A New ‘Do Not Track’ Policy

EFFThe Electronic Frontier Foundation (EFF) released a new version of ‘Do Not Track’ which is supposed to provide stronger protection for Internet users. This is something that consumer advocates have been pushing for a long time, so the question is: what does this new standard provide for the average Internet user?

To confuse matters a bit, the EFF is not the only group working on this issue. The W3C group that controls the standards for most Internet protocols is also working on its own version of Do Not Track. But regardless of which of these efforts becomes the new standard there are serious questions about how effective this might be in the marketplace.

Neither of these groups can impose Do Not Track rules on Internet companies, and so compliance with any new standard is voluntary and one has to wonder who is going to implement it. There is a current Do Not Track standard that very few in the industry are following. For instance, the search engine I normally use, DuckDuckGo, follows the current standard and doesn’t track what people search for on the web. You can count on two hands the other companies that currently publicly agree not to track their users.

This is another one of the big tug-of-wars going on in the industry. There are a lot of people who don’t like the idea of web companies tracking their every move and then selling that data to others. A lot of people find targeted ads creepy and feel like the big web companies are spying on them.

And to a large degree they are. Companies like Google and Facebook and many others make a lot of money from advertising and from selling data about their customers to others. These companies feel that if you come to their site that you have waived privacy for what you do on their platform. Big data is perhaps the biggest money maker on the web, and having flocks of people opt out of being tracked would significantly reduce revenues for a lot of web companies.

Here are a few of the major points of the new policy. Honoring a DNT request means:

  • Not collecting information from the user and not placing tracking cookies except with specific permission;
  • Not retaining details of the interaction with the user except in those few cases where data retention is required by law;
  • Information needed to complete a transaction, such as address or credit card number are only retained until the transaction is complete;
  • Users can be given the option to have web sites remember their data. This might be convenient for places where somebody shops regularly;
  • While these rules aren’t binding, existing law says that if a company says they will not track you they must live up to that commitment.

It will be interesting to see if this new round of Do Not Track gets any more industry buy-in than the last version. There certainly is a significant portion of Internet users who would opt out of being tracked if that was possible. However, there is a good chance that a lot of the industry will only give lip service to any voluntary guidelines. They might not send specific ads to somebody who says they don’t want to be tracked but would likely otherwise track them like everybody else.

It would require a change of law to make this mandatory. There certainly are a number of consumer privacy laws that have been enacted, such as the laws that protect medical records. It probably requires an action by Congress to make these protections mandatory. I find it unlikely that big companies like Facebook and Google and many others are going to voluntarily offer this to users. Offering it costs money and the loss of adverting and data revenues would cause a big hit to the bottom line of these companies. They are already seeing big hits from ad blocking revenues and this could be even a bigger hit.

To some degree consumers who really care about their privacy have options. They can use web sites today that promise to not track them. But almost all ecommerce is tracked and today there are not many places you can go on the web that aren’t tracked. Certainly almost all social media sites are tracked. I know I get anywhere from 50 to 200 tracking cookies on my computer each day from fairly light browsing, so there are a lot of companies out there trying to find out more about us.