Can FTC Get Do-Not-Track Back On Track?
Advocacy groups are asking the Federal Trade Commission to help settle a debate within the World Wide Web Consortium about the meaning of do-not-track.
"The W3C talks have reached a point where a clear statement from the FTC will play a decisive role in reaching consensus," the Center for Digital Democracy, Consumer Watchdog and the Electronic Frontier Foundation say in a letter to FTC Chairman Jon Leibowitz.
The Internet standards group W3C -- which includes industry representatives, computer scientists and consumer advocates -- has been trying to reach a consensus about how to respond to do-not-track headers. But the organization has gotten bogged down in questions about how much data should be collected from users who activate a header.
The browser-based headers don't block tracking cookies; instead, they send a signal to publishers and ad networks, but it's up to those companies to decide how to react. Some privacy advocates have argued that companies should stop collecting most types of data if consumers say they don't want to be tracked. But industry representatives have argued that companies need to continue gathering information for purposes like analytics or frequency capping.
Now, the consumer groups are now asking the FTC to back what they call a "compromise" proposal -- one that allows companies to collect analytics information, but only if it can't be linked to specific users or devices. "Much of industry has underestimated how much it can do with unlinkable data," the organizations say.
The CDD and others also are asking the FTC to weigh in on another contentious topic: how to respond to headers when they're turned on by default. That request stems from a dispute over Microsoft's decision in May to activate do-not-track in Internet Explorer 10. (The company recently backtracked somewhat, by stating that it will only turn the setting on by default for users who choose "express settings" during the Windows 8 installation process.
Microsoft's move drew criticism from the ad industry, with the self-regulatory group Digital Advertising Alliance saying that members wouldn't be required to honor do-not-track signals set to "on" by default. Last month, Apache developer Roy Fielding wrote a "patch" that negates a do-not-track command from IE10. Now, publishers using Apache who want to honor do-not-track settings must change Apache's default settings to do so.
The advocacy groups are asking the FTC to say that companies should honor a do-not-track request regardless of browser. "Even if DNT 'on' is the default, it may nevertheless be the user’s own choice -- as when a user disables and then reenables DNT or if a user chooses the IE10 browser specifically for its privacy-enhancing settings," the groups argue.
There's no response yet from the FTC. At this point, though, the various factions within W3C remain so far apart that consensus could be a long way off despite official pronouncements.