NOYB, a European privacy group has filed a complaint with Austrian authorities, alleging that Mozilla breached GDPR by enabling “Privacy Preserving Attribution” (PPA), a tracking feature in Firefox, by default without user consent.
The European Center for Digital Rights (NOYB) based in Vienna, Austria has lodged a formal complaint against Mozilla, accusing the company of turning its Firefox browser into a “tracking tool” through the introduction of a privacy feature known as Privacy Preserving Attribution (PPA).
In July 2024, Mozilla included the PPA feature in its Firefox update version 128.0. According to Mozilla, PPA is intended to help advertisers understand ad effectiveness without allowing individual websites to collect personal user data. Instead, Firefox itself aggregates ad interaction data on behalf of users before passing this information to advertisers. Mozilla presents this as a balanced solution that maintains user privacy while meeting advertising needs.
However, NOYB sees it differently. The advocacy group claims that PPA effectively turns Firefox into a tool that enables tracking, simply moving the data collection from websites to the browser itself.
According to NOYB’s report, the PPA feature violates users’ rights under the European Union’s General Data Protection Regulation (GDPR), as it involves data processing without obtaining explicit user consent.
Concerns Over Default Activation and Lack of Transparency
NOYB’s main criticism is directed at Mozilla’s implementation of PPA. The feature was enabled by default without notifying users or seeking their consent, making it an opt-out rather than an opt-in system.
NOYB compares this approach to Google’s controversial Privacy Sandbox, which also faced criticism for centralizing user tracking within the browser. Felix Mikolasch, a data protection lawyer at NOYB, remarked, “Mozilla has just bought into the narrative that the advertising industry has a right to track users by turning Firefox into an ad measurement tool.”
According to the organization, the alleged lack of transparency has further alarmed privacy advocates, as users were neither informed about the feature nor given the opportunity to decide whether they wanted to participate. Mikolasch added, “It’s a shame that an organization like Mozilla believes that users are too dumb to say yes or no. Users should be able to make a choice, and the feature should have been turned off by default.”
Mozilla has long been recognized as a privacy-focused company, particularly as other popular browsers have been criticized for invasive data collection practices. This recent move, however, has called that reputation into question. PPA, while potentially less invasive compared to third-party cookies, nonetheless involves tracking that most users are unaware of, which has led NOYB to demand regulatory scrutiny.
How to Disable Privacy Preserving Attribution in Firefox Browser?
For users wanting to disable Privacy Preserving Attribution, Mozilla has provided an opt-out process that requires navigating Firefox settings:
- Click the menu button and select Settings.
- Navigate to the Privacy & Security section.
- Under Website Advertising Preferences, uncheck the box labeled “Allow websites to perform privacy-preserving ad measurement”.
Nevertheless, NOYB has filed a complaint with the Austrian Data Protection Authority (Available here (PDF) in English), asking them to investigate Mozilla’s behaviour. The advocacy group demands that Mozilla switch the feature to an opt-in system and properly inform users about the data collection. Moreover, NOYB insists that Mozilla should delete any data processed without proper user consent.