Information & Ethics Committee on April 26th, 2018

Again, we do not collect that browsing history. It remains on your computer. That means it's protected from Mozilla, essentially. We could always change the browser, but we've made a commitment that we are not going to do that.

I mentioned that the cross-site tracking that occurs across the industry does provide many different parties with access to people's browsing activity. Those third parties can't access your expansive web browsing history in the Firefox browser. If you are on a particular page and then you navigate to another page, and if those cross-site tracking technologies exist on both pages, third parties can collect information about the fact that you visited both of those pages. Over time, that allows those parties to build a fairly expansive data set of people's browsing activity.

I would think about it a little differently. What are the incentives we have to do the right thing? Those incentives aren't just limited to business issues. Mozilla Corporation is a public benefit company. We do not have a set of stockholders for whom we need to maximize revenue. That's a critical component of why, in the end, we make the decisions that we make.

We also have a user base that really cares about its privacy, and a set of developers who work with us who also care a lot about its privacy. That factor really influences our decisions.

In the end, one of the biggest challenges we face as an industry is that, thus far, not enough of the user base really makes decisions based on its privacy. That is a little less true of us, because we have a user base that I think has demonstrated, through using Firefox, that this is something it cares about. In the rest of the industry, that hasn't proven to be the case thus far, and we might be at a tipping point where it might be changing. I think we'd all like that to change.

However, regarding the incentives for a company such as Facebook, until Facebook users really demand something better, it's going to be hard for Facebook to deliver something better in terms of privacy. Our users do demand something better. They expect something better, and that allows us to deliver that.

That's a useful way to think about it. What are the incentives that a company faces to get to a better place? Again, we have a user base that really cares about these issues. We have a model. We are a public benefit company. Those factors really anchor our decisions.

Your question is, what are the incentives that other companies are going to face? Again, there are two incentives that you can create that might not have existed thus far. One, if users demand it, that's going to change the incentives a lot. Two, if there is a regulatory regime, coupled with enforcement that actually has teeth, that's going to be something that companies will really pay attention to.

There is a lot of unease about the GDPR. The bottom line is that companies are very concerned about the levy of a 4% fine, which is baked into the GDPR. Some of that concern is probably healthy and is going to force companies to get to a better place. The challenge with respect to GDPR that I think a lot of companies are facing is just a lack of clarity right now and unease in terms of what companies should really be doing to comply so that they're not going to be subject to those fines. The actual motivating premise of that fine is healthy, and it's useful for the industry to have that.

Again, there are a number of factors that ground our approach. Your question is, how easy is it to change those?

Some are simply a matter of policy; others are a matter of law. The corporate culture piece is remarkably difficult to change. It's not easy. Mozilla has two decades now of commitment to that culture. Even if we wanted to, it would not be a marginal effort to change the company's thinking on this. That's good. That's the way we like it, and we have a user base that really cares. That's actually the most critical incentive we face, the fact that this is a commitment that our users know we've made and they hold us accountable to that.

Do you mean the default settings in the Firefox browser?

More generally, we were looking at the default settings. The reason we paused our advertising was that we looked at the default settings provided to third party developers. We said that these were simply not accurate and the default seemed to provide data to those developers. That was a judgment we made about the Facebook platform. We were not in a position to collect that data, ever. It was not a question of whether we should access that data or not; it was just a question of whether the approach that Facebook was taking for its users was the right one.

Thank you.