Do Not Track– a Single “Nuclear” Response for a Diversity of Choices

by on December 3, 2010 · 10 comments

“The do-not-track system could put an end to the technological ‘arms race’ between tracking companies and people who seek not to be monitored.” – David Vladeck, FTC

David Vladeck is right. The Do Not Track system would put an end to the technological “arms race” – but that’s not a good thing. Instead, its the nuclear option that will halt ongoing industry innovation and consumer welfare.

This has been unofficial privacy week in Washington, DC. Wednesday saw the release of the FTC’s privacy report. Yesterday was the House Commerce Committee hearing; phrased in the form of a question, the tile of the hearing was a bit presumptuous: “Do-Not-Track Legislation: Is Now the Right Time?” And today, NetChoice responds with why the answer to that question should be No.

Do Not Track is a Blunt Response, Not an Informed Choice

The FTC’s report calls for a “uniform and comprehensive” way for consumers to decide whether they want their activities tracked. The Commission points to a Do Not Track system consisting of browser settings that would be respected by web tracking services. A user could select one setting in Firefox, for example, to opt out of all tracking online. The FTC wrongly calls this “universal choice.”

Really, it’s a universal response. It’s a single response to an overly-simplified set of choices we encounter on the web. This single response means that tracking for the purpose of tailored advertising is either “on” or “off.” There is no middle setting. But it is the “middle” where we want consumers to be. The middle setting would represent an educated setting where consumers understand the tradeoffs of interest-based advertising – in return for tracking your preferences and using them to target ads to you, you get free content/services. But an on/off switch is too blunt and not, err, targeted enough. There is no incentive for consumers to learn about the positives, they’ll only fear the worst-case scenarios and will opt-out. In return they’ll also opt-out of the benefits.  [more on the “middle” below].

Do Not Track is nothing like Do Not Call

One of the fallacies about Do Not Track is that it would simply be like Do Not Call. But buyer beware: Do Not Compare the Two – they are nothing alike. As the IAB states in its analysis, there are fundamental technical differences:

Phone calls consist of one-to-one connections and are easily managed because each phone is identified by a consistent phone number. In contrast, the Internet is comprised of millions of interconnected websites, networks and computers—a literal ecosystem, all built upon the flow of different types of data. To create a Do Not Track program would require reengineering the Internet’s architecture.

Moreover, there are immense cost-benefit differences, too. Telemarketing is marketing, nothing transformational about that. Tracking is about marketing too, but it’s also much more: content personalization. As Fred Wilson described in yesterday’s New York Times debate, “[t]racking is the technology behind some of the most powerful personalization technologies on the Web. A Web without tracking technology would be so much worse for users and consumers.”

The “Middle Ground” is the Self Regulatory Approach Already Underway

Underlying this entire debate, and the disconnect between the benefits of tracking along with its costs, is the need for industry transparency and consumer education. Increasing transparency and promoting education would place the online industry squarely in the sweet spot, the “middle ground” where consumers are presented with the appropriate information to make informed decisions.

Thankfully, this process is already underway. It’s the appropriately named Self Regulatory Program for Online Advertising. Central to it is the Advertising Option Icon, which allows consumers to understand why it is they received certain targeted ads and to opt-out of future ads. It’s a just-in-time approach the kind of teachable moments that will truly educate and inform the meaning behind the choice.

The icon has only recently been activated, and the mechanisms to hold companies accountable will go live early in 2011. Let’s wait for this industry-led initiative to take hold before we talk about more extreme Do Not Track measures.

Simple responses don’t work for complex issues. That’s why we see a simple “do not track” response as failing both online consumers and industry.  Instead, let’s encourage the “middle” ground here of tailored responses for diverse forms of information sharing. It’s an arms race we want to encourage, as companies compete based on privacy policies and new technological innovation. Admittedly, throwing hand grenades is harder than dropping bombs, but innovation and consumer welfare will be rewarded in the long run.

  • http://mark.atwood.name/ Mark Atwood

    Let’s see if this “Self Regulatory Program for Online Advertising” is any better than eTRUST and the other “privacy policy” programs, where the small print privacy policies effectively say “you have no privacy”.

  • http://twitter.com/privacychoice Jim Brock

    I agree completely with the point that consumers need refined options that can be presented in context. A nuclear Do Not Track approach, at least as discussed so far, does not meet that need.

    However, the self-regulatory program as currently conceived has two key shortcomings that must be acknowledged if we are to make any progress:

    1/ It doesn’t provide a do-not-track option at all, because the industry has never been willing to step up to promise that an opt-out means data will not be collected; companies have only been willing to say data will not be used for targeted advertising. That’s a big difference that motivates much of the regulatory concern. The NAI and the IAB should step up to the plate on this, and require even anchor companies like Yahoo! to separate their cross-site behavioral cookies from other cookies.

    2/ Industry needs to embrace persistent choices that don’t disappear every time a consumer clears their browsing history. The NAI has never offered this as part of their opt-out program (all they provide is a buggy Firefox beta product that isn’t even presented as part of the opt-out process).

    Given this history, the cynicism you see in regulators and lawmakers is, in my view, quite valid.

  • http://twitter.com/privacychoice Jim Brock

    I agree completely with the point that consumers need refined options that can be presented in context. A nuclear Do Not Track approach, at least as discussed so far, does not meet that need.

    However, the self-regulatory program as currently conceived has two key shortcomings that must be acknowledged if we are to make any progress:

    1/ It doesn’t provide a do-not-track option at all, because the industry has never been willing to step up to promise that an opt-out means data will not be collected; companies have only been willing to say data will not be used for targeted advertising. That’s a big difference that motivates much of the regulatory concern. The NAI and the IAB should step up to the plate on this, and require even anchor companies like Yahoo! to separate their cross-site behavioral cookies from other cookies.

    2/ Industry needs to embrace persistent choices that don’t disappear every time a consumer clears their browsing history. The NAI has never offered this as part of their opt-out program (all they provide is a buggy Firefox beta product that isn’t even presented as part of the opt-out process).

    Given this history, the cynicism you see in regulators and lawmakers is, in my view, quite valid.

  • http://logicalextremes.com/ Your LogExName

    Jim Brock gets it exactly right, though I firmly believe that brower-based Do Not Track is an essential tool.I don’t care about seeing ads or even targeted ads, as long as that tailoring is limited to the current browser session or to a logged-in relationship with the current web site (e.g., Amazon). The self-regulation efforts today are a sham – “opt out” mainly un-targets ads but in most cases does not stop the tracking. I do care about having my personal information collected, stored, aggregated, used, and abused by unknown actors, with no real recourse. I do care about personal data collection by web sites and web infrastructure companies through multiple opaque means (numerous forms of persistent storage on MY device, device fingerprinting, etc.), aggregating that data over time and across sites, and using it and selling it in ways that were never understood and certainly never intended by the person who just wants to surf the web in peace.If some people actively want tracking, fine. If many people just don’t care that much, fine. But ignorance is no excuse to continue bad practices either, some of which should probably be illegal. When people are told what is happening behind the scenes, they like it less. Education is key, as are real technical and legal options for being left alone to surf the web in peace, free from commercial and government surveillance.

  • RyanAllen

    “It doesn’t provide a do-not-track option at all, because the industry has never been willing to step up to promise that an opt-out means data will not be collected; companies have only been willing to say data will not be used for targeted advertising.”

    I hardly see this as a criticism. Any information held by companies was provided by an individual or stolen. If it was self-reported then the responsibility lies with the reporter. If it was reported by a third party then there may be a breach of contract, if the third party agreed not to disclose the information of the concerned party. That is an issue between the concerned party and the third party and does not involve the company. If no contract existed, then the third party was merely exercising their right to speak freely.

    Companies ought to drop the whole idea of “self-regulation.” It is not in the interest of any of the advertising companies to “self-regulate.” Regulation is an action for governments, not actors in the free market. If consumers want their information protected the market will supply the demanded service, so long as the government doesn’t crowd out private entrepreneurs.

  • Pingback: more efficiency means less profit « Manifest Density

  • Pingback: Advertiser Stalking Is the Real Online Ad Privacy Issue « Becoming Professional: A Blog

  • http://esarcasm.com dantynan

    10 years of self regulation have completely failed. so the answer is…. more self regulation? please.

    that’s like saying the answer to enormous budget deficits is to extend the tax cuts that helped create them. let’s see how well that works.

    would ‘do not track’ really be that hard to implement? I doubt it. I think this is a smokescreen for data brokers who are afraid that people will opt out in the same way they opted out from telemarketing calls. too bad for them.

    cheers,

    dt

  • http://srynas.blogspot.com/ Steve R.

    “If consumers want their information protected the market will supply the demanded service, so long as the government doesn’t crowd out private entrepreneurs. “ Wrong on a couple of accounts.1. Why should a consumer have to buy a product to protect themselves? Companies should have a degree of self control and respect concerning customer data. The consumer is not simply a revenue unit without rights where companies can abuse them at will.2. Ironically, private industry special groups seem to be able to castrate many consumer protection laws. So the never ending whine that government is implementing onerous regulations that will destroy business tends to be a tired mantra. Besides, if the citizens of country find abusive business practices to be repugnant, the industry refuses to clean itself up, and the industry does not respect the consumers rights; seems that regulation is the appropriate response.

  • Nick Carr

    You write: “This single response means that tracking for the purpose of tailored advertising is either ‘on’ or ‘off.’ There is no middle setting.” That’s a distortion of the FTC position, which is much more nuanced. In its Congressional testimony, the FTC notes that “consumers may want more granular options” than a universal opt-out and then goes on to say: “We therefore urge Congress to consider whether a uniform and comprehensive choice mechanism should include an option that enables consumers to control the types of advertising they want to receive and the types of data they are willing to have collected about them, in addition to providing the option to opt out completely.”

Previous post:

Next post: