While Facebook continues its apology tour — including making a full-page statement in print — news organizations might not want to get too comfortable, thanks to online tracking-based advertising. Doc Searls shared some thoughts on what he sees as the hypocrisy of news organizations covering Facebook’s data privacy debacle as their own sites harvest data on visitors:

These pubs…bring people’s bare digital necks bared to vampires ravenous for the blood of personal data, all for the purpose of “interest-based” advertising. With no control by readers (beyond tracking protection which relatively few know how to use, and for which there is no one approach or experience), and damn little care or control by the publishers who bare those readers’ necks, who knows what the hell actually happens to the data? No one entity, that’s for sure. For one among many views of what’s going on, here’s a compressed screenshot of what Privacy Badger showed going on in my browser behind Zeynep’s op-ed in the Times: What will happen when the Times, the New Yorker and other pubs own up to the simple fact that they are just as guilty as Facebook of leaking its readers’ data to other parties, for — in many if not most cases — God knows what purposes besides “interest-based” advertising? And what happens when the EU comes down on them too? It’s game-on after 25 May, when the EU can start fining violators of the General Data Protection Regulation (GDPR). Key fact: the GDPR protects the data blood of EU citizens wherever they risk having it sucked in the digital world.

The EU’s GDPR regulation stands to be one of the most potent regulations for user privacy, with impacts worldwide. (Wired’s Nitasha Tiku has a thorough writeup of its implications and potential.) Searls acknowledges that the Times and Facebook are putting user data to different uses. But he presses:

The sins are different; but they are still sins, just as apples and oranges are still both fruit. Exposing readers to data vampires is simply wrong on its face, and we need to fix it. That it’s normative in the extreme is no excuse. Nor is the fact that it makes money. There are morally uncompromised ways to make money with advertising, and those are still available.

But just as Facebook was warned about the potential for actors like Cambridge Analytica for years, third-party tracking on news organizations’ sites has been discussed before too. As publishers try to strengthen trust with the public, will it stick this time?

Melody Kramer did a Q&A with the Electronic Frontier Foundation’s Jacob Hoffman-Andrews about this topic last year for Poynter. She pointed to a few studies that had already evaluated third-party tracking on news sites, concluding that those external parties could continue to build detailed profiles on site visitors.

So where do news organizations go from here? Do we dare acknowledge it to users amid the Facebook fallout? The discussion continued on Hacker News and Twitter:

“The [web]sites of the world can agree to our terms, rather than the other way around.” https://t.co/IPT7YTmuKi Wouldn’t that be amazing? — Jay Rosen (@jayrosen_nyu) March 24, 2018

Ok, so can we dig a bit deeper than this outburst of public outrage on the #CambridgeAnalytica thing maybe?https://t.co/q6HsNy2ii2 pic.twitter.com/GrY9IwqcN1 — Gabriela Jacomella (@gab_jacomella) March 26, 2018

Here’s the new principle for marketing on the internet. 1. Instead of guessing, let me tell you what I want. 2. In return you don’t spy on me. Zillow works this way. So could everything. The net result would be more dollars spent. I’m absolutely sure of it. cc @dsearls — scripting.com (@davewiner) March 24, 2018