We welcome the inclusion of W3C’s Do Not Track specification among the “privacy bridges” proposed by an international group of privacy experts as structures to improve US-EU privacy cooperation. “Bridges” is an apt descriptor for W3C’s work on voluntary consensus technical standards, through which we aim to make the Web work for users, developers, and publishers around the world.
The report, presented in a privacy conference this week, proposes a focus on “user controls.” That has been a key aim of the Tracking Protection Working Group from its charter: “to improve privacy and user control by defining mechanisms for expressing user preferences.” With the publication of the Tracking Preference Expression Candidate Recommendation, and its implementation in browsers, we have given users a tool for preference-expression; with the Compliance specification, we supply some vocabulary for specifying preferences.
As the report (PDF) further recognizes, since the privacy landscape is complex, standard preference mechanisms can help reduce the complexity presented to individual users, even as laws differ around the globe. For the WWW to earn its Ws by operating World Wide, its infrastructure must meet the needs of users around the world. Thus DNT provides scaffolding that can be implemented consistently across jurisdictional borders, while conveying information that users, publishers, and regulators can use to tailor their interpretations to their local jurisdictions. Users everywhere can say “Do Not Track” or “Permit Tracking,” even if jurisdictions vary in looking for “opt-in” or “opt-out.”
Once the technical standards for communicating privacy preferences are set, the work of privacy protection is not yet done. Regulatory attention may be necessary to encourage or enforce implementation and adoption. Participants from both the U.S. Federal Trade Commission and EU Article 29 Working Party have been active discussants in the Working Group. That too is part of the global dialog on privacy.