Archived: How The New York Times Thinks About Your Privacy - NYT Open

This is a simplified archive of the page at

Use this page embed on your own site:

The New York Times has made substantial changes to how we handle reader data, with an eye towards increased reader privacy. This includes better privacy practices around marketing, advertising and a more readable privacy policy.


Online privacy is complex, but it doesn’t have to be.

Illustration by Simoul Alva

If, dear reader, we met and you invited me to your home, we might end up chatting about your day over a glass of Côtes du Rhône. As you recounted your latest adventures, I would learn about you, but in no way would that be a violation of your privacy.

However, if you happened to catch me listening in through the window as you depicted the same events to someone else, I would be a creep breaching your privacy and would deserve my comeuppance at the hands of your just fury.

Eavesdropping is not the only privacy misdeed, however. I could listen to you in confidence and blab to your colleagues. I could discreetly record our conversation, keeping evidence for unspecified future purposes. I could broadcast the more humiliating of your misfortunes in a blog post.

There are numerous ways one might betray another’s privacy, but they are evident in most everyday situations. It’s unlikely that the examples above made you feel compelled to locate your nearest ethicist and pepper them with questions. The line between acceptable in-person interactions and violations of privacy is clear.

Why, then, is digital privacy such a contentious topic? Why is The Times making substantial changes to how we handle personal data? But first — what even is privacy?

What even is privacy?

The privacy implications of a chat over wine are straightforward. But step into the digital realm and privacy looks like the hangover from a kindergartener play date. The ground is strewn with cookies and their entourage of layperson metaphors, from privacy policies, to data brokers and an endless stream of consent dialogs. And, in the end, the learned helplessness of knowing you have lost all control over who knows what about you.

Privacy should not be confused with the clutter surrounding it, no more than it should be confused with secrecy, having a private room or the right to be left alone.

Privacy is “a right to appropriate flows of information,” according to Helen Nissenbaum, a professor of Information Science at Cornell Tech. Any given context in which personal information flows from a sender to a recipient has ethical norms that govern whether or not that flow is appropriate. Respect for these norms is what we collectively call “privacy.” These norms are contextual because what can appropriately be observed or shared about someone is different if it happens at home or at work; at a doctor’s office or at a party; in public or one-on-one.

Privacy contexts can be described with their actors (subject, sender, recipient), attributes (what is being shared) and transmission principles (constraints on the flow of information).

Returning to our chat over a glass of wine, if I were to blab to your co-workers the following day, the actors and attributes would remain the same, but I would be betraying the trust of an open-hearted discussion with a friend. This betrayal is a violation of privacy.

Why is The Times interested in privacy?

Equating a violation of privacy to a betrayal is not arbitrary: privacy is about trust. And at The Times, the trust of our readers is essential. As our publisher, A. G. Sulzberger, wrote last year, we have been concerned about our contribution to the current muddle of online privacy.

As a group, news organizations have garnered a dismal reputation in terms of privacy. In an investigation of third-party tracking on German news sites, The Global Editors Network concluded, “we used to read the newspaper, now the news reads us.” Nieman Journalism Lab reported on a study showing that “European news sites are among the worst offenders when it comes to third-party cookies and content.” That’s Europe, where the relatively comprehensive General Data Protection Regulation (G.D.P.R.) privacy regulation should be keeping the worst privacy infractions at bay.

Looking at the United States, researchers Tim Libert and Reuben Binns reported that news websites rely heavily on third-party trackers. This has “fostered an environment of pervasive surveillance,” and the “widespread adoption of opaque and poorly disclosed tracking practices.” Their research found that news sites rely on third-party tracking more than non-news sites.

Why is the state of online privacy in news media so grim? Most publishers rely on one of two business models: subscriptions and advertising. Some publishers, like The Times, rely on both.

Subscription models depend on finding new subscribers through marketing tactics, many of which depend on third-party data collection.

Advertising models track as much of each user’s digital presence as possible to enrich the personal profiles maintained by third-party companies. Then, for a majority of ads that a user sees, that personal data is broadcasted to advertising intermediaries so that companies can bid on showing ads targeted to that user.

What The Times is doing about it

This digital ecosystem has a long way to go before it respects users’ privacy. Until then, The Times has been fostering better privacy standards for the parts we can control.

We have completely rewritten our Privacy Policy with legibility in mind (now rated at a 7-year-old readability level), and we added a Frequently Asked Questions section. Over the past two years, we have made our internal data practices significantly more mindful of our readers’ privacy.

Improved privacy in marketing
Our marketing goal is to attract new subscribers, which we accomplish through a variety of tactics. Not all of these tactics require us to share data about our readers with other companies, but some do. And those tracking companies typically have independent control over the data they collect, which they can then repackage for other purposes. These are data controllers.

As of April 2019, we removed all third-party data controllers from our homepage, section fronts and articles. We limited them to marketing-related parts of the site, such as subscription offer pages. This reduced the amount of data we shared with third-party data controllers by over 90 percent. We are working on ways to improve this number, but for the time being our marketing goals still rely on these tactics.

Additionally, we have been developing means to advertise to potential subscribers without sharing data. One example is TAFI, a tool used to advertise our content on social media. We are also following the development of privacy-preserving technologies that support marketing purposes.

Towards better privacy in advertising
Advertising is a set of practices used to support other companies that promote products or services on a platform. There are many ways in which advertising can be carried out: some as simple as handing out flyers in the neighborhood and some more complex. To say that digital advertising sits at the more complex end of this spectrum severely undersells just how intricate and opaque it is, particularly in how it distributes and exploits personal data.

Virtually all online advertising operates through third-party software that is included in sites or apps. What happens through this software in advertising can be entirely legitimate — fraud prevention is one example. But the technology used for defensible purposes is the same as that used for pervasive surveillance, which makes separating user-friendly options from user-hostile ones challenging.

This has not stopped The Times from making progress.

Across our digital properties in Europe, as well as in our mobile apps worldwide, we have removed open-market programmatic advertising, which broadcasts personal data to dozens of third parties in a way that publishers have very little control over.

We are decreasing our reliance on third parties by developing our own capabilities to serve ads that are not based on tracking readers across their entire connected lives. To make ads effective without knowing anything about who they are being presented to, we have built improved contextual targeting capabilities.

Our research at The Times shows that readers are broadly comfortable with us, the first party, seeing some data about them. But they are overwhelmingly unhappy with data being shared with third parties that can use the data for entirely different purposes. With this in mind, we are phasing out third-party data in ad targeting.

Our hope is to push this even further. In pursuit of that goal, we have been reaching out to others in the industry to help design a better advertising ecosystem. Eventually, we want to provide accountability for every data processing step involved in serving ads to readers.

Building a Better Model

In response to surveillance, people have been seen to silence their minority opinions and to restrict what they search for online. At The Times, we believe in a world of fearless and unfettered curiosity. We wish to develop positive norms of data privacy so that our digital society can not just exist, but flourish.

Privacy is contextual, but it can be difficult to know what is appropriate in digital contexts. While it is easy to notice that the doctor’s does not have the same vibe as your regular dive bar, our digital experience involves staring at shiny slabs of plastic that all look the same. You can catch someone spying through your window, but most people cannot see the code surveilling them.

In the same way that we don’t need to think hard about privacy in everyday life, The Times is helping build norms for the internet to make it a context that users can trust.

Such work was started fifty years ago (PDF) when the United States formed a committee that established the initial Fair Information Practices to address “concern about the effects of computerized personal data systems.”

The committee’s principles, often summarized more than is reasonable as transparency and control, are still in use today. The focus on transparency and control, however, yields insufficient guidance for today’s data economy. The volume of personal data processed in the 1970s was relatively low. It was reasonable to expect users to review a handful of privacy policies and to convey their preferences by controlling the finer details of what data was collected about them. Given the ubiquity of today’s data collection, that is no longer a defensible position.

Returning to the example of my earlier eavesdropping: transparency is the claim that you can always check who is spying through your window, and control is the contention that you can close the curtains in every room you visit. That works if you have two conversations a year, but quickly falls apart if you socialize more regularly. It is unfair for a company to benefit from personal data while making its users do the labor to ensure that their data is processed appropriately.

At The Times, we feel it is essential to modernize the guiding principles for privacy and we are participating in discussions to do so. Data processing has changed radically since the 1970s, but so has our understanding of privacy and our awareness of its importance to human well-being.

We see privacy not as a constraint on our work but as an opportunity to bring about the next digital transformation. We are adamant that respecting our readers’ privacy is our responsibility and that the work to evolve in that direction is ours to shoulder.

We will continue to build atop the changes we have already made, and are committed to working with you and with other organizations to define privacy for the digital era.

Robin Berjon leads Data Governance at The New York Times. When not chatting with friends over a glass of wine, he spends his time tinkering with web technology and reading about philosophy, science and politics. If you liked this article, follow him on Twitter.