Privacy analysis of FLoC (Mozilla blog)

Personally, I think that a better starting point is to take some points from the EU's GDPR, and add in extras to make advertising companies squirm.

From the GDPR, I'd take:

1. The right to prevent you using data you hold about me for advertising or marketing purposes. I tell you to stop it, you've got to stop using that data completely - including in advertising and marketing aggregates. This covers both past data, and future data - once you're told to stop, you stop, and you ensure that you stay stopped. Note that if you share data having been told to stop, you are fully responsible for ensuring that anyone you share it with does not use it for marketing or advertising purposes, too - so you can't keep selling it blindly.
2. The right to a full copy of your data from a data holder, for free, including both the source data and any data they derive from that. You hold any data you can link to me, you've got to share it with me in a format I can read.
3. The right to correct any data held about me that's inaccurate.
4. Purpose limitation - if you collect data from me for reasons other than advertising or marketing, you need my permission to also use it for marketing/advertising, and you can't make anything conditional on me granting that permission. So, if I give you my phone number for a callback, you can't let the marketing system have access to that.
5. Penalties for breaching these rules set as a minimum financial amount, and a %age of global annual turnover, whichever is higher.

I would then add the following:

1. The right to free updates indefinitely after getting a copy of your data from a data holder; if you ask, they are required to send you updates every time they change the data they store about you, in the same format they used to deliver the full copy. So, if they e-mail you the data, they have to e-mail you every change. They put it on a password-protected website, they need to update that website with every change, and provide a mechanism for you to get just the changes from the last update. They post it to you, they need to post every update to you as it's changed.
2. The obligation to present all data, including personal identifiers, used in the process of showing you an ad, as a link from the ad - if they use Machine Learning to choose ads directly, that's all the input to the ML model. If it's a multi-step process, then they need to give you the original data that went in, plus the output of each step in choosing you an ad.
3. The right to know where data on you was sourced from - did it come from their own trackers on a website? Bought in? Analytics in a server log shared by the site owner? Bluetooth tracking? WiFi tracking? This comes with any place where you can view the data - whether an update or a dump.
4. Joint and several liability for a breach of the rules above; if you're in a data-based advertising business, you are liable not only for your own failures to follow the rules, but also for a failure to follow the rules by either your customers or suppliers. Further, this liability is fully transitive - if you sell my data to someone who sells it to someone who sells it to a rule-breaker, you are as liable for the breach of rules as-if you did it yourself. There is no defence of "someone else did it" for this - and the penalty you owe is assessed against your turnover, not theirs, so if you're a big firm with very little online business (e.g. a credit card firm), but you sell data to a broker who misuses it, you can face huge penalties.
5. Penalties to be both civil and criminal fines; in the criminal case, the fine is split 50/50 between the prosecuting authority and all the affected people (preventing future civil cases), while in the civil case, it's given to the plaintiff. If civil cases start before the criminal case, then the two cases are entirely separate except in that a successful criminal prosecution results in the plaintiff winning their civil case; if a civil case starts after the criminal prosecution, it's held until the criminal prosecution finishes, and only continues if the criminal case is lost.

The combination means that someone who's privacy conscious can put quite a lot of load on an advertising data collector by themselves - they're stopping you using their data, but they're demanding full details of what you learn about them. You're forced into radical transparency: I know not just what you collected about me, but also where you collected it from, and it's up to everyone in the chain to maintain provenance. Further, because of the joint and several liability rule, you're in bother if anyone in the handling chain didn't bother with provenance.

Finally, it's near-terminal to the data marketplaces, because of the liability rule; sharing data with another company means that you are now liable for their process failures around data, not just your own, and you can't shield yourself by creating a small disposable company to do the sharing. Thus, if I buy your data from Google, then breach the rules, you can get Google to pay you a %age of their annual turnover. That's a big payday for you, even if I'm small fry and couldn't even pay the minimum fine.