Absence of agreed ‘DNT’ definition means companies keep tracking us online

Selecting ‘do not track’ means little when there is no legal requirement to observe these settings

Thu, Jul 3, 2014, 01:00

Privacy advocates argue that DNT would thus make privacy regulations easier to comply with for advertisers. But first, a standard must be agreed, then policies hammered out around the standard.

Technically, the way in which many companies currently undertake third-party tracking may fall foul of existing EU opt-in privacy standards for web cookies – data placed on a user’s computer that enables some services to be activated, and activities to be tracked, argues O Brien.

Many advertisers believe the cookie rule applies only to the use of text-based cookies, but O Brien and O’Carroll both note that it actually refers to any data placed on a computer which then sends a call back to a server.

Third-party tracking often utilises a tracking pixel, rater than a text file, on the user’s computer, which then calls down advertisements or other data from a server.

However, because there’s no legal requirement to observe an internet user’s DNT settings, and no formal agreement on what DNT means, people can only block third-party tracking – which takes place on many websites and social media sites – by using add-ons like the Electronic Frontier Foundation’s Privacy Badger, or going through a clumsy process of opting out on the web pages of the organisations that do the tracking.

O’Brien reminds web users that if they are using sites that offer free services – even those, like Twitter, which currently promise not to use third party tracking – advertisements, tailored according to information from the site’s users, are what generate income for the site.

“The customer is still the product being sold.”

Privacy audits

Facebook, which until now had a policy of not doing third-party tracking, has said it will refer those people who wish to opt out of being tracked to the relevant websites of the tracking companies.

But this is unlikely to be an acceptable solution in Europe, which has tougher data protection laws that the US. The issue is likely to land, as have other Facebook privacy concerns, on the desk of the Irish Office of the Data Protection Commission. Facebook has already come under two high-profile privacy audits here, because its European headquarters is in Dublin.

Facebook has not yet rolled out third-party tracking to European users, says O’Carroll, something he doesn’t expect will happen until the end of the year, on a phased basis. And the way in which it is being done for US users will not be acceptable in the EU, he states.

“We’re looking for a lot more information from them, and are expecting quite a high bar to be maintained,” he says. “They have a lot of power and audience, and we expect them to have very clear information and tell users what they’re doing,” and offer opt-in, rather than opt-out, controls.

“We’re going to watch it carefully.”

Sign In

Forgot Password?

Sign Up

The name that will appear beside your comments.

Have an account? Sign In

Forgot Password?

Please enter your email address so we can send you a link to reset your password.

Sign In or Sign Up

Thank you

You should receive instructions for resetting your password. When you have reset your password, you can Sign In.

Hello, .

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

Thank you for registering. Please check your email to verify your account.

We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.