Defining Do Not Track so it doesn't 'break' the Internet
Things move fast in the digital world, so it can be easy to miss the emergence of revolutionary change. A revolution in online advertising has happened over the past couple months, the significance of which many in our industry have missed. But it is not too late to negotiate peace with the revolutionaries.
With The Wall Street Journal, the Federal Trade Commission and Congress focused on the alleged harms of online tracking to deliver targeted advertising, Do Not Track (DNT) has become inevitable. What once was simply a musing at a conference – empowering consumers to block targeted online ads – has been embraced by privacy advocates, policymakers and the companies producing the most-used Web browsers. As a result, DNT technology is being rolled out in the latest releases of Web browsers. A consensus has emerged that the primary mechanism to enable DNT will be a browser header containing, in essence, a “Do Not Trespass” sign intended to signal that the user does not want to be tracked.
It is surprising to me that I still read arguments against the idea of DNT; or that if the industry just puts enough icons on their ads, we can fend it off; or that the ad network, cookie-based opt-out programs are sufficient. That sounds a little like Hosni Mubarak's arguments just a couple of months ago that there was no reason to be concerned about protests ginned up on Facebook.
Despite its inevitability, however, an important part of the debate is not over. The debate is now about “What does DNT mean?” At Datran Media, we believe the biggest privacy implications flow from the practice of compiling detailed profiles of individual users by tracking them across third-party websites for the purpose of delivering advertisement targeted to an individual. In our comments to the FTC, we proposed that any definition of DNT should be appropriately tailored to this practice.
We argued that activities such as reporting, analytics and measurement should be excluded from DNT. When considering what to include in DNT, I believe we should weigh several factors the most important of which include:
- The privacy risks of the data collected (the volume of Web behavioral data associated to an individual, the need to retain such data for extended periods of time and the intrusiveness to the consumer's experience in the use of such data);
- The expectations of the ordinary consumer; and
- The necessity of such tracking for the functioning or protection of the Internet
Right now, most of the people trying to define DNT are privacy advocacy groups. For those not familiar with the Center for Democracy and Technology, I highly recommend that you read their proposal. It covers more than I would like it to, but I do think this is a strong and sincere effort against which we can and should negotiate. It is not a “break the Internet” proposal as many sky-is-falling industry advocates would protest. It excludes many necessary functions such as first-party tracking, tracking for fraud protection, tracking for analytics and reporting. Those “break the Internet” critiques just lack credibility when held up against the reality of such proposals.
What DNT should mean is the debate we need to be engaged in right now. Some leaders in the industry are participating, but many are not. If you are one of those whom are not, I encourage you to stop arguing about why DNT should not exist. I encourage you instead to get involved in this new debate about what DNT should mean, because this is the debate that will define the future of digital marketing and online data collection.
Steven Vine is chief privacy officer at Datran Media.