Many digital marketers consider tracking user browser history a key strategy to understanding consumer behavior. With this information, they can target users with specific advertising based on their recent search history.
Consumers, however, usually don’t appreciate this kind of data collection. For reasons of personal privacy or a desire to limit the kind of advertising they see as they browse the web, many choose to enable what is commonly referred to as the “Do Not Track” (DNT) option in their browsers before surfing.
The DNT option is a feature of all major browsers that run on desktop and mobile devices, except for iOS, where only Safari has this feature. When enabled, websites are informed by a DNT Signal that an individual has requested that his or her history not be tracked. Websites are under no obligation to comply with this request, but should disclose whether or not they choose to do so.
1. What Is a Do Not Track Disclosure?
Examples of websites with DNT disclosures
Charles Schwab: The Charles Schwab investment firm states within its disclosure that its websites do not comply with DNT requests because there is no accepted standard of how to respond to DNT signals and no agreed-upon definition of “tracking.”
Charles Schwab admits to engaging in “online behavioral advertising,” including retargeting ads, but reassures users that the information it collects identifies browsers and not individuals.
LinkedIn: LinkedIn also does not respond to DNT signals. Like Charles Schwab, the professional networking platform points to the lack of an industry standard for DNT response.
The site’s disclosure takes pains to explain that it does not use personally identifiable information in its execution of advertising policies, an added step to reassure users since LinkedIn contains volumes of user-submitted personal information.
The California law is only one example of legislation that is either pending or under consideration by lawmakers at the state, federal or international level. Increasingly, consumers are aware of the amount of data they divulge by going online and want greater assurances that their information is protected.
3. Applicable Laws For DNT Disclosures
To give you a clear understanding of the legal landscape regarding DNT disclosures, we’ve provided all current state and Federal legislation pertaining to them below:
The Federal Communication Commission
In late 2015, the Federal Communications Commission denied a request from a consumer watchdog group that would have made compliance with do-not-track requests mandatory. The FCC stated it would not step in to regulate internet service providers, claiming this technology doesn’t fall under its purview.
The California Online Privacy Protection Act
An amendment to California’s online privacy law, the California Online Privacy Protection Act, has made it compulsory that websites reveal how they respond to a do not track request. As a result, consumers have a greater level of awareness of how websites use information about their surfing habits and can make the choice to either stay on the website or leave.
Children’s Online Privacy Protection Act
Although only California has dealt specifically with the issue of DNT signal disclosure, recent amendments to the Children’s Online Privacy Protection Act have placed further responsibility on website owners that collect children’s information. Part of that responsibility is honoring the request of parents when it comes to that information.
4. Future Developments
The history of legislative attempts to enforce consumer DNT requests goes back to 2010, when the amount of data tracked by websites first became widely known. As recently as December 2015, a federal bill was introduced into the U.S. Senate to give consumers greater control over the use of their browsing information.
Although not yet law, the federal bill is an indication that authorities are attempting to prioritize consumer privacy online. U.S. regulators are also watching the situation closely.
In January 2017, the FTC released a report that recommended transparency in the use of cross-device tracking, where browsing behavior on one device creates ads on another device linked to the same person.
In April 2017, the EU Working Party on data protection recommended a number of protections with regards to consumer data, including a prohibition on “take it or leave it” websites that do not allow consumer access without agreeing to allow for information tracking. While it does not explicitly mention DNT signals, the report indicates that this kind of data collection is also on the radar of EU authorities.
As a business, it’s wiser to err on the side of transparency and full disclosure. Many sites are dependent on retargeted advertising as a source of revenue and value the information they gather from tracking user history. In order to comply with the law, especially as regulators seem more willing to mandate privacy protection and safeguard user trust, it simply makes sense to reveal website activity.