top | item 42583875

(no title)

One thing that strikes me reading this, is that the only thing that's changed is that Google won't disallow it. But I think it would make more sense if the ICO actually just went after the companies doing fingerprinting directly, instead of being angry at Google for not enforcing things for them.

There is a subtle but important difference here.

If governments enforce policy by bullying HSBC/Google/E.ON to enforce policies for them, there is no legal opportunity for companies and individuals to argue for their sake. You'll just be shut out of your bank/advertising/electricity for doing something "wrong".

If instead UK ICO would bring a legal case against an individual or company applying fingerprinting (and I'm no advocate of fingerprinting, but that's besides the point) then they can defend themselves in court.

discuss

buran77|1 year ago

> if the ICO actually just went after the companies doing fingerprinting directly, instead of being angry at Google for not enforcing things for them

Google isn't just a hapless bystander here, they are enabling and profiting from the practice. Big tech companies all build these billion people villages and heavily tax every person inside but when "outside law" is broken then "outside authorities" should fix it for free.

The rules could be simple: you have a problem in your village, either you enforce the laws there, or national authorities will do it and charge you (the company) for the service.

When Amazon allows any of the millions of ephemeral clone-storefronts to sell shady or illegal stuff, would you rather have the authorities spend years chasing ghosts or have Amazon change their rules to make sure such illegality and abuse aren't possible in their marketplace?

sandstrom|1 year ago

> When Amazon allows any of the millions of ephemeral clone-storefronts to sell shady or illegal stuff, would you rather have the authorities spend years chasing ghosts or have Amazon change their rules to make sure such illegality and abuse aren't possible in their marketplace?

I'm fine with a law saying Amazon is liable for fake storefronts etc. Sounds reasonable. I'd also favor requiring e.g. Uber or Airbnb to provide authorities with data to prevent tax fraud from operators in such marketplaces.

But to me saying Google's advertising product should enforce how the individual websites work [fingerprinting], is to me more in the direction of "an electricity provider should enforce how people live their lives in any home provided by such electricity…"

threeseed|1 year ago

> Google isn't just a hapless bystander here

Google literally added all of the random APIs into Chrome that fingerprinting depends on.

If you trust Google then they are a bystander. If you don't then they orchestrated this entire situation over the last decade or so in order to cement the dominance of their advertising business.

seanhunter|1 year ago

What makes you think the UK ICO won’t bring legal cases against individuals or companies applying fingerprinting? They literally say in this guidance that they consider it against the regulations for companies to do this even though google now allows it. Having dealt with regulators a fair bit that’s pretty much as clear cut a warning as you can get that they will go after people who do this. Now, will they be fast? No. Will they go after the worst offenders? Maybe, maybe not. Will they only do it if someone makes a complaint? Perhaps. But this note is literally them saying to companies “don’t think you can do this just because google now says it’s ok”.

Winblows11|1 year ago

> What makes you think the UK ICO won’t bring legal cases against individuals or companies applying fingerprinting?

Not enough staff in ICO to bring these cases. All the capable people earn much more in private sector (banking/finance) in London.

noprocrasted|1 year ago

> What makes you think the UK ICO won’t bring legal cases against individuals or companies applying fingerprinting?

The vast majority of consent flows ("cookie banners") out there are not compliant and they do absolutely nothing about it. It's very unlikely this would be any different.

The ICO is all bark and no bite.

IanCal|1 year ago

I really don't understand this comment. They're not expecting google to enforce anything, and they are talking about going after individual companies.

> If governments enforce policy by bullying HSBC/Google/E.ON to enforce policies for them, there is no legal opportunity for companies and individuals to argue for their sake

Companies are in no way stopped from fingerprinting just because of google.

> When the new policy comes into force on 16 February 2025, organisations using Google’s advertising technology will be able to deploy fingerprinting without being in breach of Google’s own policies. Given Google’s position and scale in the online advertising ecosystem, this is significant.

This seems like a very reasonable statement, no?

sandstrom|1 year ago

I guess it depends on what you read into it.

But when I read this it seems like they are unhappy with Google no longer enforcing their view of fingerprinting:

    We think this change is irresponsible. [...] We are continuing to 
    engage with Google on this U-turn in its position and the departure it
    represents from our expectation of a privacy-friendly internet.

underdeserver|1 year ago

Two separate issues. There needs to be regulation to stop Google from doing or allowing fingerprinting, and there also needs to be regulation to help people against one-sided decisions like that.

You don't get to be that big and make your own rules.

usr1106|1 year ago

That's the problem with allowing a company the reach and keep dominating market position. You need to involve them in regulation enforcement. In a fair market Google could rightfully say that's none of our business.

isodev|1 year ago

> it would make more sense if the ICO actually just went after the companies doing fingerprinting directly, instead of being angry at Google

I think it’s quite the opposite - Google enabling illegal use of their services should make their offering unfit for market. Being a monopolist in the space, it’s Google’s responsibility to ensure users are safe when exposed to their services.

maffyoo|1 year ago

This just doesn't make sense. Google wont disallow fingerprinting on companies using ITS advertising technology. I think accountability gets exhausted pretty quickly on this just by thinking about the implications. If UK gov (or any other) enforces a blanket ban on google ads to prevent this problem, where exactly does the issue lie ? This is not like someone selling syringes being accountable for someone putting toxins into the syringe, this is someone who already has a line into a main blood vessel saying they wont prevent someone from putting toxins in. Big, Big difference, they have the privilege of access and wont prevent other people abusing it. This is on google, pure and simple

g-b-r|1 year ago

There's a gazillion of companies outside UK legislation; if they only went against companies doing fingerprinting, only those subject to their legislation would refrain from doing it

Having Google forbid it makes a lot of sense

ben_w|1 year ago

That argument works better against having Google be the enforcer than in favour: Google's rules are (as I understand it in this case) global, why should the UK's rules be made to apply to, say, a Japanese-language-only app sold only in the Japan?

(For all I know Japan has similar rules, the point isn't the specific country, but that this would be the UK projecting power internationally that it shouldn't be).

stefan_|1 year ago

I suppose this is why we need to break up Google, so even the most unaware person on the world can realize that they are the biggest advertising network on the planet. THEIR PRODUCT IS ADVERTISING. TARGETED ADVERTISING. This is what they do. That is where their money is made.

What business do you think Google is in?!

threeseed|1 year ago

> But I think it would make more sense if the ICO actually just went after the companies

The majority of online advertisers are small-medium ecommerce brands.

There is no chance ICO would go that route.

rixed|1 year ago

I have no opinion about this particular case at hand, but decades of observations of how governments, esp. in Europe, "regulate" IT by targetting a few big players, and Google always first in line despite that company has been _historically_ the most careful with users data, have convinced me that this has little to do with protection of citizens privacy and much more to do with forcing those whole encompassing corporations to cooperate with governments own surveillance agendas.

seanhunter|1 year ago

Firstly regulators go after the big players because they have finite resources and that’s the easiest way for them to have a lot of leverage versus trying to play whack a mole with thousands of tiny companies who can easily shut down and change name in the event of a regulatory action.

Secondly the idea that google are particularly singled out flies in the face of the significant actions by european data regulators against meta and all the other big tech companies.

Thirdly the idea that google are particularly careful with users data is pretty laughable.