Mozilla faces allegations that a feature in Firefox known as "Privacy-Preserving Attribution" (PPA) facilitates user tracking without explicit consent. European digital rights group NOYB (None Of Your Business) filed a privacy complaint against Mozilla with Austria's data protection authority.
The complaint centers on Mozilla's introduction of PPA, which NOYB claims contravenes the EU's General Data Protection Regulation (GDPR). Despite assurances from Mozilla, NOYB argues that PPA allows Firefox to control tracking rather than individual websites, thereby infringing on user privacy.
PPA was launched in February 2022 and integrated into Firefox version 128, released in July. The feature was enabled by default, raising concerns about user consent.
NOYB criticizes Mozilla's alignment with the advertising industry's narrative, viewing PPA as an additional tracking mechanism rather than a replacement for existing tracking tools.
Mozilla claims PPA aggregates ad performance data without transmitting personal browsing information to third parties, including Mozilla itself. The feature purportedly enhances privacy by preventing individual websites from collecting personal data.
Mozilla has defended its position, emphasizing that PPA aims to provide a non-invasive approach for advertisers to evaluate ad effectiveness without compromising user privacy.
The company acknowledges the need for greater external engagement. It clarifies that while the PPA code is part of Firefox 128, it has not been activated or recorded any end-user data thus far.
Firefox users wishing to disable PPA can navigate to the web browser's Privacy & Security settings and uncheck the option for privacy-preserving ad measurement.
In response to the controversy, Mozilla expressed its commitment to improving online advertising privacy while continuing discussions with NOYB to clarify the feature's purpose and address public concerns.
This incident underscores the ongoing tensions between technological innovation in advertising and regulatory frameworks designed to protect user privacy. As the digital landscape evolves, ensuring transparency and user consent remains paramount for compliance with global privacy standards.
In other news, social media giant X (formerly Twitter) unlawfully used the personal data from over 60 million users in the EU/EEA without notice or asking for their consent to train its AI technologies, as per 9 complaints filed by NOYB.