---
title: "Privacy and Compliance Reader"
description: "Intended to help new entrants to the Privacy Engineering and compliance field get familiar with the players, stakes and considerations around privacy and related regulatory compliance."
date: 2022-04-04 22:59:43.10 -4
tags:
  - Privacy
  - Compliance
  - Tech
  - Engineering
  - Privacy Engineering
featuredImage: "privacy-phone.jpg"
featuredImageCredit: '"data privacy" by stockcatalog is marked with CC BY 2.0.'
featuredImageLink: "https://www.flickr.com/photos/151691693@N02/41234382652"
featuredImageAlt: '"data privacy" by stockcatalog portrays a human hand holding a phone with a blue screen showing a padlock and key icon.'
featuredImageCaption: "What does locking it down even mean?"
---

## Blog Posts & Video

This is a small sample of relevant blog posts.

http://darobin.github.io/api-design-privacy/api-design-privacy.html
https://aramzs.github.io/presentations/2019/10/16/a-presentation-to-watch-mike-monteiro-lets-destroy-silicon-valley.html
https://www.youtube.com/watch?v=fCUTX1jurJ4
https://berjon.com/privacy-reality-check/
https://berjon.com/competition-privacy/
https://open.nytimes.com/how-the-new-york-times-thinks-about-your-privacy-bc07d2171531
https://blog.mozilla.org/netpolicy/2022/04/12/competition-should-not-be-weaponized-to-hobble-privacy-protections-on-the-open-web/
https://www.adexchanger.com/online-advertising/programmatic-tech-is-a-front-for-psychological-warfare/
https://berjon.com/principled-privacy/
https://media.ccc.de/v/38c3-feelings-are-facts-love-privacy-and-the-politics-of-intellectual-shame

## Compliance APIs

APIs Privacy Engineers will have to deal with regularly.

https://iabeurope.eu/tcf-2-0/
https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/USP%20API.md
https://globalprivacycontrol.org/#gpc-spec
https://www.chromium.org/developers/design-documents/site-engagement
https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Feature_detection
https://berjon.com/gpc-under-the-gdpr/
https://support.google.com/admanager/answer/14117049?hl=en
https://stackdiary.com/german-court-bans-linkedin-from-ignoring-do-not-track-signals/

## Understanding Third Party Cookies

https://web.dev/understanding-cookies/
https://web.dev/samesite-cookies-explained/
https://qz.com/guide/the-end-of-third-party-cookies/
https://qz.com/2000350/the-inventor-of-the-digital-cookie-has-some-regrets
https://gizmodo.com/google-chrome-cookie-privacy-sandbox-1850303764
https://www.bigmartech.com/bmt-013-the-end-of-third-party-cookies-part-1/
https://www.wired.com/story/what-do-cookie-preferences-pop-ups-mean/
https://www.linkedin.com/pulse/marketers-dont-worry-losing-3p-cookies-microtargeting-dr-fou-/
https://tom-crane.medium.com/what-happens-if-there-are-no-third-party-cookies-5ee5edb84d75

### Browsers ending 3p

https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/
https://blog.mozilla.org/en/mozilla/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/
https://www.theverge.com/2020/3/24/21192830/apple-safari-intelligent-tracking-privacy-full-third-party-cookie-blocking
https://www.stateofdigitalpublishing.com/opinion/cookieless-is-not-near-its-here/

## Privacy and AI

- https://desfontain.es/blog/privacy-in-ai.html
- https://www.wired.com/story/how-to-stop-your-data-from-being-used-to-train-ai/
- https://www.brookings.edu/articles/protecting-privacy-in-an-ai-driven-world/

## Privacy and Cartech

- https://www.washingtonpost.com/technology/2025/01/04/tesla-data-privacy-vehicles/
- https://www.nytimes.com/2024/12/20/technology/connected-cars-roads-data.html?smid=nytcore-android-share
- https://www.w3.org/press-releases/2015/automotive-industry/

## In-Progress Standards

Privacy relevant standards.

https://web.dev/tags/privacy/
https://web.dev/tags/security/

### Client Hints

https://github.com/WICG/ua-client-hints
https://wicg.github.io/client-hints-infrastructure/
https://httpwg.org/wg-materials/interim-20-10/minutes.html#client-hint-reliability
https://tools.ietf.org/html/draft-davidben-http-client-hint-reliability-01
https://github.com/mozilla/standards-positions/issues/202#issuecomment-558294095

### IP Blindness

https://github.com/bslassey/ip-blindness/
https://brave.com/vpn0-a-privacy-preserving-distributed-virtual-private-network/
https://support.google.com/analytics/answer/2763052?hl=en

### IsLoggedIn

- https://github.com/WebKit/explainers/tree/master/IsLoggedIn

### Privacy Budget

https://github.com/bslassey/privacy-budget

### Privacy Sandbox

A collection of proposed standards by Google intended to move the web away from third party cookies.

https://privacysandbox.com/timeline/
https://privacysandbox.com/news/maximize-ad-relevance-after-third-party-cookies/
https://blog.chromium.org/2019/08/potential-uses-for-privacy-sandbox.html
https://blog.chromium.org/2021/01/privacy-sandbox-in-2021.html
https://digiday.com/marketing/wtf-googles-privacy-sandbox/
https://digiday.com/media/google-plots-further-privacy-sandbox-trials-but-concerns-still-linger/

### Storage Partitioning

https://github.com/privacycg/storage-partitioning

### Trust Tokens

Potential alternative for anti-fraud/reCaptcha issues

https://web.dev/trust-tokens/
https://docs.google.com/document/d/1InSaFhB7teb7dRRTqwu4iV2AI282vMAnsZfjad8u5P4/edit?a
https://developer.chrome.com/origintrials/#/view_trial/2479231594867458049
https://mikewest.github.io/http-state-tokens/draft-west-http-state-tokens.html

### IDs

https://digiday.com/media/ids-dont-belong-on-the-open-web-the-pragmatic-publishers-case-for-privacy-first-ads/

#### WebID / FedID

https://github.com/fedidcg/FedCM
https://docs.google.com/presentation/d/1Kk4WQIAAbkmzzzMGd5LoDnGq9kfpAxE8SNl4guUrUgw/edit

#### DID

https://www.w3.org/TR/did-core/
https://github.com/KILTprotocol/kilt-did-driver/blob/master/docs/did-spec/spec.md

## Engineering-relevant laws

https://iapp.org/resources/article/us-state-privacy-legislation-tracker/
https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/
https://www.americanbar.org/groups/business_law/resources/business-law-today/2024-august/californias-invasion-privacy-act/
https://news.bloomberglaw.com/privacy-and-data-security/cops-battle-data-brokers-for-privacy-in-constitutional-clash

### GDPR

https://gdpr.eu/what-is-gdpr/
https://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018
https://gdpr.eu/data-protection-impact-assessment-template/
https://www.wsj.com/articles/eu-court-expands-definition-of-sensitive-data-prompting-legal-concerns-for-companies-11660123800

### CCPA

https://oag.ca.gov/privacy/ccpa

### Colorado

https://iapp.org/news/a/colorado-privacy-act-becomes-law/

### Virginia's CDPA

https://lis.virginia.gov/cgi-bin/legp604.exe?211+sum+SB1392
https://pro.bloomberglaw.com/brief/what-is-the-vcdpa/
https://www.hutchlaw.com/blog/an-overview-of-the-virginia-consumer-data-protection-act
https://www.dataguidance.com/notes/virginia-data-protection-overview

### Maryland

https://mgaleg.maryland.gov/mgawebsite/Legislation/Details/sb0541?ys=2024rs
https://mgaleg.maryland.gov/mgawebsite/Legislation/Details/sb0571?ys=2024rs

### ADPPA

https://iapp.org/news/a/were-so-close-to-getting-data-loyalty-right/

### Japan

https://auth0.com/blog/the-new-japanese-privacy-law-what-businesses-need-to-know/

## White Papers and Non-technical Standards

This includes conversations about the mechanism and philosophy around privacy as well as useful documents–including privacy models–used by standard setting orgs as part of their process.

### Models and Definitions of Privacy

https://github.com/michaelkleber/privacy-model
https://w3cping.github.io/privacy-threat-model/
https://w3ctag.github.io/privacy-principles/
https://webkit.org/tracking-prevention-policy/
https://wiki.mozilla.org/Security/Anti_tracking_policy
https://darobin.github.io/pup/
https://www.nist.gov/privacy-framework
https://en.wikipedia.org/wiki/Privacy_by_design
https://almanac.httparchive.org/en/2022/privacy
https://www.w3.org/wiki/Privacy/Privacy_Considerations

### Principles and Documents

https://w3ctag.github.io/design-principles
https://www.w3.org/TR/security-privacy-questionnaire/
https://www.w3.org/TR/fingerprinting-guidance/
https://www.w3.org/blog/2019/06/privacy-anti-patterns-in-standards/
https://w3ctag.github.io/ethical-web-principles/
[7 Foundational Principles](https://www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf)
https://www.rfc-editor.org/rfc/rfc8890.html
https://datatracker.ietf.org/doc/html/rfc7258
https://www.w3.org/2001/tag/doc/unsanctioned-tracking/
https://github.com/w3c/web-advertising/blob/main/support_for_advertising_use_cases.md
https://www.harrietkingaby.com/reports
https://datasociety.net/library/weaponizing-the-digital-influence-machine/
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3354129
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3827421
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2655719
https://iapp.org/resources/topics/de-identification/
https://brave.com/brave-fingerprinting-and-privacy-budgets/
https://mickens.seas.harvard.edu/publications/riverbed-enforcing-user-defined-privacy-constraints-distributed-web-services
https://en.wikipedia.org/wiki/FTC_fair_information_practice

[Amplification by Shuffling:
From Local to Central Differential Privacy via Anonymity](https://arxiv.org/pdf/1811.12469.pdf)

[Context-Aware Local Differential Privacy](https://arxiv.org/abs/1911.00038)

https://www.nytimes.com/privacy
https://aws.amazon.com/solutions/case-studies/merkle/
https://aws.amazon.com/blogs/industries/how-to-create-a-modern-cpg-data-architecture-with-data-mesh/
https://web.dev/same-site-same-origin/
https://web.archive.org/web/20210828232159/https://applift.com/blog/applifts-compendium-of-adtech-abbreviation
https://open.nytimes.com/how-we-manage-new-york-times-readers-data-privacy-d39627d79a64

<p><a href="https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ENPA_White_Paper.pdf" target="_blank">Exposure Notification Privacy Preserving Analytics</a></p>

[Opinion 03/2013 on purpose limitation](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf)

https://www.w3.org/TR/privacy-principles/
https://w3c.github.io/privacy-considerations/


[Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (PDF)](https://obamawhitehouse.archives.gov/sites/default/files/privacy-final.pdf)

https://www.forrester.com/blogs/proposed-surveillance-advertising-ban-meet-contextual-targeting/

### User Perception

["I need a better description": An Investigation Into User Expectations For Differential Privacy](https://arxiv.org/abs/2110.06452)

https://gizmodo.com/how-to-track-the-tech-thats-tracking-you-every-day-1843908029

[Measuring Privacy: An Empirical Test Using Context to Expose Confounding Variables](https://nissenbaum.tech.cornell.edu/papers/Measuring%20Privacy.pdf)

### Data Protection

https://www.gov.uk/find-digital-market-research/review-of-literature-relevant-to-data-protection-harms-ico
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4131523
https://www.techpolicy.com/Articles/L/Legislating-Data-Loyalty.aspx

### Consent

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4333743

### Extraction Imperative

https://youtu.be/gmX61zJLjcs?si=QqNsIC6hDaqQdsyu

## Trust

<a href="https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/" target="_blank">https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/</a>

## Manipulation and Cognitive Freedom

https://www.humanetech.com/podcast/protecting-our-freedom-of-thought-with-nita-farahany

## Pay or Okay

https://noyb.eu/en/pay-or-okay-beginning-end

## Journalism

Relevant articles and reports on issues and successes

https://themarkup.org/blacklight/2020/09/22/blacklight-tracking-advertisers-digital-privacy-sensitive-websites
https://themarkup.org/blacklight/2020/09/22/how-we-built-a-real-time-privacy-inspector
https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii
https://motherboard.vice.com/amp/en_us/article/zmwaee/there-are-no-guardrails-on-our-privacy-dystopia
https://themarkup.org/google-the-giant/2020/07/23/google-advertising-keywords-black-girls
https://themarkup.org/coronavirus/2020/04/23/want-to-find-a-misinformed-public-facebooks-already-done-it
https://gizmodo.com/it-doesn-t-matter-who-owns-tiktok-1844595163
https://gizmodo.com/facebook-says-china-is-its-biggest-enemy-but-it-s-also-1844526005
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
https://www.vox.com/explainers/2019/5/7/18273355/angry-birds-phone-games-data-collection-candy-crush/
https://gizmodo.com/the-stop-hate-for-profit-movement-isnt-going-to-stop-1844147197
https://gizmodo.com/goodrx-shares-my-prescriptions-with-third-parties-and-i-1841772965
https://www.propublica.org/article/trumpcare-does-not-exist-nevertheless-facebook-and-google-cash-in-on-misleading-ads-for-garbage-health-insurance
https://qz.com/1751030/facebook-ads-lured-seniors-into-giving-savings-to-metals-com/
https://www.wsj.com/articles/federal-agencies-use-cellphone-location-data-for-immigration-enforcement-11581078600
https://www.theregister.com/2021/03/30/intel_wiretapping_data/
https://www.nytimes.com/2021/07/31/style/anonymity-pseudonymity-online-identity.html
https://www.niemanlab.org/2021/10/the-rise-of-dark-web-design-how-sites-manipulate-you-into-clicking/
https://gizmodo.com/this-devious-and-mostly-legal-ad-scam-is-bleeding-small-1844633313
https://gizmodo.com/your-phone-is-a-goldmine-of-hidden-data-for-cops-heres-1843817740
https://theconversation.com/targeted-ads-isolate-and-divide-us-even-when-theyre-not-political-new-research-163669
https://qz.com/guide/the-end-of-third-party-cookies/?utm_source=email&utm_medium=quartz-obsession&utm_content=e80b166a-c357-11eb-b8e8-7e154f33a947
https://www.adweek.com/programmatic/investors-want-proof-digital-ads-funding-misinformation/
https://www.bostonglobe.com/2022/02/01/business/mass-lawmakers-advance-digital-privacy-bill/
https://themarkup.org/privacy/2022/03/21/lawsuit-highlights-how-little-control-brokers-have-over-location-data
https://www.admonsters.com/ad-targeting-bias/
https://gizmodo.com/gdpr-iab-europe-privacy-consent-ad-tech-online-advertis-1848469604
https://www.nytimes.com/2022/05/19/opinion/privacy-technology-data.html
https://gizmodo.com/how-often-do-ads-sell-your-data-every-day-1848931523
https://www.adexchanger.com/mobile/t-mobile-rebrands-its-ad-biz-and-navigates-the-perilous-line-between-programmatic-and-privacy/
https://gizmodo.com/why-every-company-ad-network-now-1848936157
https://www.cjr.org/tow_center/journalists-are-rightly-suspicious-of-ad-tech-they-also-depend-on-it.php
https://morningconsult.com/2022/11/09/data-privacy-is-different-for-gen-z/
https://thebaffler.com/latest/capitalisms-new-clothes-morozov
https://www.washingtonpost.com/technology/2023/02/13/mental-health-data-brokers/
https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds
https://www.theverge.com/2023/10/9/23909581/walmart-ozempic-food-pharmacy-market-research-privacy
https://teachprivacy.com/privacy-in-authoritarian-times/
https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/
https://www.techdirt.com/2024/08/21/84-of-americans-want-tougher-online-privacy-laws-but-congress-is-too-corrupt-to-follow-through/

### Privacy Tax

https://www.nytimes.com/2017/05/09/magazine/how-privacy-became-a-commodity-for-the-rich-and-powerful.html

https://www.fastcompany.com/90317495/another-tax-on-the-poor-surrendering-privacy-for-survival

## Papers

https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/2537110/microtargeting-as-information-warfare/
https://www.cpb.nl/sites/default/files/publicaties/download/cpb-discussion-paper-280-targeted-advertising-platform-competition-and-privacy.pdf

## Books

https://www.goodreads.com/book/show/7677574-privacy-in-context?from_search=true&from_srp=true&qid=TofpBL4GQZ&rank=1
https://www.goodreads.com/book/show/50403486-subprime-attention-crisis?from_search=true&from_srp=true&qid=DM1cXHJ0Fk&rank=1
https://www.penguin.co.uk/books/1120394/privacy-is-power/9780552177719.html
https://www.penguinrandomhouse.com/books/691288/your-face-belongs-to-us-by-kashmir-hill/
https://craphound.com/category/destroy/

## Contextual as an Alternative

https://www.publift.com/blog/contextual-advertising-everything-you-need-to-know#What-is-Contextual-Advertising
https://www.exchangewire.com/deep-dive/the-future-of-contextual-targeting/


## Old Private Attribution

#### Safari proposal

https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/
https://www.adexchanger.com/online-advertising/apples-attribution-fix-for-safari-explained/
https://privacycg.github.io/private-click-measurement/

#### Chrome proposal

https://developer.chrome.com/docs/privacy-sandbox/attribution-reporting-migration/
https://github.com/WICG/conversion-measurement-api/blob/main/EVENT.md
https://developer.chrome.com/docs/privacy-sandbox/attribution-reporting-experiment/
https://docs.google.com/document/d/1BXchEk-UMgcr2fpjfXrQ3D8VhTR-COGYS1cwK_nyLfg/edit

#### Mozilla / Facebook proposal

https://docs.google.com/document/d/1KpdSKD8-Rn0bWPTu4UtK54ks0yv2j22pA5SrAD9av4s/edit#heading=h.f4x9f0nqv28x

#### Android Proposal

https://developer.android.com/design-for-safety/ads/attribution