You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Movement for an Open Web (“MOW”) is an action group founded to advocate for a competitive, open internet. Many members were involved in the Competition and Markets Authority (CMA) Online Platforms and Digital Advertising inquiry in 2020. MOW is the chief complainant in Google’s Privacy Sandbox case, and we initially applied to the CMA for interim measures to prevent Google’s proposed changes to the browser. Whistle-blower protections are recognised in law the world over and play a vital role in helping the authorities gather necessary evidence from key witnesses, whose identity must be protected to reduce the likelihood of retaliation. We note that the CMA’s Privacy Sandbox case team have agreed to protect the identity of our members.
We are submitting the following issue in the W3C forum at the request of the CMA and Google’s recommended procedure for filing issues with their Privacy Sandbox, according to section 12 of Google’s Commitments.
The design of Google’s proposal for single-sign on technologies called Federated Credentials Management (FedCM), previously called WebID will disintermediate organisational relationships with their opted-in, signed in users.
This proposal calls digital properties wishing to offer consumers a registration process a “relying party.” The proposal calls the organisation to whom the user has disclosed their identity the “identity provider.” Yet the identity provider does not disclose the user’s identity to the digital property and instead creates a unique pseudonymous identifier for each organisation with whom the user authenticates.
Given neither the user agent nor the identity provider is authorised to investigate or police the organisational contracts or ownership associated with various organisations (e.g., YouTube, Google Maps, Waze and Google Nest vs Netflix, Mapquest, Roadtrippers and Sensi smart thermostat), the proposal inappropriately introduces friction among many consumer-facing organisations that may wish to exchange innocuous interoperable data (e.g., in line with the EEA’s Digital Markets Act).
If Google does proceed with its FedCM proposal, we recommend a robust choice mechanism for consumers to be properly informed of the impact of their decision and ideally alternative choices available to them, rather than have such an option bundled into the browser/operating system by default.
We kindly request Google to provide a substantive reply in their next quarterly report to the CMA. We would also welcome a response from @hlflanagan, @spanicker, @JensenPaul, @bslassey, @miketaylr, or another Google representative in this forum.
The text was updated successfully, but these errors were encountered:
Movement for an Open Web (“MOW”) is an action group founded to advocate for a competitive, open internet. Many members were involved in the Competition and Markets Authority (CMA) Online Platforms and Digital Advertising inquiry in 2020. MOW is the chief complainant in Google’s Privacy Sandbox case, and we initially applied to the CMA for interim measures to prevent Google’s proposed changes to the browser. Whistle-blower protections are recognised in law the world over and play a vital role in helping the authorities gather necessary evidence from key witnesses, whose identity must be protected to reduce the likelihood of retaliation. We note that the CMA’s Privacy Sandbox case team have agreed to protect the identity of our members.
We are submitting the following issue in the W3C forum at the request of the CMA and Google’s recommended procedure for filing issues with their Privacy Sandbox, according to section 12 of Google’s Commitments.
The design of Google’s proposal for single-sign on technologies called Federated Credentials Management (FedCM), previously called WebID will disintermediate organisational relationships with their opted-in, signed in users.
This proposal calls digital properties wishing to offer consumers a registration process a “relying party.” The proposal calls the organisation to whom the user has disclosed their identity the “identity provider.” Yet the identity provider does not disclose the user’s identity to the digital property and instead creates a unique pseudonymous identifier for each organisation with whom the user authenticates.
Given neither the user agent nor the identity provider is authorised to investigate or police the organisational contracts or ownership associated with various organisations (e.g., YouTube, Google Maps, Waze and Google Nest vs Netflix, Mapquest, Roadtrippers and Sensi smart thermostat), the proposal inappropriately introduces friction among many consumer-facing organisations that may wish to exchange innocuous interoperable data (e.g., in line with the EEA’s Digital Markets Act).
If Google does proceed with its FedCM proposal, we recommend a robust choice mechanism for consumers to be properly informed of the impact of their decision and ideally alternative choices available to them, rather than have such an option bundled into the browser/operating system by default.
We kindly request Google to provide a substantive reply in their next quarterly report to the CMA. We would also welcome a response from @hlflanagan, @spanicker, @JensenPaul, @bslassey, @miketaylr, or another Google representative in this forum.
The text was updated successfully, but these errors were encountered: