Later this week, European governments will deliberate over proposals to reduce the level of privacy protection in the new ePrivacy Regulation. To aid to their deliberations, Alan Toner, a Policy Expert at Brave, has today written to representatives of each government to present Brave’s view of the practical reasons why there should be strong privacy protections in the new Regulation.
Brave’s letter, sent this morning, summarizes why a prohibition on cookie walls is necessary. It also supports the “privacy by default” requirement for web browsers and operating systems. Both have been removed by the Council of Ministers, but Brave argues that there are good economic and practical reasons why the Council should restore them.
We trust that governments across Europe understand the need for strong privacy protections in the ePrivacy Regulation to protect fundamental rights, and to spur innovation.
Re Industry support for privacy protection in an ePrivacy Regulation
Dear Colleague,
I represent Brave, a private web browser with offices in Europe and the United States. Our CEO, Brendan Eich, is the inventor of JavaScript, and co-founded Mozilla/Firefox. Our employees work on machine learning, blockchain, and private online advertising technology. Brave works with publishers across the globe.
The ePrivacy Regulation is necessary to build a foundation of trust for the digital market. However, we are concerned about two elements of the current draft.
1. We oppose “cookie walls” (Recitals 20 and 21, which accompany Article 8).
Advertising is fundamental to financing the web, but it must respect users’ rights and expectations. As technologists, we know that the rights to privacy and data protection enshrined in the European Charter are compatible with innovation. Many companies, including Brave, have developed advertising systems that support publishers with no privacy sacrifice. A robust ePrivacy Regulation will spur further innovation, whereas cookie walls would stifle it.
But as currently drafted, the text will permit “cookie walls” that make pervasive tracking a condition of access to a website. EU data protection authorities have good reason to regard such cookie walls as unlawful.
Cookie walls would not serve the economic interests of publishers, as the latest research makes clear. Recitals 20 and 21 allow cookie walls that facilitate “real-time bidding” behavioural advertising. But this system is economically inefficient, rife with fraud, provides the business model of disinformation, and is responsible for the largest data breach ever recorded.
Google and IAB Europe, which control the “real-time bidding” ad industry, are both under investigation by their lead authorities under the GDPR for precisely the same practices that would be facilitated by cookie walls. Indeed, these practices very recently made front page news in The Financial Times.
Competition authorities in several Member States are examining the problems of the online advertising and media market caused by these same practices.
2. We believe that Article 10 should be reinstated to protect privacy by default.
Public trust in how data is handled has been damaged by scandals such as Cambridge Analytica. The ePrivacy Regulation should contribute to rebuilding that trust rather than perpetuating the business practices which undermine it.
Users should be able to trust their software not to disclose personal data without consent. Research shows that users rarely modify their settings, which is why the choice of defaults is fundamental.
We urge the Working Group to take this into account in its deliberations. I am happy to brief you further on these issues.
Yours sincerely,
Alan Toner
Policy Expert
Brave
cc
Roberto Viola, Director General, DG Connect
Birgit Sippel, MEP