Absence of agreed ‘DNT’ definition means companies keep tracking us online
Selecting ‘do not track’ means little when there is no legal requirement to observe these settings
A 2012 study by University of California, Berkeley researchers revealed 87 per cent of their survey group didn’t know about ‘DNT’ settings.
If, like a majority of web users in survey after survey, you have concerns about having your online activity tracked by advertisers, then you’ve turned on the “do not track” (DNT) feature of your browser, right?
Never heard of it? Then you’re like a majority of web users, unaware that it even exists. One 2012 study by University of California, Berkeley researchers revealed 87 per cent of their survey group on the issue, didn’t know what it was.
But many more do now, after Facebook controversially announced on its corporate blog in mid-June, that it intended to start tracking what its users do when they are on third-party sites – for example, when someone clicks on a link and heads to another website, or when someone clicks the Facebook “like” button embedded on another website.
Like Yahoo and Google before it, the social media giant said that, in doing so, it would explicitly ignore DNT (Do Not Track) requests.
The day after the blog post, the Digital Advertising Alliance (DAA), a big industry trade coalition, asked the standards body the World Wide Web Consortium (W3C) to drop efforts to create a technical standard for DNT. Several years of haggling and lobbying have so far failed to produce a clear definition of what “tracking” is.
“Policymakers, regulators, advocates and industry representatives have grappled with these types of policy issues for decades and continue to deliberate on these matters,” DAA executive director Lou Mastria wrote in an open letter to the W3C.
And therein lies the difficulty.
“The problem is, the industry standards bodies haven’t agreed on a definition. And in the absence of a single defining standard, [advertising groups and businesses] will keep gathering user data. But the reason there’s no single definitive standard is that they keep lobbying against it,” says Daragh O Brien, a director at information and data governance consultancy Castlebridge Associates.
With no apparent sense of irony, Mastria supported his argument by referencing exasperated comments by two privacy advocates involved in the W3C working group on the issue. Both made it clear they felt it was impossible to reach consensus because of the opposition of trade groups like the DAA.
Default settingUltan O’Carroll, assistant commissioner in Ireland’s Data Protection Commissioner’s Office, says the view of the office and the EU-wide Article 29 group – a coalition of data protection commissioners – is that the default in the absence of a standard should be to not collect data without explicit consent, and respect DNT when activated.
Most users of current versions of Internet Explorer are probably already using DNT, because Microsoft made it the defaultsetting in IE10, an interesting move by the company to compete on privacy, says O Brien.
O’Carroll says the Article 29 group, which is part of the W3C negotiations, sees DNT – once standardised – “as having great potential for giving explicit consent”.
“The advantage is, users can control it from their own desktop or device, without having to use a third party [browser] add-on. It has great advantages.”