Did you look at the FAQ page they created afterwards?
'do not sell user data' is too broad legally. It's a challenge in some jurisdictions. So they removed that. But it's not because they sell the data. They do have partnerships (like they did Pocket for example). In this case, they have anonymous stats that they share with others and that, in some jurisdictions, could fall under 'selling user data'
> In this case, they have anonymous stats that they share with others and that, in some jurisdictions, could fall under 'selling user data'
Correction, they said personal data, which if you go by the EU's definition means "any information that relates to an identified or identifiable living individual".
Which wouldn't be "anonymous stats", and can you give an example of a jurisdiction where sharing "anonymous stats" would go under selling personal data?
And is "doesn't sell your data to advertisers" also too broad? Because they removed that part too.
There are many cases where "anonymous" data can be de-anonymized, mostly if the stats contain outliers or multiple small groups that can be combined to uniquely identify an individual. "Any information that relates to an identified or identifiable living individual" (emphasis mine) implies that if there exists a way to de-anonymize any individual in the dataset then the dataset is PII.
> It seems like every company on the web is buying and selling my data. You’re probably no different.
> Mozilla doesn’t sell data about you (in the way that most people think about “selling data“), and we don’t buy data about you. Since we strive for transparency, and the LEGAL definition of “sale of data“ is extremely broad in some places, we’ve had to step back from making the definitive statements you know and love. We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).
Specifically,
> Since we strive for transparency, and the LEGAL definition of “sale of data“ is extremely broad in some places, we’ve had to step back from making the definitive statements you know and love.
If you consider GDPR, even the suggestions on the new tab could send data to third parties and wouldn't be okay with this.
Any request done to a third party server, would send them your IP which is PII under GDPR.
> Why go by EU's definition when it's used globally? If it was a single location, or a single law like GDPR, that'd be easy to reword.
I tried to look up Mozilla's definition for "personal data" first but could only find "personal information":
> For us, "personal information" means information which either directly identifies you (like your name, email address, or billing information) or can be reasonably linked or combined to identify you (like an account identification number or IP address).
And again, what's a jurisdiction where sharing anonymous stats would conflict with "we don't sell your personal data"?
They mentioned CCPA as an example but they define a sale as the "selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration"
But they define "personal information" as "personal information includes any data that identifies, relates to, or could reasonably be linked to you or your household, directly or indirectly" so "anonymous stats" wouldn't conflict with that, would it?
Did you look at the FAQ page they created afterwards?
'do not sell user data' is too broad legally. It's a challenge in some jurisdictions. So they removed that. But it's not because they sell the data. They do have partnerships (like they did Pocket for example). In this case, they have anonymous stats that they share with others and that, in some jurisdictions, could fall under 'selling user data'
> In this case, they have anonymous stats that they share with others and that, in some jurisdictions, could fall under 'selling user data'
Correction, they said personal data, which if you go by the EU's definition means "any information that relates to an identified or identifiable living individual".
Which wouldn't be "anonymous stats", and can you give an example of a jurisdiction where sharing "anonymous stats" would go under selling personal data?
And is "doesn't sell your data to advertisers" also too broad? Because they removed that part too.
There are many cases where "anonymous" data can be de-anonymized, mostly if the stats contain outliers or multiple small groups that can be combined to uniquely identify an individual. "Any information that relates to an identified or identifiable living individual" (emphasis mine) implies that if there exists a way to de-anonymize any individual in the dataset then the dataset is PII.
> which if you go by the EU's definition
Why go by EU's definition when it's used globally? If it was a single location, or a single law like GDPR, that'd be easy to reword.
From the page they launched, https://www.mozilla.org/en-US/privacy/faq/
> It seems like every company on the web is buying and selling my data. You’re probably no different.
> Mozilla doesn’t sell data about you (in the way that most people think about “selling data“), and we don’t buy data about you. Since we strive for transparency, and the LEGAL definition of “sale of data“ is extremely broad in some places, we’ve had to step back from making the definitive statements you know and love. We still put a lot of work into making sure that the data that we share with our partners (which we need to do to make Firefox commercially viable) is stripped of any identifying information, or shared only in the aggregate, or is put through our privacy preserving technologies (like OHTTP).
Specifically,
> Since we strive for transparency, and the LEGAL definition of “sale of data“ is extremely broad in some places, we’ve had to step back from making the definitive statements you know and love.
If you consider GDPR, even the suggestions on the new tab could send data to third parties and wouldn't be okay with this.
Any request done to a third party server, would send them your IP which is PII under GDPR.
> Why go by EU's definition when it's used globally? If it was a single location, or a single law like GDPR, that'd be easy to reword.
I tried to look up Mozilla's definition for "personal data" first but could only find "personal information":
> For us, "personal information" means information which either directly identifies you (like your name, email address, or billing information) or can be reasonably linked or combined to identify you (like an account identification number or IP address).
And again, what's a jurisdiction where sharing anonymous stats would conflict with "we don't sell your personal data"?
They mentioned CCPA as an example but they define a sale as the "selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by [a] business to another business or a third party” in exchange for “monetary” or “other valuable consideration"
But they define "personal information" as "personal information includes any data that identifies, relates to, or could reasonably be linked to you or your household, directly or indirectly" so "anonymous stats" wouldn't conflict with that, would it?
If I’m not mistaken they own an advertisement company which they use the data for.