With the push from users and legislators towards DNT and with most browsers providing users with the choice of a DNT setting, it is important for businesses to be ahead of the curve. In addition to an organization’s existing policies and safeguards under the Personal Information Protection and Electronic Documents Act (PIPEDA), businesses should have a clear DNT policy and should effectively communicate that policy to the user, explaining exactly what the business is doing with consumer data once a user has chosen not to be tracked.

Mozilla recently put out a useful DNT guide for developers and businesses which contains a number of best practices. It suggests you:

  • Define exactly what your DNT policy will mean:
    • will it allow first-party use of consumer data?
    • how does it treat third-party use of consumer data?
    • will it include data collection as well as data use?
    • are there exemptions for fraud prevention and law enforcement?
  • Implement the DNT policy:
    • stop collecting and using data in a way that is in conflict with your policy (e.g., data for third party OBA)
  • Clearly communicate the DNT policy:
    • call attention to your DNT policy, in a banner in your privacy policy or a graphic off to the side, or in other attention-getting ways
    • communicate any changes you make to your DNT policy on an ongoing basis