A Proposal for Enhanced Accountability

By Jordan Mitchell

As consumers today, we live in a digital media universe built upon open standards. Open standards, and indeed the open architecture of the internet, fueled tremendous innovation over the last 20+ years, resulting in the digital services and conveniences we appreciate regularly. However, open standards can also mean open data sharing — causing concerns around consumer privacy, data sharing, and security. We believe the best way to address these concerns, while retaining the value of open standards, is to work towards enhanced accountability to consumer privacy across our industry.

A single standard HTTP request  — of which there may be hundreds within even a single pageview from a premium publisher — contains your IP address, information about the website and the page you’re on, what kind of browser and computer you’re using, and any number of cookies. Whether there is advertising involved or not, one simply cannot interact with a website or app without personal data being logged and passed to tens or even hundreds of companies — who are not technically restricted from transferring that data to other companies. One cannot connect to a WiFi hotspot without their online behavior passing through equipment owned by a company. This has led to an erosion of trust that threatens the growth of our industry, growth of the web as a public benefit, and a vibrant, inclusive, open, global and healthy internet. We must now all work together to build for consumers a strong foundation of trust, privacy, and security on the open web for the next 20+ years.

In our last blog post, we described how the internet, privacy, and tracking evolved based on these open standards, and called for collaboration across industries to rethink the HTTP cookie as the only technical mechanism available for storing (and respecting) consumer privacy settings. We proposed working together on a technology-based solution that binds consumer privacy controls to some sort of standardized identifier that is controlled by and travels with the user, which may be broadly propagated and respected. We also proposed as a condition for any company to participate (and benefit) from this solution that they must consistently demonstrate compliance to the privacy preferences attached — directly and necessarily coupling the economic privilege of advertising and media personalization to the responsibility of consumer privacy. A bedrock of improved consumer privacy and security starts with system-level accountability and compliance.

That’s why today we’re releasing our Proposal for Enhanced Accountability which, among other things, outlines three ideas from our industry for building consumer privacy into the fabric of our ecosystem, and ascertaining real-time, privacy-compliant use of consumer identifiers:

  1. An encrypted, revocable token, tied to a…
  2. joint accountability system, with a…
  3. controlled container for ad delivery.

An Encrypted, Revocable Token

Data is not personal or private unless it can be attributed to some sort of unique identifier. We propose identifiers — ideally a standardized identifier bound to consumer privacy preferences —  utilize public/private key encryption to regulate access to only those parties operating in strict compliance with consumer preferences. The idea is that without access to the token, companies would not have access to any consumer identifier and would therefore be unable to collect, process, track, share, sell or buy personal data, nor be in a position to provide basic analytics, measurement, attribution, etc.

Joint Accountability System

For audit and compliance purposes, we’re proposing to support enhanced accountability at the technology/system level. Similar to income tax reporting and accountability systems in place globally, which rely on multiple sources of reporting and a centralized audit system, we propose that companies provide a centralized audit system a sample of their logs from all activities involving their encrypted token and/or any personal data, as a condition of access to the encrypted token. Every transaction within the programmatic ecosystem already leaves a trail; let’s use it to demonstrate ongoing industry compliance! With consumer preference signals necessarily coupled, this allows a centralized system to analyze activities over multiple parties to quickly surface inconsistencies that may indicate malicious or erroneous non-compliant activity, supplementing our industry’s existing self-regulatory programs.

An added benefit of such a system would be centralized consumer transparency to all the companies that are transacting and/or operating with their data, and what exactly they’re doing. This enables consumers to make privacy requests, and for the industry to meet those requests more easily, quickly, and accurately.

Controlled Container for Ad Delivery

Lastly, in recognition that the open nature of JavaScript and HTTP can result in “uninvited behavior”, we propose the introduction of a standardized, controlled container for ad delivery to tightly control the execution of client-side code. The intentions are to limit security, performance and tracking concerns, particularly the unbridled use of third-party JavaScript on a given page.

Scope and Purpose of the Proposal

We believe that consumers should feel safe, confident, and empowered when it comes to their personal data and privacy choices, and that their choices should be reliably and uniformly respected by companies within our industry. Some consumers will want strict assurances that there is no collection, processing, tracking, sharing, selling, or buying of their personal data, while others will willingly accept trade-offs within the trusted context of their direct interactions with publishers or brands.

We are not proposing specific technical designs or policy at this point for either a standardized identifier, privacy preferences, enhanced accountability mechanisms, or governance and enforcement. Rather, our proposal is meant to convey our ideas and a good faith willingness to collaborate further with the browser and privacy community. Indeed, we must be agnostic to evolving law and policy across different regions and localities, the technical mechanisms available for identifiers, the specific privacy preferences afforded or required by law, etc.

Next Steps

Before a full technical design may be considered, we think it’s critical to enumerate the various use cases to be supported. We will engage in a process to outline potential consumer privacy use cases … in other words, which privacy preferences may be offered by and/or reasonably required of our industry, and what compliant vs. non-compliant means in the context of those use cases. Additionally we will outline all the ways in which our industry processes, transacts and/or operationalizes consumer identifiers and data today.

Armed with those two deliverables, we intend to consider how each of the consumer privacy use cases can be reliably met within our industry through the advancement of technical standards and joint accountability systems that ascertain compliance and surface non-compliance.

Call for Participation

We were fortunate to have broad industry support for the development of the Proposal for Enhanced Accountability, and we have more important work ahead of us. We invite all Tech Lab members to participate in the above next steps within a working group setting. Additionally, we intend to set up meetings with other important stakeholder groups who are not Tech Lab members.

Through the combined perspective and collaboration among premium publishers, brands, third-party platforms, browser/OS platforms, academics, and privacy engineers, we can achieve a strong foundation of consumer trust, privacy and security; continued growth of the Web as a public benefit; and a vibrant, inclusive, open, global and healthy internet.