A new study entitled "Privacy and Modern Advertising: Most US Internet Users Want 'Do Not Track' to Stop Collection of Data about their Online Activities" from researchers at the law school at Cal-Berkeley shows that web surfers want an easy-to-use Do Not Track right to stop online tracking and collection of information about their web choices. The New York Times story "Study Finds Broad Wariness Over Online Tracking" by Somina Sengupta has more on the study:
"The survey asked respondents: “If a ‘do not track’ option were available to you when browsing the Internet, which of the following things would you most want it to do?” Sixty percent said they prefer regulation to “prevent Web sites from collecting information” about them; 20 percent said such a tool should allow them to block Web sites from serving up ads; and 14 percent said they would like it to “prevent Web sites from tailoring advertisements” based on sites they had visited."
But a powerful coalition of web advertisers and web publishers is fighting back, here and abroad, as our colleague Jeff Chester of the Center for Digital Democracy reports in a blog post from Amsterdam, where an important committee involved with Internet governance has been meeting:
"How can one rationally explain the bizarre—and politically insensitive—behavior of US advertising lobbyists at last week’s Do Not Track (DNT) meeting held by the WC3 [World Wide Web Consortium] in Amsterdam? Representatives of the Digital Advertising Alliance (DAA) showed their contempt for the issue of protecting the privacy of consumers and citizens online. In a series of proposals which shocked and dismayed officials of the European Union (EU) and others, the DAA (which includes the Direct Marketing Assoc., Interactive Ad Bureau and the Assoc. of National Advertisers and others) asked that all of the industry’s sophisticated, pervasive and ubiquitous data collection practices be declared exempt from any DNT [Do Not Track] safeguards."
In 1973, a prescient advisory committee to the Secretary of the U.S. Department of Health, Education and Welfare (HEW) proposed a Code of Fair Information Practices, or FIPs, to govern the collection and use of information about individuals (whether it was to be compiled into databases concerning citizens, consumers, customers, clients, patients, students or other "individuals").
Here are links to two excellent short histories of the FIPs, as they evolved. One is by the encyclopedic Privacy Rights Clearinghouse and one is from privacy scholar Bob Gellman.
The original FIPS provided five short recommendations. Among them was the following, often called the Secondary Use right:
-- There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent.
The other four bullet points of the original FIPS provided that there shall be no secret databases, that consumers should have a right to know about, access and correct any file about them and that data collectors (governments or companies or otherwise) must maintain the security and accuracy of any records. The most important later strong variant of the FIPs is the 1980 Organization for Economic Cooperation and Development version; the OECD is an international network including most of the major countries and its privacy guidelines were the first international version of the FIPs, as it discusses in a 2011 report.
There are plenty of "FIPs-lite" alternate, industry-approved versions of privacy "rights," as I explained in Congressional testimony in 2010. The weaker alternates generally rely heavily on disclosures, not rights, and seek to grant consumers a weak hard to exercise right to opt-out of secondary uses of their information, if any right at all, rather than an advocate-preferred stronger affirmative consent or opt-in before any secondary uses are allowed. A robust and enforceable Do Not Track mechanism could be a one-stop-shopping protection.
In March, the Federal Trade Commission (FTC) issued its Final Privacy Report.
Excerpt: "For practices requiring choice, companies should offer the choice at a time and in a context in which the consumer is making a decision about his or her data. Companies should obtain affirmative express consent before (1) using consumer data in a materially different manner than claimed when the data was collected; or (2) collecting sensitive data for certain purposes. The Commission commends industry’s efforts to improve consumer control over online behavioral tracking by developing a Do Not Track mechanism, and encourages continued improvements and full implementation of those mechanisms."
While the FTC's report on privacy relies heavily on a variety of voluntary mechanisms to protect privacy, its inclusion of Do Not Track is an important step forward toward an important goal consumers seek. And browser purveyors, such as Microsoft Explorer and Mozilla Firefox and others, have taken steps to implement Do Not Track mechanisms in their browsers, although the inclusion of a browser Do Not track mechanism neither requires nor guarantees its use by a web advertiser or publisher. Microsoft even has a test page that will tell you if your "Do Not track" preference has been selected, no matter what your browser, and even explains how to turn it on. Microsoft has even made Do Not Track the default choice in the latest version of Internet Explorer, shipping this month, much to the chagrin of the advertising firms (ZDNET: "Ad Industry blasts over Do Not Track defaults in IE 10)."
Why chagrin? As reporter Natasha Singer explained recently in another New York Time story, the marketers and advertisers basically look at Do Not Track as the end of the Internet as they seem to think it works: "Consumer data, marketers say, is the fuel that powers the Internet, driving ads that support free content and e-mail services, search engines and social networks."
But, as ACLU privacy advocate Chris Calabrese's blog entry "Corporate America: We Want to Track You" points out:
Excerpt: "On Monday [last week] an extraordinary letter went out from a who’s who of major corporations claiming a mandate to track all of us on the internet. In tone and substance, it is an amazing, over-the-top screed against efforts to give consumers even modest controls over who watches us as we surf online. The letter was triggered by Microsoft’s announcement in May that when it ships its new browser, IE 10, the browser’s default setting will be Do Not Track."
And, again, as Chris Hoofnagle and his Berkeley colleagues explain in their new report, privacy is important to consumers and consumers have allies in their quest for control over the use of their own information:
"The rise of detailed profiling techniques that track web users as they move around websites and from website to website has the potential to upend consumer expectations about what third parties know about them and how marketing campaigns are targeting them. Emerging and existing behavioral tracking techniques can build highly detailed dossiers on individual consumers. The hope is that these dossiers can help advertiser target ads in a manner that is more effective at selling products and services. Given, however, the possibilities of toppling consumer expectations, price and product discrimination, and the use of profiles for purposes well beyond offering advertising, privacy and consumer groups, the Federal Trade Commission, and members of Congress have all called for consumer control over the collection and use of behavioral tracking data."
There is an often-made threat that if Do Not Track is fully implemented, firms will simply place most of their content behind a new form of paywall-- you'd be forced to pay by agreeing to total tracking or you'd see not much of anything at all. My view is that sensible regulation won't result in that outcome, but industry lobbyists are pulling out all the stops to stop consideration of, let alone implementation of, sensible regulation. They don't have a right to do that but they have the money and power to try, despite that they didn't build the Internet, they don't control the Internet, and they shouldn't be able to tell consumers what is best for them. But consumers need to continue to make their voices heard loudly, because industry has a lot of lobbyists.