• by Wendy Davis  @wendyndavis, April 25, 2014

The Internet standards group World Wide Web Consortium took a small but significant step forward this week with its 3-year-old initiative to implement the do-not-track requests that users can send through their browsers.

The group tentatively decided that a “do not track” request will communicate that users don't want data about themselves collected by ad networks. Despite the proposed definition, the organization also anticipates that ad networks will be able to comply with the do-not-track standard and still collect certain types of data about users. The W3C hasn't yet come to any agreement about what type of data can be collected.

Even with that limitation, the W3C's tracking protection group's co-chair Justin Brookman calls the move “a big deal” in a blog post.

“It means that the Working Group thinks that the specification is complete and ready for review by the larger community,” he writes. “The meaning of the Do Not Track signal is now standardized -- it means you’re telling a server that you don’t want it to collect data about you across different companies’ Web sites.”

Brookman adds that do-not-track by and large doesn't deal with collection of data by first parties. “It isn’t meant to stop Amazon from remembering what you do on their site, and The New York Times can still count the articles you read on NYTimes.com and recommend other articles to you based on that,” he writes.

He also says the group is working on figuring out when ad networks can collect and retain data even after receiving a do-not-track request. Legitimate reasons for doing so could include fraud prevention, ad frequency capping, billing, and auditing, Brookman writes.

The group is accepting comments through June 18 on the proposed definition of do-not-track requests. In the past, some ad industry representatives proposed that do-not-track requests should only limit companies' ability to serve targeted ads to users, but shouldn't limit data collection. Ad executives also said that do-not-track requests shouldn't be given any weight if they're turned on by default, as happens with some versions of Internet Explorer.

All of the major browser companies now offer a do-not-track setting, which was designed to enable consumers to opt out of online behavioral advertising. But those headers don't actually prevent anyone from tracking users. Instead, the headers send a signal to publishers and ad networks -- which are free to honor them or not.

Privacy advocates, industry representatives and computer scientists on the W3C's do-not-track group have spent the last three years trying to forge a consensus about how to respond to the headers. Since starting work, the do-not-track group has changed leadership three times. The group also saw the high-profile defection of the trade organization Digital Advertising Alliance last year.

"Keyboard with privacy key" photo from Shutterstock.