Header graphic for print
Steptoe Cyberblog

It Depends on What the Definition of ‘Do Not Track’ Is

Posted in Privacy Regulation

“Do Not Track” is the buzz phrase of the moment among Internet companies, the advertising industry, privacy advocates, and privacy regulators on both sides of the Atlantic. The problem is that the various parties don’t even agree on what the term means, as discussed in a recent New York Times  piece by Edward Wyatt and Tanzina Vega.

The Internet advertising industry, ISPs, and browser operators have the narrowest definition. They would allow Internet users to click on some sort of “Do Not Track” icon but they could still collect information about the user’s Internet activity. They still could serve up targeted advertising to the user based on that activity.

The Federal Trade Commission has a broader definition, and the one most consistent with the words “Do Not Track.” If a user clicked on a Do Not Track icon, her web activity could not be tracked. Period.

The European Union has the broadest definition—in fact, so broad, that it amounts to “Do Not Track Me Unless I Say So.” It would prohibit collecting data about a user’s Internet activity unless she affirmatively indicated her willingness to be tracked, such as by changing her browser settings to permit tracking. But the industry could not rely on default browser settings that allow tracking. The default would have to be no tracking, requiring affirmative action by the user to change the browser setting to, essentially, “Track Me, Please.”

So progress in implementing a Do Not Track policy that pleases everyone will be stymied until everyone agrees on what the term means.