A four-year privacy initiative of the World Wide Web Consortium advanced today when the group published tentative standards for implementing do-not-track requests that users can send through their browsers.
The proposed compliance standard generally calls for ad networks and other companies to stop collecting data from users who have turned on the do-not-track signals, except for auditing, security, debugging and frequency capping purposes.
The Internet standards organization's proposal would not allow data collection for either market research or product improvement, according to Justin Brookman, co-chair of the W3C's tracking protection group.
That decision goes against proposals by some ad industry representatives, who took the position that do-not-track signals should limit companies' ability to serve targeted ads to users, but allow companies to gather data for market research or to improve products.
The standard applies when ad networks and other companies are engaged in cross-site tracking -- meaning that they collect data about users from one company's site in order to serve them targeted ads on a different site. It applies to retargeting (when companies collect data from their own sites in order to retarget people throughout the Web), as well as “interest-based” advertising (when ad networks create profiles of users based on the sites they visit, and then send them targeted ads based on their presumed interests).
The standard also applies when companies like Facebook collect data from outside publishers via the Like button, but not when they collect data about users from their own sites, like Facebook.com.
The group will accept comments on the standard -- now in “last call” -- for the next three months.
All the major browser companies now offer a do-not-track setting, which was designed to enable consumers to opt out of online behavioral advertising. But those headers don't actually prevent anyone from tracking users. Instead, the headers send a signal to publishers and ad networks -- which are free to honor them or not.
The W3C's proposal, however, calls for publishers and ad networks to respond to a do-not-track header by sending a return signal stating whether or not they comply with the standard.
Privacy advocates, industry representatives and computer scientists in the W3C's do-not-track group have struggled to forge a consensus about how to respond to the headers since 2011. In that time, the do-not-track group has changed leadership three times. The group also saw the high-profile defection of the self-regulatory trade organization Digital Advertising Alliance in 2013.
One reason why the W3C had trouble crafting a standard stemmed from Microsoft's 2012 announcement that it would turn on do-not-track by default in Internet Explorer. That move initially struck some observers as pro-privacy. But the decision also enabled ad companies to justify ignoring the settings on the grounds that they didn't reflect users' choices.
Microsoft reversed course in April, saying it would stop activating do-not-track signals by default.
In the last four years, some ad networks and other Web companies have said that they don't honor do-not-track signals because there wasn't any consensus about how to do so. Jason Kint, CEO of the online publishers' organization Digital Content Next, points out that ad companies can no longer make that claim “This eliminates the industry's excuse of not knowing what the Do Not Track signal means,” he says in an email to MediaPost.
He adds that a broad rollout of do-not-track adoption probably will affect businesses that depend on tracking across sites, but won't have much impact on either large or small premium publishers.