That's not the point - the point is that this is a loophole that effectively says, third-parties can do whatever they want with respect to your private information through our website and app and we're not at all responsible. This more or less renders the privacy policy entirely moot. It's like a vegan restaurant coming up with a "vegan guarantee" agreement that is supposed to guarantee that the dining experience is vegan, but excludes "third-party" ingredients from the guarantee. And it more or less says, you're subject to Google's privacy policy, when you visit the New York Times site, which means everything bad about Google's privacy policy is included in the New York Times privacy policy.
From a technical standpoint, what's happening is that New York Times is running arbitrary code that it doesn't know anything about on the browsers of people that visit their site. And they are claiming that they are not responsible for what it does, despite the fact it's delivered through New York Times.
Quite the opposite, they're basically saying "we use Google for ads and know what it does but if google changes what it does we don't have much control - watch our policy for changes"
Does any company in the world that serves ads from Google not do this or state this?
How would you technically host ads on your site without "running arbitrary code"? How would you add an analytics solution without doing that?
And also, focusing on this defeats the actual purpose of this article. I assume it means you agree with it's message and are just nitpicking? (Or don't and are deflecting.)
New York Times is saying much more than that - they are saying that they are using an unspecified number of third parties each of which is operating independently while having potentially full access to customer data. And throwing their hands up in the air and saying that they have no control over any of this. Google isn't their only vendor and at least Google is likely to be operating within some bounds - you don't know what their other vendors are nor what they are doing. This renders the entire privacy policy moot from the consumer's perspective.
And no this is not something they have to do. The idea that they cannot control what their vendors do is completely absurd - they have contracts with these vendors so they can state exactly what vendors are allowed to do under these contracts in the privacy policy. The only excuse here is that they are either too embarrassed to put what's in these contracts and/or they have no idea what's in those contracts. What NYT is doing is more or less equivalent to selling their users' data, which Google does not do.
And no this is NOT nit-picking and it directly counters the entire point of the article - Google's privacy policy is long because it actually covers what is being done with the data, as opposed to the New York Times policy, which states that they outsourced data collection/monetization third parties so anything goes and it's not their fault.
From a technical standpoint, what's happening is that New York Times is running arbitrary code that it doesn't know anything about on the browsers of people that visit their site. And they are claiming that they are not responsible for what it does, despite the fact it's delivered through New York Times.