The World’s First Do Not Track Law

The state government of California has in the last few days enacted the first law anywhere in the world that recognises the Do Not Track setting now found in most browsers.

California law AB370 requires companies that collect data on Californian residents to declare in their privacy policy how they respond to the ‘do not track’ signal sent by some visitors browsers.

It also requires owners to make it clear if third parties are also using the site to track visitor behaviour or browsing history.

Although the US is often thought of as having fewer privacy protections for consumers compared to the EU, there is often much more enforcement of what protections are in place – because it is driven by court based litigation rather than fines from a regulator.  As a result the costs of non-compliance in the US are generally much higher than for EU companies.

The law is currently restricted to protecting Californians, but due to the size of that market, pretty much any online business in the US will need to comply.  Plus, where California leads on these issues, other states often follow.

AB370 doesn’t require sites to actually respond to a Do Not Track request, and the fact that it has come into force fairly quietly suggests many believe that it is relatively toothless in terms of effect real change in tracking technologies use.

It may nonetheless yet prove to be a significant first step.  It is unclear at this time exactly what websites are going to have to do to comply, but on the surface at least it suggests they are going to have to review both privacy policies, and get a handle on what kind of tracking is taking place on their websites.  This last sounds a lot like the Cookie Audits that EU based companies have gotten used to carrying out over the last couple of years.

Discussions on a universal standard for Do Not Track – what it means and how web services should respond, have been ongoing at the World Wide Web Consortium (W3C) for nearly two years now, with very little progress towards agreement on key definitions.  Opposing interests at the negotiating table have led many to the conclusion that agreement will never be reached by the consensus model adopted by the W3C.

This failure to agree has had the shadow of externally imposed legislation hanging over it for most of 2013.  That shadow has now taken solid form.