mean that consensus building may prove unusually challenging here. For example, one prominent W3C member, Google, expresses a strong view that the “aim” of its Privacy Sandbox proposals is to support key ads use cases without cross-site tracking.” (Google’s Q2 2022 Update Report[^28] to the CMA, p.11, 25 July 2022). This engages fundamental debate of the sort outlined at (I), and it seems likely that disagreement will occur over commercially sensitive matters such as the scope to handle data between sites and contexts in cases where risks are low. Another participant in the envisaged Working Group, endorsed by a proposed chair, has expressed a view that consensus will be used to address some of the issues raised in this FO[^29].
The Charter envisages a majority vote to resolve such an issue:
“if a decision is necessary for timely progress and consensus is not achieved after careful consideration of the range of views presented, the Chairs may call for a Working Group vote and record a decision along with any formal objections…
A call for consensus (CfC) will be issued for all resolutions (for example, via GitHub issue or web-based survey), with a response period from one week to 10
working days.”
This is a good starting point for addressing the need to balance debate and consensus building. However, it contains a number of weaknesses:
- **Risk of dominance by a few companies:** A majority can easily be constituted by well-represented members, regardless of the quality of the substance of the objection; even the most principled objection from a smaller company could be ignored on numbers rather than on the merits;
- **Delay**: In a case where the majority voting envisages results in overruling a valid substantive concern, there is a risk of a Formal Objection, because the Section 5.2.1 definition of Consensus in the W3C Process Document states that consensus is *not* achieved if anybody “in the set registers a Formal Objection.”
Both the Charter and the W3C Process Document contemplate circumstances where it is possible to proceed without Consent:
The [Chair](https://www.w3.org/2021/Process-20211102/#GeneralChairs) *may* record a decision where there is [dissent](https://www.w3.org/2021/Process-20211102/#def-Dissent) (i.e., there is at least one [Formal Objection](https://www.w3.org/2021/Process-20211102/#FormalObjection)) so that the group can make progress (for example, to produce a deliverable in a timely manner). Dissenters cannot stop a group’s work simply by saying that they cannot live with a decision. When the Chair believes that the Group has duly considered the legitimate concerns of dissenters as far as is possible and reasonable, the group *should* move on.
(5.2.2, Managing Dissent)
However, the Formal Objection would remain and has to be identified before Advisory Committee review (5.6, Recording and Reporting Formal Objections). This creates uncertainty and the potential for unnecessary delay during resolution.
The most concerning case would be that of a direct conflict of commercial interest, such as a proposal that alters data flows to the commercial benefit of a member. That would seem to be a serious concern, and rather than having a hostage to fortune in the Advisory Committee review, it would seem preferable to address possible conflicts of interest in the Working Group charter.
Indeed, this is envisaged by the W3C Process Document:
As part of making a decision where there is dissent, the Chair is expected to be aware of which participants work for the same (or related) Member organizations and weigh their input accordingly.
(5.2.2)
Applying that principle here would require commensurately low weighting to companies affected by commercial decision making. A practical approach would be to give more weight to purchasers of the technologies, such as content producers, and less to companies with a “dog in the race”. User interests could also be employed, provided that user evidence is collected carefully to account for the difficulty in users understanding some of the technological aspects associated with business processing purposes (e.g., surveys would need to explain privacy-by-design safeguards, unlike many existing surveys). The Charter needs to ensure explicitly that content creator, media owner and publisher interests are given greater weight than the interests of user agent implementors. The debate prior to the submission of the proposed Charter agreed such input should come from a Community Group[^30] but this approach has not been included in the Charter text. The use of a Community Group to gain wider input on decision making must be enshrined in the Charter text.
We note that the long-standing Priority of Constituencies[^31] referenced from the Private Advertising Community Group Charter[^32] is notably absent from this Charter of this Working Group of the same name.
However, what is likely not to work well is for technical specifications to be proposed by those who benefit from other companies receiving less data. Indeed, this would seem likely to contravene the UK CMA Commitments, at least in Google’s case, and could result in protracted uncertainties surrounding work product as those points are resolved.
To address the point now, the Charter could helpfully discuss how it proposes to address conflicts of interest, e.g.:
- By using clean teams within organisations (see above);
- By adopting different voting majority rules (majority of companies rather than voting members); and/or
- By altering voting constituencies (e.g., to account for a wider range of technology users, rather than web browser vendors).
In summary the process for establishing consensus and decision making that is used widely across the W3C is not appropriate for this Charter given the significance of the decisions and work of the group to competition. This has previously been raised with the Advisory Board[^33] and is likely to form the first order of business for the newly appointed Board of Directors.
**U.S. Department of Justice guidance on how to address due process concerns in standard setting bodies**
There is helpful guidance on this point from the U.S. Department of Justice:
“Standards development organizations (SDOs) use a variety of safeguards to achieve the benefits of standardization while minimizing potential antitrust risks. These safeguards include, as articulated in guidance circulated by OMB, taking steps to ensure that the standards-development process is “open to interested parties,” **balanced, and** **consensus based**, and that SDOs’ procedures provide for due process and appeals.”
(Antitrust Division Economics Director of Enforcement Jeffrey Wilder at the IAM and GCR Connect SEP Summit, Sept. 29, 2021)
The focus on the W3C documentation on fostering consensus is helpful, but concerns could arise related to:
1. The contemplated scenarios in the Working Group charter which would depart from consensus (e.g. bare majority voting); and 2. Whether the additional requirement for “balance” is addressed.
The speech refers out to a memorandum on standard setting by the federal government known as Circular No. A-119 Revised (Feb. 10, 1998). This is designed to stop government standards from unduly restricting purchasing choices. Although this is a slightly different context, to the extent that the proposed standards would de facto alter data handling on a widespread basis, affecting many vendor / purchaser / user relationships, the same safeguards carry over.
The suggested safeguards are:
“openness, balance of interest, due process, an appeals process, and consensus defined as general agreement, but not necessarily unanimity and includes a
**process for attempting to resolve objections by interested parties, as long as all comments have been fairly considered, each objector is advised of the disposition of his or her objection(s) and the reasons why, and the consensus body members are given an opportunity to change their votes after reviewing the comments.”**
Circular No. A-119 Revised, at 4.a(1) (emphasis added)
Applying these safeguards, it would be helpful for the Charter to:
- Identify the process to attempt to resolve objections, including:
- Who handles a conflict-of-interest complaint and how this is “fairly considered” including the crucial question of *who* considers the complaint
- Identify a timeline for resolution and an appeals process, and how this relates to the work in progress.
- Identify how reasons for resolution will be shared, including the power to hold the vote again once these reasons are known.
The current proposal to use a simple majority vote on a compressed timeframe (e.g., via online polls of as little as one week) seems very unlikely to meet these requirements. It is unclear how reasons would be articulated and disseminated in time for a meaningful repeat vote after resolution. This seems to be an area in need of some additional specificity to comply with the due process requirements outlined above.
[^1]: <https://movementforanopenweb.com/>
[^2]: For example, appointing an independent monitor to verify that competition issues are not present and advising the chairs and group participants where there are problems, or establishing clean team arrangements for those that participate in the group from dominant companies.
[^3]: For example, amending the W3C antitrust guidelines to align to DoJ and other guidelines and ensuring that they are enforced.
[^4]: See for example, UK CMA note that Google's request for market actors to participate in W3C and other forums, and announcements by its senior staff, have had a likely anti-competitive impact on rivals.
<https://assets.publishing.service.gov.uk/media/60c21e54d3bf7f4bcc0652cd/Notice_of_intention_to_accept_binding_commitments_offered_by_Google_publication.pdf>
| Martin Thomson of Mozilla noting that "After all, if tracking remains viable, then there is far less incentive to adopt the solutions that a group like this might offer" thus acknowledging that in a situation where participants have choice they will not favour the work product of the proposed group.
<https://github.com/patcg/meetings/issues/52#issuecomment-1163823743>
[^5]: <https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/987358/Joint_CMA_ICO_Public_statement_-_final_V2_180521.pdf>
\- “There is no explicit reference to the distinction between first-party and third-party data in data protection law.”
[^6]: <https://lists.w3.org/Archives/Public/public-patcg/2022Jun/0074.html>
[^7]: <https://www.w3.org/Consortium/Legal/2017/antitrust-guidance>
[^8]: Mozilla do not believe privacy-by-design and lawful proposals to improve privacy are legitimate unless they are controlled by web browsers and implemented entirely by the profession of engineering. See analysis of SWAN and UID2 which contains a number of factual errors advised to Mozilla -
<https://blog.mozilla.org/mozilla/swan-uid2-privacy/>. Mozilla representatives have sought to restrict the Charter in its development. At least one of the proposed chairs of the group has publicly expressed positions that are concerning to other participants. See the following Tweet in relation to a B2B business called TransUnion
<https://twitter.com/Chronotope/status/1564246061773950979?s=20&t=-ecWJdXh5TyvaiyTm_LO6Q>, or the following analysis of another advertising proposal
<http://aramzs.github.io/web-standards/2022/08/04/topics-api-review.html>. The employer of one of the proposed chairs is active in the publishing and advertising sectors
<https://washingtonmonthly.com/2022/06/20/jeff-bezoss-next-monopoly-the-press/>.
[^9]: <https://www.w3.org/Consortium/Legal/2017/antitrust-guidance>
[^10]: <https://www.w3.org/2022/06/pressrelease-w3c-le.html.en>
[^11]: Composite Capabilities/Preference Profiles: Terminology and Abbreviations, W3C Working Draft (21 July 2000), <https://www.w3.org/TR/CCPP-ta>. *See also* The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Recommendation 16 April 2002, which was used for 16 years before replacement on obsoleted on the basis of limited adoption, but not on any limitations as to privacy definitions, on 30 August 2018), where in Scenario 3 describing a website vendor’s cookies used in providing frequency capping that “do not reveal information about any individual users.“ -
<https://www.w3.org/TR/P3P>.
[^12]: *See* GDPR, Art 4: “personal data’ means any information relating to an
**identified or identifiable natural person (‘data subject’)**….” versus
“‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a **specific data subject** without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are **not attributed to an identified or identifiable natural person**.” CPRA, 1798.140(v)(1) “Personal information” means information that identifies, relates to, describes, is *reasonably* capable of being associated with, or could reasonably be linked, directly or indirectly, with a **particular consumer or household**.” (emphasis added)
[^13]: <https://www.gov.uk/cma-cases/mobile-ecosystems-market-study>
[^14]: <https://html.spec.whatwg.org/multipage/origin.html> and
<https://tess.oconnor.cx/2020/10/parties>
[^15]: <https://doodle.com/advertising/>
[^16]: <https://assets.publishing.service.gov.uk/media/62052c6a8fa8f510a204374a/100222_Appendix_1A_Google_s_final_commitments.pdf>
[^17]: <https://www.pinsentmasons.com/out-law/analysis/lloyd-v-google-supreme-court-representative-action>
[^18]: <https://www.w3.org/2001/tag/doc/unsanctioned-tracking/>
[^19]: <https://github.com/WICG/first-party-sets/issues/108>
[^20]: <https://www.w3.org/TR/privacy-principles/>
[^21]: <https://movementforanopenweb.com/mows-in-depth-commentary-on-the-draft-w3c-privacy-principles/>
[^22]: <https://www.w3.org/Consortium/Legal/2017/antitrust-guidance>
[^23]: <https://assets.publishing.service.gov.uk/media/62052c6a8fa8f510a204374a/100222_Appendix_1A_Google_s_final_commitments.pdf>
[^24]: See Ofcom reports
<https://www.ofcom.org.uk/__data/assets/pdf_file/0013/220414/online-nation-2021-report.pdf>
\|https://www.ofcom.org.uk/research-and-data/internet-and-on-demand-research/online-nation/interactive\|https://www.ofcom.org.uk/research-and-data/media-literacy-research/adults/adults-media-use-and-attitudes/interactive-tool
[^25]: <https://github.com/w3c/web-advertising/blob/main/success-criteria.md>
[^26]: [https://www.w3.org/Consortium/Process](https://www.w3.org/Consortium/Process/)
[^27]: [https://www.w3.org/Consortium/Process/\#decisions](https://www.w3.org/Consortium/Process/#decisions)
[^28]: <https://assets.publishing.service.gov.uk/media/62e14c98e90e0766a8081720/_Privacy_Sandbox_Progress_Report_to_the_CMA_2022_Q2_.pdf>
[^29]: [https://github.com/patcg/patwg-charter/issues/31\#issuecomment-1170857845](https://github.com/patcg/patwg-charter/issues/31#issuecomment-1170857845)
[^30]: <https://github.com/patcg/patwg-charter/issues/13>
[^31]: HTML Design Principles, W3C Working Draft (26 November 2007),
<https://web.archive.org/web/20071130082925/https://www.w3.org/TR/html-design-principles>:
“In case of conflict, consider users over **authors over implementors** over specifiers over theoretical purity. In other words costs or difficulties to the user should be given more weight than **costs to authors; which in turn should be given more weight than costs to implementors**; which should be given more weight than costs to authors of the spec itself, which should be given more weight than those proposing changes for theoretical reasons alone. Of course, it is preferred to make things better for multiple constituencies at once.” Recently updated, but signifying the same order of web stakeholders, Web Platform Design Principles, W3C Group Note, (24 August 2022)
[https://www.w3.org/TR/design-principles/\#priority-of-constituencies](https://www.w3.org/TR/design-principles/#priority-of-constituencies):
“User needs come before the needs **of web page authors, which come before the needs of user agent implementors**, which come before the needs of specification writers, which come before theoretical purity.” (emphasis added)
[^32]: <https://patcg.github.io/charter.html>
[^33]: <https://github.com/w3c/AB-memberonly/issues/88>
Work on understanding and hopefully improving privacy on the web in of advertising is of vital importance to the Web, and W3C -placed to provide a venue for such work. However, the is inadequate to justify the creation of a group, so would be harmful. Remediating this piecemeal seems inadequate - a new charter should be proposed for a new _ab initio_ review:
Issue 22.3-1: Lack of identified Chairs
1. (Noted by a W3C Member 2022.1 and Mozilla [1]) Without identified chairs Contact, and with the link to the single proposed deliverable , there is insufficient justification present for a , and insufficient information is provided on which to base a review.
Issue 22.3-2: Insufficient participation
2. Given this group is working deep in one of the Web's bases, it seems **very** likely to produce significant controversy.
- 6 participants from 2 entities is manifestly insufficient as a requirement.
- In order to propose new deliverables, the group should than simply add on whatever seems interesting to the participants.
- Not planning to test the acceptability of its proposed the community, through the Proposed Recommendation phases, is inappropriate in this context. (Related goes further than, Mozilla's comments)
- The default decision policy rests on trust in the chairs, that disagreements will be based on technical arguments range of possible resolutions will be broadly acceptable. It possible or even likely that it will be insufficient to in the decisions of this group (aggravated both by sensitive nature of the work and the fact that in whom we are expected to place our trust are not named).
Issue 22.3-3: Deficiency in how different business models will be managed
3. (As noted by [W3C Member 2022.1 [3] and 51Degrees [2]) The charter deficient in its explanation of how the group will manage between different business models. In particular, it does the difference between organisations who have a vertically integrated silo and those who seek to play role in a wider ecosystem. Given that the former typically has effect on the ability for a multi-stakeholder process that which underpins the entirety of W3C's approach to the Web, something analogous to monopolistic or oligopolistic the effective state of the art, and given that these tensions important in the context of the Web today, the charter more information on how these questions will be approached. other hand, I am not convinced by the argument that the problem deep that a "clean teams" approach is necessary.
Issue 22.3-4: Limitation of appropriate use cases
4. (Noted by [W3C Member 2022.1 [3] and 51Degrees [2]) The charter fails with most of the many cases where appropriate sharing across contexts (whether across sites, between and services, or otherwise) is actually beneficial to . Taking a limiting approach to the problem may make it easier a deliverable, but also seems likely to increase the risk deliverable will not be a consensus product and will not important problems sufficiently well to justify the of W3C and the community.
[1] https://lists.w3.org/Archives/Public/public-new-work/2022Sep/0006.html
[2]
https://lists.w3.org/Archives/Public/public-review-comments/2024Jan/0002.html
[3]
https://lists.w3.org/Archives/Public/public-review-comments/2024Jan/0001.html
This charter has not changed materially since it was first submitted for Advisory Committee review in October 2022. The substance of the Formal Objections (FO) raised during that review by 51Degrees [1], [W3C Member 1] [2], and [W3C member 2] [3] remain applicable and we include the test of those objections in this FO by reference. [1]
Since October 2022 evidence has been disclosed in court.
Meeting between Tim Cook CEO of Apple and Sundar Pichai CEO of Google around 20th December 2018; [2]
- “Sundar also discussed our respective approaches to privacy in the follow on session”
- “Tim’s overall message to Google was ‘I imagine us as being able to be deep deep partners; deeply connected where our services end and yours being as sees no natural impediment to use doing more together. Knows there is a past but doesn’t feel encumbered by it and wants to figure out how we work more deeply together (and share information better – he stressed this a few times).”
- “Our vision is that we work as if we are one company”
Whilst Mozilla was not present at the 20th December 2018 meeting the majority of Mozilla Foundation’s funding comes from Google who were. As such there is a clear financial dependency problem between Mozilla Foundation and Google and it seems likely via this financial dependency Google have some influence over Mozilla. [3]
Within an organization where the three web browser engine vendors operate “as if we are one company” any debate that seeks to design markets, raise rival’s costs, restrict interoperability, or otherwise interfere with markets, must be avoided. As this group intends to engage in such debates, and has done so as a Community Group, the charter should have been ruled out of scope by W3C Team and been rejected prior to an AC review. [4]
Of additional consideration is Meta who along with Apple and Google have now been designated gatekeeper status under the Digital Markets Act (DMA). It is not clear to use how the work of the group can be conducted in a manner that complies with the DMA. [5]
Issue 23.1-1: lacks language concerning requirements for impartiality of chairs and W3C Team members
The charter lacks language concerning requirements for impartiality of chairs and W3C Team members.
[1] https://www.w3.org/2002/09/wbs/33280/PATWG-charter-2022/results
[2] https://www.justice.gov/d9/2023-10/417460.pdf
[3] https://assets.mozilla.net/annualreport/2021/mozilla-fdn-2021-fs-final-1010.pdf
Page 16 - “Mozilla incorporates search engines of its customers as a default status or an optional status available in the Firefox web browser.”
Page 6 – Royalties for 2021 $527 million USD.
[4] https://docs.google.com/document/d/1raFJmEEobFzXj7VPC0GRXKtL_pxfR-5Mi6YJwtHalYg/edit#heading=h.fv36lheauhcb
– restricting implementation to “reputable cloud provider” only is one overt example.
[5] https://digital-markets-act.ec.europa.eu/commission-designates-six-gatekeepers-under-digital-markets-act-2023-09-06_en
[1] https://lists.w3.org/Archives/Public/public-review-comments/2024Jan/0002.html
[2] https://lists.w3.org/Archives/Public/public-review-comments/2024Jan/0001.html
[3] https://lists.w3.org/Archives/Public/public-review-comments/2024Jan/0003.html
This charter has not changed materially since it was first submitted for Advisory Committee review in October 2022. The substance of the Formal Objections (FO) raised during that review by 51Degrees [1], [W3C Member 1] [2], and [W3C member 2] [3] remain applicable and we include the test of those objections in this FO by reference. [1]
Since October 2022 evidence has been disclosed in court.
- Meeting between Tim Cook CEO of Apple and Sundar Pichai CEO of Google around 20th December 2018; [2]
o "Sundar also discussed our respective approaches to privacy in the follow on session"
o "Tim's overall message to Google was 'I imagine us as being able to be deep deep partners; deeply connected where our services end and yours being as sees no natural impediment to use doing more together. Knows there is a past but doesn't feel encumbered by it and wants to figure out how we work more deeply together (and share information better - he stressed this a few times)."
o "Our vision is that we work as if we are one company"
Whilst Mozilla was not present at the 20th December 2018 meeting the majority of Mozilla Foundation's funding comes from Google who were. As such there is a clear financial dependency problem between Mozilla Foundation and Google and it seems likely via this financial dependency Google have some influence over Mozilla. [3]
Within an organization where the three web browser engine vendors operate "as if we are one company" any debate that seeks to design markets, raise rival's costs, restrict interoperability, or otherwise interfere with markets, must be avoided. As this group intends to engage in such debates, and has done so as a Community Group, the charter should have been ruled out of scope by W3C Team and been rejected prior to an AC review. [4]
Of additional consideration is Meta who along with Apple and Google have now been designated gatekeeper status under the Digital Markets Act (DMA).
It is not clear to use how the work of the group can be conducted in a manner that complies with the DMA. [5]
The charter lacks language concerning requirements for impartiality of chairs and W3C Team members.
Issue 23.2-1: W3C's antitrust enforcement and policy is insufficient
In any case the W3C's antitrust enforcement and policy is insufficient to host the debates and standards work contemplated. Please see Linux Foundation and IAB Tech Lab for examples of antitrust policies from comparable organizations which reenforce the presentation prepared for W3C Improving Web Advertising Business Group by MOW and provided in September 2023. [6]
[1] https://www.w3.org/2002/09/wbs/33280/PATWG-charter-2022/results
[2] https://www.justice.gov/d9/2023-10/417460.pdf
[3] https://assets.mozilla.net/annualreport/2021/mozilla-fdn-2021-fs-final-1010.pdf
Page 16 - "Mozilla incorporates search engines of its customers as a default status or an optional status available in the Firefox web browser."
Page 6 - Royalties for 2021 $527 million USD.
[4] https://docs.google.com/document/d/1raFJmEEobFzXj7VPC0GRXKtL_pxfR-5Mi6YJwtHalYg/edit#heading=h.fv36lheauhcb
- restricting implementation to "reputable cloud provider" only is one overt example.
[5] https://digital-markets-act.ec.europa.eu/commission-designates-six-gatekeepers-under-digital-markets-act-2023-09-06_en
[6] https://www.linuxfoundation.org/legal/antitrust-policy |
https://iabtechlab.com/wp-content/uploads/2018/02/IAB-Tech-Lab-Antitrust-Compliance-Policy.pdf
|
https://movementforanopenweb.com/mow-and-preiskel-co-present-to-the-w3c-on-competition-law-in-standards-making/
We, specifically Ralph, met with the objectors in December and again in January to better understand their perspective. In March W3C adopted a more detailed antitrust and competition policy that includes a reporting procedure. We subsequently checked with the objectors whether that more detailed policy addressed their concerns. The Team understands that the objectors have also raised questions about the 2024 policy and that it does not fully address their concerns in these formal objections. From those meetings the Team is aware that the objectors are concerned that the deliverables of this Working Group will reduce the ability to deploy competitive alternatives that markets and regulators would find acceptable.
(ecosystem) The Charter is silent on which risk mitigation methods are in scope to address concerns (22.1-1)
(ecosystem) The Charter is silent on how appropriate cross-context or cross-site business processing can be conducted (22.1-2)
(ecosystem) The Charter is silent on how trade offs in utility will be applied relative to reductions in risk (22.1-3)
(ecosystem) The Charter should ensure risk mitigation is proportional to the concern of processing Personal Information (22.1-4)
(ecosystem) The Charter should afford the same risk mitigation measures to users equally to all software manufacturers, regardless of whether a consumer-software manufacturer or business-software manufacturer provides the advertising solution (22.1-5)
(legal) Ensure the Charter does not inappropriately limit discussion to channels of distribution or divisions of markets that would violate the W3C Antitrust and Competition Guidance. [...] The Charter [...] seems to limit all processing of personal information to being conducted inside user agents. (22.1-6)
(process) Due Process (22.2-0)
(ecosystem) Starting assumptions about cross-site and cross-context data handling in relation to privacy. (22.2-1 and 22.2-11)
The Working Group is expected to follow the assumptions listed in the Privacy Principles document, as well the Ethical Web Principles (the user agent is not the first party). The terminology used in Privacy Principles informs the discussion and does not constrain discussion of data handling practices that may raise concern.
(legal) Potential commercial sensitivity of some proposed focal areas. (22.2-2 and 22.2-12)
Working Group participants must follow the antitrust and competition policy and the policy documents how to handle appearances of violation.
(ecosystem) Scope of success criteria. (22.2-3 and 22.2-13)
(legal) Due process and potential conflicts of interests (22.2-4 and 22.2-14)
(process) Lack of identified Chairs (22.3-1)
The 2023 charter review did identify Chairs.
(process) Insufficient participation (22.3-2)
The participation information provided by W3C members during the charter review is purely informative and non-binding. The 2023 review indicated that 14 organizations would potentially participate in the Working Group. Given the level of participation within the community group, the W3C Team does expect a higher level of participation.
(ecosystem) Deficiency in how different business models will be managed (22.3-3)
(ecosystem) Limitation of appropriate use cases (22.3-4): The charter fails with most of the many cases where appropriate sharing across contexts is actually beneficial to
(process and legal) Lacks language concerning requirements for impartiality of chairs and W3C Team members (23.1-1)
(legal) W3C's antitrust enforcement and policy is insufficient (23.2-1)
While we don’t believe that it’s possible to resolve the formal objections by consensus, the Working Group should consider:
The CEO should get delegation to address A5, A8, A10, A15, and A16:
The Team does not believe that additional actions are needed to address A6, A11, A12, A13, A14. The Team does not feel that changes to the charter are essential at this point.
The Team recommends the formal objections to be delegated to the W3C CEO.