CookieLaw Blog September 12, 2012

IE10 Do Not Track Battle in Full Swing

A few weeks ago, I mentioned that Microsoft will be releasing Internet Explorer 10 with Do Not Track (DNT) switched on in the express installation option.  I noted at the time that this one action would suddenly make DNT much more important.

It seems I wasn’t wrong because more and more big digital industry businesses have been lining up to tell Microsoft why their decision is a big mistake ever since they made the announcement.

The latest news is that Apache, the software that powers the servers that most websites sit on, will now ignore the DNT signal coming from IE10 browsers – rendering it useless.

The justification for this, according to the author of the new code that does this, is that Microsoft is violating the DNT standard with its actions.  That person, Roy Fielding ought to know. He is one of the authors of the standard, and a senior engineer at Adobe Systems.

According to Roy, the standard requires that a DNT preference is set by a user, not by the software developer as a default setting.  So because in his opinion Microsoft has violated the standard, Apache can ignore any DNT setting in IE10.

There are two things wrong with this argument.

Firstly, it is not necessarily a default setting.  When installing IE10 there are two options ‘Express Settings’ and ‘Customise’ – which the user clicks on as a positive action.

It is made clear to the user that by choosing the express route DNT will be switched on, as the image on this page shows.

DNT in IE10 is therefore a first run option – the user is free not to choose it, as part of the installation process.

If, as Fielding’s argument suggests, this action of choosing an express install by the click of a button should not be considered to be an active indication of user choice, then almost all other similar actions, like agreeing to terms and conditions on a website, would also be invalid by the same argument. Which clearly would be chaotic for the whole software industry, and therefore becomes a preposterous argument to make.

Secondly, even if it could be seen as a default, by subsequently ignoring the setting, Apache is itelf violating the standard, because it is taking the expression of a preference outside the users’ control.  How does Apache know that the DNT flag in IE10 is not the result of a positive decision by the user?

In other words, two wrongs don’t make a right.

So what is going on here?

There is no legal requirement to honour a DNT request, however there are self-regulatory agreements, particularly amongst the online advertising community to do so.  Whilst very few people do have DNT switched on, it doesn’t cost them much to do this, and it allows them to look like they are happy to respect user privacy requests – in other words, its cheap PR.

However, Microsoft’s decision looks set to tip the balance – by creating a much larger population of browsers where DNT is switched on – to the point that advertising online could become much less lucrative.

A lot of industry players would then want to find a way to protect their revenues, but the only easy way they could do it in that scenario is renege on the deal they made with self-regulation.  This would of course result in a massive erosion of trust, and rightly so.

The alternative tactic, which looks like the most used so far is to try and blame it all on Microsoft, and put pressure on them to reverse their decision – which is what Apache appears to be tryin got do.  They are, after all, the big technology company that lots of consumers (and government regulators) love to hate.

Except that this time Microsoft will appear to most people to be supporting privacy over profit, so this is going to be a very difficult argument for Microsoft’s opponents to win in the eyes of the public.

Recent Posts


January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter

Onetrust All Rights Reserved