What cookies are and how they are used. (JohnAthan316, 2019)
INTRODUCTION
The movie Minority Report (2002) tells a story about a crime detection system launched in the future society. The system judges a person’s criminal attempt through data analysis, and police will arrest those who may commit a crime in advance to reduce the crime rate. All data and information are open and transparent under the precrime system. However, there are loopholes in the system. The systems sometimes come up with different analysis results, and different results will lead to different conclusions, which can be artificially changed or designed. These results have greatly affected the order of human society.
The movies visualize the human imagination of the future of data analysis. Moreover, the directors leave a question to the audiences: do we need a completely shrouded future controlled by data? What is the relationship between the precrime system’s collection of information and data analysis and the personal privacy, data protection, and data dissemination faced by our modern society? With those questions in mind, this blog will focus on the problems of data protection and data portability. And take Google’s newly invented product Android privacy sandbox system, as an example to discuss the importance of data protection, the efforts of data protection technology, and the future development of data protection.
Google Privacy Sandbox: Goodbye Schedule for third-party cookies. (Nani, 2021)
WHAT IS GOOGLE ANDROID PRIVACY SANDBOX?
In order to further strengthen data protection and meet users’ requirements for personal data privacy, Google announced the development and future launch of a new Android privacy sandbox in February 2022. Which aims to introduce an updated, more private advertising solution to limit the sharing of user information with third-party institutions. (“How We’re Protecting Your Mobile Privacy,” 2022)
“Sandbox” means a protected environment. (Forcepoint, n.d.) Google’s privacy sandbox is not a newly launched concept. The Google team started the research and development of the system in 2019. Justin Schuh, the engineering director of chrome, posted an article on Google Blog announcing the emergence of Google’s privacy sandbox program, which aims to develop a set of open standards to enhance online privacy fundamentally.
It is worth noting that the Google sandbox and Google privacy sandbox are two different systems. Google sandbox is more like a filter to detect the credibility of the website and filter spammers to the greatest extent to prevent malicious websites or links in a short time.
Google’s privacy sandbox is more akin to a new ad push model. The goal is to use FloC (Federal Learning of Cohorts) to create a safe space for users when they login to their mailbox or use Chrome to browse the website. Wherever these private data were saved, the system can still recognize and remember users’ preferences and privatize the way data is shared on the Internet to prevent third-party cookies from abusing user information. In other words, it divides the crowd, divides a single user into groups based on browsing habits and preferences, and hides individuals within groups. Advertisements will be distributed to this group of people rather than a single user. The goal is to maximize a single user’s privacy while maintaining key website functions and experiences. (RedTrack.io, 2021)
Google privacy sandbox attempts to achieve this goal in a variety of ways to better protect users’ private data while accurately delivering advertisements. It includes the turtledove proposal and the new version of the pigeon protocol. Advertisers will use new web browser APIs and device auctions to conduct repositioning and behavior positioning activities in a privacy-compliant manner. (Titone, 2020)
In addition, Google is working on a trust dialogue API that will verify real traffic and identify users from the sandbox to prevent advertising fraud. Users will be asked to fill out a form to verify their identity and establish trust tokens. After following the identification of the API, both trust tokens and advertisers will be unable to track users and trackback. (Dutton, 2021)
Aside from protecting users’ personal information, another important goal of the Google privacy sandbox is to gain benefits from advertisers based on data protection. In this regard, Google will use conversion measurement, which will be supported by two APIs: the transformation measurement API and the aggregation reporting API. After the privacy sandbox goes live, advertisers will need to match Google’s new API. Advertisers can launch advertisements as usual, but they cannot obtain users’ personal information directly. Using Chrome as an example, it will respond to an API request and provide basic user information. However, it will not provide more specific user data, ensuring that users always remain anonymous. (RedTrack.io)
SIGNIFICANCE OF DATA PROTECTION
Why is Google establishing a privacy sandbox? One of the main reasons is data security. Increasingly numbers of people are become aware of and concerned about the leakage of personal privacy data. More users have become aware of the importance of data protection, and hoping for ways to protect their online privacy. A critical aspect of data protection is ensuring that social media platforms, websites, and others do not abuse users’ personal information. Alexander Nix, the CEO of Cambridge Analytica, indicated in the 2018 Cambridge Analytica data scandal that during the 2016 U.S. presidential election, he used the data of 50 million Facebook users for analysis and accurate advertising delivery and controlled the election through digital manipulation and traditional political means. (Conference, 2018) This event had a huge impact. The fairness and results of the US election have been called into question. People are disgusted with Facebook’s behavior and measures, raising users’ awareness of social media networks’ practices of collecting personal data and selling it to third parties.
In addition, third-party cookies also pose a risk to data security. Third-party cookies are the driving force behind the digital advertising industry. They enable businesses to track website visitors, collect user data, improve the user experience, and deliver more relevant advertising to users. Since their inception, cookies have become the most common and compatible means of storing client data. The proliferation of cookies has also resulted in ad tech companies collecting user data from millions of websites without user consent, including online behavior and personal information. Cookies can also contain complete user profiles, which threat participants can use for malicious purposes. (“How the Demise of Third-Party Cookies Will Influence Data Security”, 2021)
It is precisely because data leakage incidents involving Facebook, LinkedIn, Twitter, and others have gradually made ever more people realize the importance of privacy data and data protection. (Tunggal, 2022) As a result, in order to meet the needs of users and the market, retain and attract more users, and update the advertising investment model, Google creates a private sandbox to attempt to address the contradiction between data use and privacy protection.
ATTEMPTS FOR DATA PROTECTION
Apple advances its privacy leadership with iOS 15, iPadOS 15, macOS Monterey, and watchOS 8. (Apple Newsroom, 2021).
The traditional data sharing model is becoming increasingly difficult to meet business compliance and users’ needs for data privacy and confidentiality protection to achieve data protection and portability. Other well-known technology companies, in addition to Google, have made attempts. It includes Apple’s Safari privacy report, which was released in 2021 for iOS15. According to Craig Federighi, Apple’s senior vice president of software engineering, this feature could help users better control and manage access to their data and protect data from third parties. Users, for example, can hide their IP addresses in the mailbox app to prevent machine learning on the device from tracking them. Furthermore, the iCloud private relay Internet privacy service enables users to connect to and browse the network more securely and privately. By assigning users an anonymous IP address, decrypting the websites they want to visit, and forwarding them to their destination, they can avoid being tracked. (“Apple advances its privacy leadership with iOS 15, iPadOS 15, macOS Monterey, and watchOS 8”, 2021)
Although Google, Apple, Meta, and other companies have made numerous attempts to strengthen data protection in recent years, the theoretical proposal and practical results may not agree. This new attempt at Google privacy sandbox has advantages and disadvantages, but there are still some contradictions and disputes. On the plus side, the privacy sandbox is a commendable attempt by the industry to protect users’ privacy to some extent, regardless of the outcome. And it has the potential to influence and change the commercial advertising delivery mode of the entire market. On the negative side, Google will face the contradictory situation of acting as a referee and a player simultaneously. What kind of advertising users receive is still up to Google, and there is no third party to oversee Google’s actions. So data protection will extent based on Google’s morality.
Google’s privacy sandbox has also sparked a lot of debate in the industry. For example, in the article, Zach Atlas (2021) stated that advertisers would face significant challenges once the privacy sandbox launched. The current workflow will be stifled, and many common online advertiser strategies will be ineffective. Mark MacCarthy (2021) believes that Google’s privacy sandbox brings competitive challenges. Google, for example, may allow itself to access personal level user network history via Chrome while refusing to allow other advertising service providers to do the same. He also mentioned the UK’s Competition and Markets Authority’s concerns about the privacy sandbox, including concerns about discriminatory implementation and the notion that prohibiting cookies is unfair to Chrome users because it deprives them of receiving targeted advertising.
FUTURE SOLUTION OF DATA PROTECTION AND DATA PORTABILITY
Implementing data protection measures such as Google’s privacy sandbox, Safari, and Firefox has reawakened people’s awareness of data protection and transplantation. Wang Lei, a doctor and data security expert at Zhejiang University’s computer department, believes that humanity is entering the era of data encryption. Changes must be made by the country, industry, and users to meet the challenges of the times better. (JianghujurenddeWeibo, 2022) It entails improving the design of laws and regulations, improving technologies, and improving user cognition.
The first step is the construction of laws and regulations. In recent years, various countries and regions have strengthened laws and regulations related to online platforms and data protection, such as the GDPR, China’s Personal Information Protection Law enacted in 2021, and India’s personal data protection bill enacted in 2018. These laws and regulations were developed to protect personal information based in various countries and regions (Prasad & Menon, 2020). These laws and regulations limit the platform to varying degrees to limit the network platform’s access to user information and data and strengthen network platform supervision. In his book, Nicolas Suzor (2019) emphasizes that while the social networking platform emphasizes a “shared” environment, the platform’s laws and regulations ensure that the platform has complete control. Users are not protected by the law and have no recourse against the platform’s rules. (pp, 13) As a result, the platform’s general attitude toward accountability and dispute resolution is negative and slow, which leads to a lack of protection for users’ rights and the platform’s restriction of users’ behavior. As a result, the creation of laws and regulations to protect users’ rights is both necessary and urgent.
In addition, the call for strengthening the supervision of digital platforms is made at the intersection of two major developments in the digital economy and the whole society. (Terry flew, 2019. pp. 26) Platforms requires a set of regulatory policies, such as self-regulation, media regulation, and joint regulation. (pp. 27-29) The platform requires regulatory measures to allow users to establish a trusting relationship with it, allowing the platform to better meet users’ needs and development.
Second, technological advancement includes privacy computing research and development. The advancement of big data raises the value of data in the eyes of everyone. Integrating and sharing multi-party data can generate more value for many big data companies. The growth of the Internet and big data technology raises the demand for data distribution. As a result, technological advancement is required to promote the better development of the data age.
The final step is to improve users’ cognition. Prior to Facebook’s data-disclosure scandal, most social platform users were oblivious to the risk of their personal information being exposed on the network. Complete trust in the platform allows users’ privacy information, including personal preferences and the disclosure of personal name, address, email, and other key information to be inadvertently disclosed. With the passage of time and the emergence of privacy disclosure events, an increasing number of users are becoming aware of the importance of protecting personal data. Many users are also wary of third-party cookies and refuse to be precisely located by big data. These actions show that users’ awareness of data security is growing. Therefore, platforms must establish a trusting relationship with users so that users can feel confident that their personal information is secure.
CONCLUSION
The creation of the Google privacy sandbox sets a new standard of conduct for advertisers, platforms, and users. Find a standardized way for advertisers to balance users’ growing demand for personal privacy. The evolution of Google’s data privacy products is unavoidable. As a technology company with 63% of global users, Google must adapt to changes and new needs and create products that satisfy a wide range of stakeholders. Overall, Google’s privacy sandbox must achieve a technological combination of multiple technologies, ensure technology universality, comply with laws and regulations, and avoid monopoly. Only in this way will we be able to improve data security and portability while also achieving global integration in data governance as soon as possible.
(Total words account: 2,188)
References:
Apple advances its privacy leadership with iOS 15, iPadOS 15, macOS Monterey, and watchOS 8. (June 7, 2021). Retrieved from https://www.apple.com/hk/en/newsroom/2021/06/apple-advances-its-privacy-leadership-with-ios-15-ipados-15-macos-monterey-and-watchos-8/
Apple Newsroom. (June 7, 2021). Apple advances its privacy leadership with iOS 15, iPadOS 15, macOS Monterey, and watchOS 8 [Image]. Retrieved from https://www.apple.com/hk/en/newsroom/2021/06/apple-advances-its-privacy-leadership-with-ios-15-ipados-15-macos-monterey-and-watchos-8/
Atlas, Z. (March 18, 2021). Google Privacy Sandbox: A Rallying Cry to Replace the Third-Party Cookie – SpotX. Retrieved from https://www.spotx.tv/resources/blog/product-pulse/google-privacy-sandbox/
Confessore, N. (April 4, 2018). Cambridge Analytica and Facebook: The Scandal and the Fallout So Far. The New York Times. Retrieved from https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html
Dutton, S. (May 18, 2021). Trust Tokens – Chrome Developers. Retrieved from https://developer.chrome.com/docs/privacy-sandbox/trust-tokens/
Flew, Terry (2019) ‘Platforms on Trial’, Intermedia 46(2), pp. 18-23.
Forcepoint. (n.d.). What is Sandbox Security? Sandbox Security Defined, Explained, and Explored. Retrieved 7 April 2022, from
https://www.forcepoint.com/cyber-edu/sandbox-security#:~:text=In%20cybersecurity%2C%20a%20sandbox%20is,the%20host%20device%20or%20network.
How the Demise of Third-Party Cookies Will Influence Data Security. (May 20, 2021). [Blog]. Retrieved from https://quointelligence.eu/2021/05/how-the-demise-of-third-party-cookies-will-influence-data-security/
How We’re Protecting Your Mobile Privacy. (2022). Retrieved from https://privacysandbox.com/android/
JohnAthan316. (June 22, 2019). What cookies are and how they are used [Image]. Retrieved from https://plavidnetwork.com/what-cookies-are-and-how-they-are-used/
MacCarthy, M. (June 23, 2021). Controversy over Google’s Privacy Sandbox shows need for an industry regulator. Retrieved from https://www.brookings.edu/blog/techtank/2021/06/23/controversy-over-googles-privacy-sandbox-shows-need-for-an-industry-regulator/
Nani, J. (July 31, 2021). Google Privacy Sandbox: Goodbye Schedule for third-party cookies [Image]. Retrieved from https://www.best4every1.com/google-privacy-sandbox-new-schedule/
Prasad M, D., & Menon C, S. (2020). The Personal Data Protection Bill, 2018: India’s regulatory journey towards a comprehensive data protection law. International Journal of Law and Information Technology, 28(1), 1–19. https://doi.org/10.1093/ijlit/eaaa003
RedTrack.io. (July 29, 2021). What is Google Privacy Sandbox and How is it going to change advertising? [Video]. YouTube. Retrieved from https://www.youtube.com/watch?v=w1teOeC26vY
Spielberg, S., Molen, G. R., Curtis, B., Parkes, W. F., Bont, J.., Frank, S., Cohen, J., … Twentieth Century-Fox Film Corporation. (2002). Minority Report.
Suzor, Nicolas P. (2019). ‘Who Makes the Rules?’. In Lawless: The Secret Rules that Govern our Lives. Cambridge, UK: Cambridge University Press. pp. 10-24.
Titone, T. (September 8, 2020). What is TURTLEDOVE? Google’s TURTLEDOVE Explained. Retrieved from
https://adtechexplained.com/turtledove-explained/
Tunggal, A. (February 24, 2022). The 63 Biggest Data Breaches. Retrieved from https://www.upguard.com/blog/biggest-data-breaches