Press Release

W3C’s ‘Privacy Principles’ are disastrous for privacy and the open web

On May 12 2022, a draft “Privacy Principles” document for the World Wide Web Consortium (W3C) was published, that reinforces an anti-personal privacy approach to web standards.  

The document continues to promote ‘First-Party’ data; the idea that your personal data is better secured by large companies than networks of smaller companies. This view privileges the already-powerful, whilst unfairly stigmatising communities of smaller businesses that need to collaborate to compete. This erodes user choice, undermines the foundations of the Open Web and makes the internet a worse place for us all.  

Movement for an Open Web’s (MOW) three key points of contention with the principles are:  

  • They restrict and undermine user choice, and the diversity of online offerings. 
  • They contradict the position of privacy protection regulators such as the ICO, who have rejected the unsubstantiated idea that first parties pose lower risks than third-parties when processing personal data. The CMA also decided against this idea in Google’s Privacy Sandbox in February 2022. 
  • They undermine trust in the decentralised communities that form the Open Web. 

Why would this draft document be such a problem? The answer comes from the fact that it is co-authored by some of the largest players in their markets – Apple, Brave, Café Media, DuckDuckGo, Google, Samsung, and The New York Times. Online markets hang on these organisations every word. What they think is a matter of note to everyone else involved with internet standards.  

The future development of the web will be moulded by these principles, which will act as commandments for standard setting and used to “close down” ideas that are seen to be incompatible with these companies’ quasi-laws. If the idea that corporate first-parties are better entrusted with our privacy than decentralised communities then the Open Web itself is threatened.  

James Rosewell, Director of MOW, stated, “W3C must increase stakeholder diversity and listen to the silent majority of web stakeholders. Regulators need to get actively involved in W3C. It is not okay for browser vendors and the largest publishers to make up quasi-laws for a resource used by more than 5 billion people.”  

Tim Cowen, Chair of the Antitrust Practice at Preiskel & Co and a leading competition and regulatory lawyer, added, “Simply put, the W3C must not ratify these so-called “Privacy” Principles”. It should not entrench the largest players at the expense of rival tech communities and publishers. The CMA has identified publications such as these as anti-competitive when they cause uncertainty in the market, and there is clearly no objective justification for them.”  


Notes for Editors

Movement for an Open Web (MOW) has written to the UK Competition and Markets Authority to highlight concerns around the document, and a long-form analysis of the W3C Privacy Principles draft is available here.

As referenced above, UK regulators have rejected the distinction made between third- and first-party data. Please see the below excerpt from “Competition and data protection in digital markets: a joint statement between the CMA and the ICO”, which can be read in full here.

Header image courtesy of Pierre Bamin via Unsplash (Licensed for free use under the Unsplash license)