W3C

“Do Not Track” standards for the Web: The work is starting.

by Nick Doty and Thomas Roessler.

Since we published the Web Tracking Protection member submission in February, and since the Workshop on Web tracking and User Privacy in late April, the conversation about Do Not Track has come a long way. Today, we have announced the creation of the Tracking Protection Working Group. The group meets 21-22 September and has an ambitious timeline of publishing standards by mid 2012.

The challenge before the group is clear: As an industry, we need to address privacy concerns and the regulators’ challenges. Our task here is to deliver a set of standards that enables individuals to express their preferences and choices about online tracking, and enables transparency concerning online tracking activities for users and the public alike. Mechanisms that enable the enforcement of these preferences will be another important element of the work. At the same time, many business models on the Web as we know it rely heavily on advertising revenue.

By tracking users’ behavior online, online publishers and advertisers are able to deliver more relevant, individually-tailored offers — more effective advertising. But advertisers’ ability to track users across the Web, combined with a lack of transparency and user choice about these practices, has raised public concerns and caused regulators from both the European Union and the United States to call for industry to establish a Do Not Track standard on an expedited basis.

Earlier this year both Mozilla and Microsoft proposed technical solutions in this space. Together with guidelines and recommendations from organizations including the US Federal Trade Commission and Internet advertising associations, these proposals will provide the basis for the group’s work.

“The W3C’s action here can help protect consumers from unwanted tracking. Microsoft welcomes the opportunity to work with the industry and governments on a web standard based on our earlier work.”
- Dean Hachamovitch, Corporate Vice President, Microsoft Internet Explorer

A critical element of the group’s success will be broad-based participation: we look forward to having browser vendors, search engines, advertising networks, regulators, civil society actors, and many other interested parties involved in the work that we’ll do.

The group will be led collaboratively by a pair of industry-sponsored co-chairs, one from Europe, one from the US. Today, I’m particularly pleased to introduce the first of the two (while we work hard to on-board the other one, whose name we can’t quite announce yet): Aleecia M. McDonald. One of the leading academic experts in the field, Aleecia recently joined Mozilla as Senior Privacy Researcher.

“Mozilla’s work with Do Not Track aligns well with our non-profit mission and commitment to technologies that advance user choice online,” said Aleecia M. McDonald, Senior Privacy Researcher at Mozilla. “As co-chair of the Tracking Protection Working Group, I look forward to working with W3C members on standardizing Do Not Track and Tracking Protection Lists. These technologies present fantastic opportunities to improve transparency, to provide meaningful and useful privacy tools for users, and to enhance the trust relationships online that are so vital to commerce and advertising.”

Work is starting now, with an initial conference call on the 14th and a kickoff meeting on the 21st and 22nd. For instructions to join the group, please refer to the Tracking Protection Working Group Home Page.

11 thoughts on ““Do Not Track” standards for the Web: The work is starting.

  1. Is the mechanism being worked on “Tracking Protection Lists” as is noted a couple of times here or “Tracking Selection Lists” as it’s called on the WG home page? Or, are the two synonymous?

    1. “Tracking Protection List” is the name of an IE feature and a feature in the Microsoft Web Tracking Protection submission. “Tracking Selection List” is the name of the WG deliverable. The member submission is a likely input document for that WG deliverable.

  2. This is almost hillarious. Back before the 2004 version of Norton, (which dropped ad filtering in the Antivirous protection) several firewall programs (TPF) and browsers (MyIE2) contained filters to prevent your computer from accessing third party sites (doubleclick, clickthru, etc) that were customizable by the user. However, the advertisers won and all producers deactivated or removed ad filtering from their products. Now that the predicted abuse (Orwell’s 1984 and Minority Report’s retina scanning) has occurred, the advertising industry finally wants to support the establishment of standards to limit how the user can restrict their access to you and your personal information.

    It was sad to read how Congressmen and Senators pitched how the sharing of your credit information supported the industry in being able to make you ‘credit’ based offers for things and refinancing you never needed in the first place and helped to lead to the crash of our economy. (They had to have those lobbying $$$ for their campaigns.)

    Just reactivate the filtering that existed in NAV, TPF, and MyIE2 in all commercial browsers and let the CONSUMER decide what he wants to allow. Oh By The Way, Make the default to block all unless allowed!

  3. It’s like I would like it with the streamlined browser like Chrome and Mozilla. Website browsing is not synonomous with IDK. It’s browsing!–Not developing.

  4. Today, behavior of users is tracked across without most users being aware of it. While better advertisements are an advantage (I like recommenations that fit me), data collected behind the scenes is a valid and important threat to the privacy of the users.

    I believe that the DoNoTrack WG can balance both concerns. It will enable privacy-cautious users to obtain notice and opt-out of these data collection mechanisms. By including DoNotTrack into the browsers, opt-out will be user friendly and fully automated.

  5. Hello,

    I heard about the “Do not track” wanted by the French Government, and I think that we need to understand the difference between unwanted tracking and tracking used in term of statistics. We can’t have an “accept or decline” system for each cookies, that will be too hard for the user. We only need to ask user’s acceptance for “unwanted tracking”.

    Damien, CEO of Brico

  6. I hope the other chair is not from the marketing data aggregator camp. Mozilla gets 90% of its income from Google. Even Microsoft has a conflict of interest through Bing and their shares in Facebook.

    It is possible to combine the EU approach with DNT to improve consumer protection from tracking, for instance the EU rules do not cover browser fingerprinting, and we could then end up with a stronger opt-in by default approach in both jurisdictions.

    Brands would then benefit from the chance to interact with consumers who would feel more confident about sharing information which they felt they had control over. This in turn would lead to greater consumer trust in, and use of online commerce.

  7. Currently we have free product for end-users which gets ~100% of its income from Google advertising. Today, there are hundreds of thousands of such software products.
    If “Do Not Track” engine will be block all advertising by default, it would be a disaster for many free internet projects.
    Who needs “Do Not Track”? I Think there is large corporations concern to gain complete control over advertising. With “Do Not Track” small publishers will not work around large advertising corporations.
    This is a very dangerous step! Moreover, with “Do Not Track” users privacy will remain at the same level, because there are an infinite number of other techniques for tracking user acitvity.

    1. Do Not Track is about giving users the ability to express a choice whether they want advertisers (and other third parties) to track their behavior on the Web. This is not about blocking advertising: It’s about what data advertisers collect (and how they use those data) as they display advertising to you.

Comments are closed.