On July 16, 2013 the Tracking Protection Working Group of the World Wide Web Consortium (W3C) rejected proposals by the advertising industry (made through the Digital Advertising Alliance or DAA) for a standard that would assist Internet users in controlling the tracking of their online behavior to target them with more relevant ads. See http://www.w3.org/2011/tracking-protection/2013-july-decision/. Basically, the dispute boils down to whether the standard should be do not track or do not target. The DAA has an existing do not target program whereby notice of online behavior advertising (OBA) is attached to OBA ads and a user can opt-out by causing a cookie to be associated with their browser that tells DAA members not to send OBA ads. It does not prevent tracking and profiling of consumers generally. The WC3 wants a universal signal that would prevent tracking and collection of user information for most third party purposes, including building behavioral profiles. A key part of the debate is whether so-called “aggregate scoring” should be permitted. In a DNT situation, the DAA would like to continue aggregate scoring whereby the user’s exact browser behavior is not kept (e.g., the exact third party websites visited) but an aggregated interest summery would be retained (e.g., interested in buying a new car). The DAA also wanted DNT to apply only to limit the restricted activities across unaffiliated sites, where the WC3 is concerned about retargeting users on a single site. Part of the conflict stems out the WC3’s concern about harmony with EU law, which is more protective of consumers that US law and required express consent to data collection. If the W3C moves forward, as it is seeking to do, to develop a standard for DNT that the US advertising industry rejects, US publishers and advertisers can ignore it. That is, of course, unless Congress were to act to adopt legislation that followed the WC3 approach. There are other disputes regarding data hygiene and de-identification, but the conflict over whether DNT means don’t track or don’t target, is so fundamental and the parties are so far apart, the debate on these subsidiary issues pales in comparison to the data collection issue.
- Checklist Checklist: Managing a dawn raid Recently updated
- Checklist Checklist: When and how to appoint a data protection officer (EU) Recently updated
- How-to guide How-to guide: How to deal with a GDPR data breach (EU) Recently updated