Do Not Track, the Cookie Law and IE10
I have recently written about including support for Do Not Track (DNT for short) in the Optanon privacy compliance service, but as it is likely to become an ever more important issue in the general online privacy debate, I thought it would be worth looking at what DNT is and what its widespread consumer adoption might mean for the industry in more detail.
DNT is a browser setting, controlled by the user, which sends a coded message to all the website pages visited, indicating a tracking preference. The message is sent as an HTTP header whenever the browser requests a page and there are three possible values or messages it can convey:
- I don’t want to be tracked
- I am happy to be tracked
- I have not expressed a preference
DNT is supported by all major browsers except Google Chrome – although this is expected to change sometime in 2012.
However, what is really important to realise is that very few websites currently recognise DNT or respond to it by preventing tracking. However, this is something that is likely to change quite rapidly, for three very good reasons.
The first is that although there is currently no agreement about what the request means, there will soon be. A standard is currently being finalised, headed by the World Wide Web Consortium (W3C) which is responsible for all internationally agreed web standards.
Online advertisers would like the scope of the definition to be as narrow as possible, whilst privacy advocates want to make it much broader. Of course until it is agreed – users can’t be given a clear indication of what it means either, and they will also have their own views.
To an advertiser DNT might mean: Do not collect behavioural profiling information to target me with adverts.
A regular user might want to use it to say: Don’t track my movement between sites (for whatever purpose).
Or to someone who is very privacy conscious it might mean: Don’t track me even within a single site (which is what web analytics does).
Each of these interpretations has very different consequences – for site owners, for advertisers, and the web at large.
What looks likely to happen though, is that the first interpretation is going to be at least the de facto standard in the short term. Many large players like Google, Microsoft, and Yahoo are all beginning to support this definition, and stop behavioural profiling when an appropriate DNT header is present.
The second reason, which follows on from the first, is that there are currently no legal requirements for anybody to respond to DNT. However, once the standard has been agreed, then legal change is likely to follow relatively swiftly. Both US and EU regulators have signalled their preferences for laws around respecting DNT requests once the standard has been signed off.
Where does that leave the cookie law?
Well the EU Privacy Directive was finalised in 2009 (even if it didn’t come into effect until 2011/12). This was before the birth of DNT, which happened a year later. You could speculate that it was the imminent arrival of the Cookie Directive that gave DNT its reason to be and gave advertisers the incentive to embrace a solution that they saw as better for their interests than the EU Directive. The fact that DNT effectively arrived in the market place before the cookie law, only goes to show that technology change moves quicker than the law. The cookie law is unlikely to go away, but the arrival of DNT may impact its ongoing development.
The third reason that DNT has not been important until now is that most people don’t use the feature. Some argue that this is because people are happy to be tracked. They understand that tracking is the price they pay for lots of free content and services. Closer to the truth is that all browsers currently have it switched off by default, and most people do not change their browser settings after installation.
However, with the announcement from Microsoft that Internet Explorer 10 will ship with DNT switched on by default when they roll out Window 8 this autumn, the issue is set to become very important. And will probably do so much more quickly than by the efforts of standards bodies and legislators alone.
If many more people are suddenly using DNT to signal a preference, there is likely to be a consequent increase in expectations that the request will be honoured. Especially if Microsoft makes a point of the feature in its promotional campaigns, which seems quite likely given it is a major differentiator.
There will then become a potential competitive advantage, not just in telling visitors that you are respecting their DNT request but also in giving them reasons or incentives to allow tracking while on your site. Not only will that be a signal of visitor trust, but it will become an opportunity to collect more valuable information about visitors than your competitors – as long as it is done openly and without endangering their trust.
Which is why DNT could be about to become very important indeed in the online privacy debate, maybe even more important than the cookie law itself.
January 13, 2017
Future of EU Cookie Compliance Webinar: ...
GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...View Article →
December 14, 2016
Draft EU ePrivacy Regulation Leaked...
A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...View Article →
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...
Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...View Article →