The End of Do Not Track
Jonathan Mayer has resigned as chair of the group responsible for agreeing the Do Not Track standard. His resignation letter makes it clear that after 18 months with almost no progress, agreement on the standard is unlikely to be reached by the opposing sides of the arguments.
It now seems increasingly likely that the attempt to create a Do Not Track standard that the whole of the web community can agree on will fail. It seemed like such a good idea, and conceptually it has the advantage of being very simple, yet advertisers and privacy advocates remain as far apart now as they did in January 2012 when it all began
It’s not entirely surprising. There are opposing views and entrenched interests that ultimately make for almost no common ground upon which to build an agreement. The arguments that in normal circumstances would be played out behind closed doors spilled out into the public in the last few weeks – and this was always a bad sign.
So where do we look next for a solution?
Some large web organisations, such as Twitter, and recently Pinterest, have already made a commitment to honour a Do Not Track request, but without a standard they are simply making their own rules as to how they respond and the type of tracking activity they stop doing.
This is one route, and it most likely comes from user pressure. In some markets it is estimated that around 20% of web users are using the DNT functionality that is already in their browsers, to tell websites their preferences, even when those preferences are going largely ignored.
It is going to get increasingly hard for brands not to respond to a request like that at all, however nebulous or quietly voiced it might be. So what those pioneering brands are doing is stepping in to fill a vacuum, and they should be applauded, but ultimately this model too is flawed.
What really counts, as even the digital advertisers most opposed to a strong DNT standard agree, is individual user choice. One of the cornerstones of the position of organisations like the Digital Advertising Alliance is that the DNT request must be a user originated choice.
The logical extension of that argument is that users should also be able to definewhat Do Not Track means to them. They should have the ability to communicate that meaning to all the sites they visit, and those sites should then respect that.
This approach is a truly democratic alternative to a single, universal definition. It also has the benefit of being able to be implemented at the browser level – which will minimise the work involved from individual websites or service providers.
It is not without its difficulties. First off, the DNT control will have to move from being a simple tick box, to a series of choices about the types of tracking behaviour that the user can allow or block. However the bigger task will be to somehow classify the different types of tracking in the first place, both at a conceptual level – what are the choices to give to people, but also at the practical – what activities fall into which categories.
All of this might seem difficult to the point of impossible, except for the fact that some of the work has already happened, and is indeed ongoing. Back in 2011, in the face of the EU cookie law, the UK International Chamber of Commerce came up with acookie categorisation system designed to help web users better understand the different purposes of cookies – Strictly Necessary, Performance, Functionality, Targeting/Advertising. Their 4 categories are now in wide use, particularly in the UK, by websites declaring what cookies their site uses.
We also use those categories to independently assess the purposes of cookies for our own database of over 11.5 million cookies, which is powering our open knowledge base Cookiepedia.
Now imagine if users had the ability in their browser, to both determine which of these or similar purposes they considered to be acceptable, and which they would like to block. On arrival at a website, the browser would detect the cookies in use, cross reference their purpose using a site like Cookiepedia, and then block or allow them accordingly.
It could also indicate the action to the website, which might optionally choose to respond to this, perhaps through service customisation, or by attempting to persuade the user via incentives, to allow their type of tracking to happen.
Of course this kind of behaviour wouldn’t have to be confined to cookies, but any other type of tracking technology which can be detected and controlled by the browser – including the use of device fingerprinting techniques.
The end result would be a transparent value exchange between site and user, mediated by their browser. The user experience needn’t be interrupted with pop-ups or notices, unless the website wanted to carry out activity that was outside the users stated preferences.
The result is simple, transparent, and privacy enhancing for people that want it. Most importantly of all, it would put users in control to a degree that they have never had before – something that all sides should agree, is something to be aspired to
January 13, 2017
Future of EU Cookie Compliance Webinar: ...
GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...View Article →
December 14, 2016
Draft EU ePrivacy Regulation Leaked...
A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...View Article →
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...
Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...View Article →