You may recall a voluntary version of do not track rules in the US about a decade ago. Many web sites had a Do Not Track button and some big companies like Twitter honored the consumer request to not be tracked. But over time, since there were no penalties for tracking, most web companies began tracking customers and the Do Not Track buttons disappeared from web sites. There are still a few web businesses like Mozilla that offer some protection through their browser. A lot of people now use ad blockers which can cut down on some tracking cookies, but which don’t really stop much of the tracking.
It’s not surprising that the voluntary methods got nowhere since there are gigantic dollars involved now in web advertising. It was recently announced by IAB and PwC that the digital advertising market hit $107.5 billion in 2018, up from $88.3 billion in 2017. Web and cellphones advertising is becoming the preferred way to reach younger consumers. The online advertising market is heavily reliant on targeted advertising that is aimed directly at the most likely consumers for any particular ad – and that requires tracking customers to build profiles of each one of us.
Sen. Hawley proposes the establishment of a ‘Do Not Track’ list that would be the equivalent of the FCC’s ‘Do Not Call’ list. There would be substantial fines for companies that violate the list. The bill suggests fines that create a major incentive to comply – it suggests the minimum fine should be $100,000 with the maximum fine being as much as $1,000 per day per person who is improperly tracked.
There are currently no rules governing how Internet companies track us. Without rules, the big web companies basically track everything they can about us. There are a number of practices that Sen. Hawley points out as being particularly troublesome:
• Google has admitted that Android phones track users even when customers turn off location tracking.
• Facebook tracks people who aren’t part of its platform and creates ‘shadow profiles’ of non-Facebook consumers.
• It’s a widespread industry practice to place cookies and other tracking tools on web site visitors as a way to track customer web browsing. Such data is widely traded on the open data market.
The European Union has struggled with the same problem and introduced an updated version of similar rules that went into effect in May 2018. That legislation gives consumers the chance to opt out of cookies and tracking on every web site visited. Companies that violate the EU rules can be fined the greater of 4% of worldwide revenues from the previous year or 20 million euros.
Interestingly, a lot of consumers won’t opt out of the tracking. I have a friend that employs a staff of programmers in their early 20s and they like the convenience of being tracked. They enjoy having specialized ads aimed directly at them and they think that enhances their web experience. This younger generation grew up with the web and they buy into the idea that the online world is not private. There are certainly older consumers who also like to get relevant web advertising. The purpose of the proposed legislation is not to end the tracking of customers, but rather to allow people to opt out. Perhaps over time, most people will value the benefits of being tracked more than their privacy. Web sites are certainly going to offer inducements to customers who agree to be tracked.
This legislation is only the first step towards a comprehensive set of privacy rules. For example, there are numerous other ways that information is gathered about us, like with the IoT devices in our homes. Many merchants and credit card companies are selling information about our buying habits. Limiting privacy rules to opting out of web sites is a start, but data gathering from numerous sources is becoming an industry unto itself.