Source: A Complete Introduction to Terry Pratchett's Discword.
“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by James Rosewell, founder and CEO at 51Degrees.
The Word Wide Web Consortium (W3C) was set up to standardize an open world wide web for all.
As such, this powerful body seeks to agree upon technical standards of interoperability across browsers.
Within the W3C is an entity called the Technical Architecture Group (TAG) that sets the architectural direction for the web and includes in its membership a personage no less illustrious than Sir Tim Berners-Lee, "father of the internet.”
But there is an inherent problem with the core tenets that TAG relies on to make its decisions.
Google has recognized this. One of the proposals in the Chrome Privacy Sandbox, First-Party Sets (FPS), calls for grouping together the domains that it owns, such as youtube.com and google.com, and treating them as one domain from the perspective of data sharing.
This proposal recently warranted a public report from W3C TAG in which it observed that: “This proposal undermines the concept of origin, and we see origin [domain name] as a load-bearing structural pillar of web architecture.”
This statement highlights a core problem, which is that the web’s architecture is no longer fit for purpose and that the “structural pillar” of domain names needs to be upgraded.
“Origin” is a geeky synonym for domain, which is the name associated with a web page in the address bar of a web browser. The domain name is affiliated with the brand of the organization that operates the website, and security is assured via a padlock icon.
For example, the domain name and, therefore, the first-party origin for this article is adxchanger.com.
The domain names of partners that help publishers operate their web properties are not visible to the user and are known as third-party origins.
Google’s own Chrome blog explicitly defines “third party” as so: “If the domain associated with a cookie matches an external service and not the website in the user’s address bar, this is considered a cross-site (or “third party”) context.”
Both the W3C and TAG consider third-party origins to be untrustworthy. But this ignores the fact that the use of such “third-party” suppliers is controlled by the trusted first-party that the individual has chosen to interact with.
Dominion over data distribution
When people accept terms and conditions, it’s an agreement with a legal entity, not with a domain name.
For example, the legal entity Google operates many domains. If people consent to having Google collect and process their personal data, Google no doubt wants this consent to be applied to all domains and services operated by Google irrespective of the domain names used.
But how is it possible to communicate this in the current web architecture? Google’s FPS proposal shows us that Google itself realizes we need to look beyond domain names for a solution.
Although the concept behind FPS might sound simple, it’s actually unfair to smaller businesses. If a small company needs a service that it cannot itself build or operate, that business will look to a competitive market of supply chain vendors to provide that service. Among the many services most publishers rely upon are website analytics, fraud prevention, shopping basket or payment technologies and advertising.
It is common practice for smaller companies to band together to compete with larger organizations.
Such businesses, however, could not become a first-party set.
W3C and TAG recognize this when they stated in their report on FPS: “It is likely that this proposal only benefits powerful, large entities that control both implementation and services.”
And so, I argue that it is now time to upgrade the “origin” pillar of the web. In order to ensure a level playing field, we need to improve the transparency and auditability of data transfers to people, regardless of which organization is collecting and processing their personal data.
We need a structure that enables people to trust the supply chain choices of the first party they are interacting with. That means providing them with:
- Verifiable identity of the brand whose property they are interacting with
- Transparency to see the supply chains that organizations rely upon
- Auditability to prove that privacy choices are being respected
- Sanctions for parties that break the law or rules
TAG is made up of passionate, talented engineers. But they are neither lawyers nor businesspeople – and they have, in the past, shut down discussion of the points advocated in this article, which is, understandably, disappointing. For an example, see this GitHub thread on supply chain choice.
However, the web is for all people, not just trillion-dollar corporations, browser vendors and the people that develop the web. We need to work together to ensure that TAG and the W3C engage with the broader community of businesses and people who rely on the standards they propagate so as to promote a level playing field.
People and authors (aka, publishers or website operators in W3C parlance) should be prioritized ahead of browser implementers.
It must also be pointed out that what we’re talking about here is about more than just the open web. If a brand wants to send its own first-party data to improve advertising inside a walled garden, this too is considered a cross-site data transfer.
I urge you to make your voice heard before it’s too late – and there are many, mainly free, ways in which you can participate in the W3C debate.
- Raise an issue against the TAG Security and Privacy Questionnaire to request a review. (free)
- Join the W3C Privacy Community Group and make the case for architecture change concerning origins or support others. (free)
- Follow the proposals on the Web Incubation Community Group (WICG) and highlight where the group might benefit from rethinking the concept of “origin.” (free)
- Visit swan.community and join the project. (free)
- Join the W3C and vote in the December 2021 election to select different TAG members who are open to these changes. (not free)
Although you may never have contacted the W3C, I can assure you that the W3C is interested in hearing from more voices – especially those that are traditionally underrepresented, such as small publishers, brands and their marketing agencies.
As we reform the web, let’s ensure that we establish policies and an architecture that allow new start-ups, small businesses and, most importantly, individuals around the globe to participate online without being constrained by the unilateral decisions of dominant platforms.
W3C and TAG provide a route to resolve the issues faced by digital advertising. But all our voices are required if this approach is to succeed.