W3C Do Not Track Draft Standard and the Cookie Law

Do Not Track (DNT) is a browser based mechanism designed to enable a web user to communicate their privacy wishes to a website, with the idea that the website will then be able to respond in a way that respects that wish.

Firefox was the first major browser to create a DNT function, but their competitors have responded with their own similar, yet different, versions.

Now the World Wide Web Consortium (W3C), the main standards setting body for web technologies is working on producing a standard that aims to define what DNT means, how it is communicated, and what the website response should be to the request in order to qualify as respecting it.

Their draft specifications can be found here: Tracking Preference Expression and Tracking Compliance and Scope

A quick look through these will demonstrate just how many issues and questions need to be resolved before these documents can be finalised.

The intention behind DNT is to give consumers a mechanism to stop advertising networks tracking them across websites – tracking which enables the networks to deliver behavioural advertising to users.

Providing users with this kind of functionality is definitely to be applauded, but it is important to note that it is a long way from being a solution to enable websites to comply with the cookie law.

Firstly, switching on DNT does not stop a website from placing cookies in a browser – unless the website recognises the DNT request and blocks the cookies in accordance with that request.

Secondly, DNT is an ‘opt-out’ function, not a consent based approach.  Just because people don’t use DNT to say ‘no’ to cookies, it cannot be assumed that are saying ‘yes’. Firefox have made it clear in their privacy blog that the default position when the browser is installed is to have DNT switched off. 

The fact that a visitors’ browser has DNT switched off cannot be assumed by a website to have been a conscious choice to allow cookies.  It is just as likely to be an indication that they don’t know how to change their settings.

It may be that one day the communication mechanisms between a website and browser will be sophisticated enough for people to be able to use them to indicate their consent or otherwise for the use of their data.  DNT is a first step in that direction.  However, for the time being it does not look like it will be much more than that, and it will certainly not enable website owners to do nothing to become compliant with the cookie law.