Self-Regulation Solves the Do Not Track Problem
In the past 30 days, we’ve seen Do Not Track proposals reach a crescendo, and the stakes for both the industry and the consumer can’t be overstated. Many of the proposals strike at the core of how web content is delivered, optimized, and funded, and would have a highly disruptive impact on medium to small size firms. Many influential parties are supportive of Do Not Track (DNT), but they all define the concept differently. Does DNT address the consumer need? And how could the DNT debates shape your view of the self-regulatory program?
Let me catch you up on some recent events. In July 2010, FTC Chairman John Leibowitz expressed support for DNT in congressional testimony. In December 2010, an FTC privacy report featured DNT and a House subcommittee held a DNT hearing. In January 2011, the CDT published a paper proposing a definition of ‘tracking’ for DNT. Also in January, Microsoft, Google, and Mozilla announced significant new features to make available widely different forms of browser based DNT.
DNT carries heavy associations with the Do Not Call list, which the FTC launched in 2003. But Do Not Call dealt with an issue that was substantially less complicated and did not require browser level technology to enforce. Tracking occurs invisibly, many times, by many parties on the typical page load, and for diverse purposes, many of which the consumer expects. To keep bad actors at bay, government would need more than legal recourse, but also technology solutions that would block trackers across a global internet.
Do Not Track: What IS it?
Presumably, a Do Not Track service could allow a consumer to stop third parties from monitoring and recording her online behavior. But two major complications arise immediately, even amongst DNT supporters:
#1: Definition of ‘tracking’: 3rd parties span a wide range of business models, many of which provide basic functionality on the internet that consumers have come to expect, even if specifics of how these 3rd parties use their data are not well understood. Most DNT proponents will concede that there are substantial categories of tracking that should be exempted from DNT to preserve basic web functionality, including 1st party tracking, tracking for anti-fraud purposes, tracking for aggregated analytics, tracking for fulfillment of basic transactions, etc. Therefore, after signing up for DNT, tracking would continue, sometimes for behavioral advertising (1st party), sometimes by 3rd parties for ad selection (frequency capping), and by a range of 3rd parties (analytics, shopping cart providers, security firms, etc). Where does a reasonable person draw the line so that consumers are protected without breaking an excessive portion of how they expect the internet to behave? And assuming that the right balance can be found, how will consumers feel about a DNT solution that bills itself as simple, but represents the realization of a complicated policy conversation and fails to stop a wide array of tracking?
#2: Implementation: Assuming that we can resolve the definition question, who will run this beast? Public companies with massive advertising operations that operate most of the leading browsers? These companies also have some of the leading 1st party consumer brands on the internet, which exempt them from many of the tracking categories blocked by DNT, which begins to sound like a conflict. So who then, the government? If DNT should be simplified, who is the natural provider?
Preservation of Choice and the ‘Great Lost Consumer’
We’re in the midst of a golden age of innovation in privacy technologies. Consumers that are so inclined have a growing array of tools to manage their privacy online. These tools range from the aggressive and technical (NoScript, Adblock Plus), to the simple and ad industry friendly (NAI/AboutAds.info opt-out page, Facebook privacy settings), with many options in between (Ghostery, which Evidon operates; TrackerBlock, etc.) Each of these tools approaches the policy, technology, and larger political conversation differently, which is precisely the point. Privacy requires the active management of trade-offs.
So if the proactive already have ways of creating their own DNTs, why do we need a formal DNT? It’s about the passive majority, which can collectively be described as the ‘Great Lost Consumer.’ Does the Great Lost Consumer really know that they are being tracked on the internet? Are they aware that when they log onto the New York Times, more than 1 company is collecting data about them? The data actually suggest that yes, they do. The majority of them know that they’re being tracked, and they know that companies are tracking them to customize content and advertising. The Great Lost Consumer is not nearly as hopelessly unaware as many advocates would have you believe.
Now it’s also true that consumers don’t know enough about who is tracking them, what their data is being used for, and how to take control. This is where the industry needs to improve substantially, both through the self-regulatory program and beyond. The consumer needs contextual notice, real information, and easy controls.
Perhaps the most dangerous impact of a formal DNT, is that it becomes a mass invite to the passive majority to participate in a discussion about complicated and personal value propositions on false pretenses. If you ask the Great Lost Consumer if they want to be tracked, the answer is no. If you ask her if they prefer customized content and advertising, the answer is yes. We would therefore expect for a great portion of the population to sign up for DNT and to be frustrated by the results. If they reverse their decision, they are back where they started, no more informed and sour on the whole experience.
The consumer also expects the content they consume to continue unabated, but the networks and data companies that would be most impacted by a DNT list, are precisely the companies that small and medium sized web sites rely upon to compete with the biggest players. The top companies have 1st party relationships with the consumer and massive scale. If smaller sites can’t pool their audiences leveraging 3rd party technologies, they will wither and die.
DNT relies on the false promise of a privacy ‘on-off’ switch, and encourages the masses to make a blunt decision, without context, with massive negative impact on industry that will circle back to the consumer.
DNT and Self-Regulation: What’s a company to do?
Despite all of the DNT talk, the Self-Regulatory Program for Behavioral Advertising is beginning to make a significant impact. In October of 2010, the Digital Advertising Alliance launched with a cross industry Advertising Options Icon. Over the first four months of the program, Evidon delivered over 10 billion icons on behalf of advertisers, each with notice about targeting and opt-out choice for the companies behind the campaign. Over 400,000 people clicked through on the icon to pages that informed them about how their data was being used, with the great majority declining to opt-out. In the first quarter of 2011, both the DMA and the BBB will launch their enforcement programs.
The leading trade associations for online marketing, including the IAB, are unified behind the program, and view it to be industry’s best hope to avoid draconian legislation and now ‘draconian DNT.’ We could still have a bill (several are circulating and more are expected). We could still have DNT. Avoiding both entirely may be a long shot. But what kind of bill? And will DNT allow responsible players to continue their businesses without massive disruption?
The folks in DC that will ultimately define these programs are challenging industry to step up and give them a reason to believe that self-regulation has a role to play. And depending on how widely credible self-regulatory tools are deployed, they will decide how aggressively government needs to step in to fill the gap.
Time is of the essence right now. The window of opportunity to influence the conversation is beginning to close. Yet everyone believes that the commercial market has a role to play and want to see leaders on privacy rewarded.
So to aid your evaluation of where your company should stand with the self-regulatory program, consider the following:
- If self-regulation fails, we get draconian legislation + draconian DNT
- If self-regulation succeeds, we likely get neither
- If this ends in a compromise, all indications are that corporate leaders in the self-regulatory movement will be rewarded
- If you want to influence the outcome, you must act now
- The self-regulatory movement is about empowering the consumer; do right by the consumer and your brand will benefit (with or without a self-regulatory program)
It’s time to get on board with self-regulation and DNT is just the latest in a list of good reasons.