Breaking down the false binary between competition and privacy, and ensuring closer collaboration between regulators and tech companies will be crucial for success in developing adtech privacy measures, a senior Mozilla official has said.
“For meaningful change to take place, regulation and technology will really have to go hand-in-hand in order to make sure that the best possible outcome is achieved”, Udbhav Tiwari, senior manager of global public policy at Mozilla, told EURACTIV.
In one of the more high-profile examples of this kind of interaction, the UK’s Competition and Markets Authority (CMA) earlier this year accepted commitments from Google in relation to its plan to phase out third-party cookies from Chrome by 2022.
The tech giant has pitched a set of ‘Privacy Sandbox’ proposals as what it says will be an alternative way of running targeted ads, without relying on direct access to users’ personal data.
Last year, the CMA began investigating the competition implications of the proposals, accepting the company’s final commitments for improvement this February. As part of the agreement, the CMA will oversee the implementation of the changes, which are to be globally applicable.
Mozilla, which removed third-party cookies from its Firefox browser in 2019, has welcomed these proposals from Google in general, as well as the CMA’s involvement in overseeing them, but has warned against the perpetuation of a dichotomy between privacy and competition concerns.
“Especially in the adtech space, there is a false binary that’s being created around competition and privacy”, Tiwari said, pointing to the fact that most countries have separate regulators, the major exception being the US’ Federal Trade Commission (FTC).
In order for adtech solutions to be better developed and implemented, he said, this false dichotomy and the tension that has arisen between competition and privacy “really requires regulators to go much more with each other.”
There have already been some efforts to this end. In the UK for instance, although the key regulators in this area – the CMA and the Information Commissioner’s Office – are separate entities, a new body established in 2021, the Digital Regulation Cooperation Forum (DRCF), gathered these two agencies along with the Financial Conduct Authority into one grouping to facilitate collaborative work and discussion on issues of digital regulation.
Breaking out of existing siloes is not just a relevant lesson in the regulatory world, Tiwari added, but is similarly applicable to industry players themselves.
Speaking on a panel at the 2022 Computers, Privacy and Data Protection conference held this week in Brussels, he noted that the development of such privacy measures often occurs within companies and, as a result, lacks transparency and collaboration.
These proposals can begin within companies, he told EURACTIV, “but they really need to be developed in open standards bodies”, not only so that tech actors are able to validate the presumptions on which their based and ensure that they achieve their intended outcomes, but “essentially to make sure that they’re a part of the web rather than a proprietary solution that is developed within a technology company.”
“These standards bodies are the best place for new ideas for the web to develop”, he said, “because they allow participation from a diverse range of stakeholders. They have some fairly rigorous oversight mechanisms within the committees that operate everything from the format in which the standard is drafted to how it’s tested.”
“The benefit is that if something is created via that process, it allows the rest of the ecosystem rather than the entity that is just proposing the standard to have a valid say in how it should be developed”, he added.
Standards, however, can only go so far in addressing issues such as privacy, he said, citing provisions in the recently approved Digital Services Act that ban the use of sensitive data in ads and the targeting of ads at minors as examples of regulation filling in areas not covered by industry standards.
Overall, Tiwari concluded, much greater collaboration between tech companies and regulators will be required moving forwards when it comes to devising successful responses to these kinds of questions.
“There are some things that technology can actually fix because it can go faster and will actually prevent the harm from occurring. But that doesn’t mean that you completely rely on technology and ignore the regulation”, he said. “There are lots of harms and lots of practices that, really, regulation is in a position to be able to fix because it’s not within technology’s mandate.”
[Edited by Nathalie Weatherald]
