In its just-released preliminary framework for protecting Internet users’ privacy, the Federal Trade Commission “suggests implementation of a ‘Do Not Track’ mechanism” reminiscent of the very successful Do Not Call list it launched in 2003. The do-not-track mechanism, “likely a persistent setting on consumers’ [Web] browsers” would allow consumers to choose “whether to allow the collection of data regarding their online searching and browsing activities,” the FTC says.
The San Francisco Chronicle called the idea “a nice dream,” pointing out some hurdles. First, a binary do-or-don’t system would be kind of a blunt instrument for Net users who don’t mind being tracked by some sites and would opt out of being tracked by others. Browsers may at some point give users the option when they go to specific sites, so they can pick and choose (browser makers Microsoft, Apple, Mozilla, and Google have been experimenting with “do-not-track tools in their browsers,” the Wall Street Journal reports).
A much bigger issue is whether the FTC’s proposal will have “teeth”: legislation. According to the Chronicle, “Web sites who depend on user tracking for advertising dollars aren’t going to opt out voluntarily. That means a law is required, like the one that created the Do Not Call registry. Even the FTC admitted that it’s powerless to implement its recommendation without legislation from Congress.” If such legislation did happen and “Do Not Track” became as popular as “Do Not Call,” it “could directly affect the billions of dollars in business done by online advertising companies and by technology giants like Google that collect highly focused information about consumers that can be used to deliver personalized advertising to them,” according to the New York Times (though Google search doesn’t profile searchers but rather targets adds to their search results).
The House of Representatives is looking at the do-not-track question too. The FTC’s report was released the day before the House Subcommittee on Commerce, Trade, and Consumer Protection was to hold a hearing entitled “Do-Not-Track Legislation: Is Now the Right Time?” Meanwhile, there are already some tech privacy controls at users’ disposal, the Chronicle reports: “Technical solutions like InPrivate Filtering [for the Internet Explorer browser] and TrackerBlock aren’t perfect, but they’re available today.”
As for Net users under 18, there’s more to come, certainly: The FTC said that, “in addition to making policy recommendations, it “will take action against companies that cross the line with consumer data and violate consumers’ privacy – especially when children and teens are involved.” It’ll be interesting to see if the Commission next recommends that the Children’s Online Privacy Protection Act include a rule that sites aimed at children may not profile or track them (with third-party cookies – see this). It should. And any site with significant use by 13-to-17-year-olds should provide them with a no-tracking default. Minors’ privacy settings should be set at the strictest levels by default so that they can opt out of strict privacy, not have to opt into it.
* My previous post about minors’ online privacy: “Youth privacy study: Should focus be only on parents’ views?”
* COPPA for teens? No. I agree with policy analyst Adam Thierer that COPPA should not be extended to cover Net users aged 13-17 (he gives his reasons here) because I feel that COPPA was designed for children, not teens, and teens should enjoy the same privacy protections as adults – with the addition of the default settings mentioned above, a measures that needs to go into online privacy practices and legislation aimed at protecting users of all ages. So I do agree with Common Sense Media’s privacy principles but not its call for the extension of COPPA’s age range to everyone under 18.
* “FTC’s milestone report on virtual worlds”