Austrian privacy non-profit noyb has initiated a complaint against Mozilla, the developer of the Firefox browser, for activating a new feature called Privacy-Preserving Attribution (PPA) without explicitly seeking user consent. The organization claims that, contrary to its reassuring name, PPA enables tracking of user behavior on various websites, effectively shifting the responsibility for tracking from individual sites to the browser itself. This complaint raises significant questions about user privacy and consent in an age where data protection is paramount.
PPA, introduced in Firefox version 128 as an experimental feature, has been compared to similar initiatives from tech giants like Google and Apple. While Mozilla describes PPA as a “non-invasive alternative” to traditional cross-site tracking, critics argue that enabling such tracking by default undermines the principles of informed user consent. Noyb has accused Mozilla of adopting tactics reminiscent of Google’s previous attempts to replace third-party cookies, asserting that this new feature does not provide users with sufficient control over their data.
The mechanism of PPA allows websites to request Firefox to remember ads that users encounter, which can later generate reports based on user actions, such as online purchases. While Mozilla asserts that this process protects user anonymity through encryption and differential privacy techniques, noyb contends that the feature still violates European Union (EU) data protection regulations, particularly the General Data Protection Regulation (GDPR). This complaint underscores the ongoing tension between privacy advocacy groups and major tech companies over data handling practices.
Noyb’s legal team has highlighted that the move to enable PPA without user consent reflects a broader issue in the tech industry, where user rights are often overlooked in favor of advertising strategies. The organization criticizes Mozilla for allegedly treating users as incapable of making informed decisions about their data privacy. As the landscape of digital privacy continues to evolve, this case against Mozilla could set a significant precedent for how user consent is handled in future software updates and features, especially in light of stringent EU regulations.
