EU digital chief attacks Do Not Track 'watering down'

EU digital chief attacks Do Not Track 'watering down'

Summary: Digital agenda commissioner Neelie Kroes has laid into attempts by advertisers and marketers to override web surfers' cookie preferences when it comes to being tracked, saying the DNT standard is in everyone's interests.

TOPICS: Privacy, Browser, EU

European digital chief Neelie Kroes has lashed out at advertisers and others who are trying to keep tracking web users, no matter whether or not they opt out of being followed in this way.

Neelie Kroes
Neelie Kroes

The nascent Do Not Track (DNT) standard is supposed to allow people to opt out of having their web-surfing tracked through cookies, which are frequently used to target advertising at those users. DNT is implemented through a browser setting, which tells websites what the user's preference is. All the widely-used browsers, except for Google's Chrome, implement it in some form.

The standard is being finalised at the World Wide Web Consortium (W3C). However, advertisers and marketers have been trying to neuter the standard in those discussions by insisting on storing data about people even if DNT is turned on, and even claiming marketing cannot be blocked because it is "one of the most important values of civil society".

In a speech on Thursday at the Centre for European Policy Studies, the digital agenda commissioner appeared to be losing patience with the standardisation process.

Kroes gets angry

"Let me be frank: standardisation work is not going according to plan. In fact, I am increasingly concerned about the delay, and about the turn taken by the discussions hosted by the W3C," Kroes said. "I know that my colleagues across the Atlantic, at the Federal Trade Commission, feel the same. What is the problem? Top of my list comes the watering down of the standard.

"What is the problem? Top of my list comes the watering down of the standard" — Neelie Kroes

"I said it last June, and I said it in January. Loud and clear. But, for the avoidance of doubt, I will say it again today: the DNT standard must be rich and meaningful enough to make a difference when it comes to protecting people's privacy. It should build on the principle of informed consent, giving people control over their information."

Without mentioning it by name, Kroes referred to a patch, submitted by Adobe's Roy Fielding to the Apache web server project, that overrides Internet Explorer 10's DNT settings.

"Recently, there were reports about a popular web server introducing a feature that amounted to overriding the DNT signal; in effect, ignoring users' wishes. I find that troubling, and undesirable," she said.

The commissioner stressed that online business has to take account of online privacy, otherwise "it won't work at all because people won't use what they don't trust".

Losing hope?

Kroes noted that the consensus within the W3C group seemed to suggest any agreed DNT standard would only apply to third-party cookies. In Europe, the e-Privacy Directive insists that people should be able to block many kinds of first-party cookies as well.

"I am not naïve. The way the discussion is going right now shows that the DNT standard, on its own, will not guarantee satisfying legal cookie requirements," Kroes said.

"If you want to track Europeans, you have to play by our rules" — Neelie Kroes

However, she insisted that DNT was "still useful and valuable", as it represented a standardised way of addressing e-privacy.

"In short, nobody in Europe should want to see DNT standardisation stall or fail," she said. "It's in no one's interest. The cookie consent rules will be enforced and providers will have to comply. Nobody wants users who can't trust the web; nobody wants expensive ad-hoc solutions; nobody wants to be sued for illegal tracking.

"When I say this is in everyone's interest, I mean everyone. Including American companies. Because if you want to track Europeans, you have to play by our rules."

Topics: Privacy, Browser, EU

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • props to Microsoft on this one

    As far as Apache and Google's lobbyists go - DO NO EVIL.
    • It not just google and apache lobbyiests its the companies from

      top to bottom. Lobbyists are to blame for google chrome not supporting dnt. Its developers who would write the code, the management that is stopping them, the upper management that makes the decisions. This goes all the away to the top at google, to Larry and Sergey. This is yet another example that their do no evil slogan is a marketing crock that only idiots should believe. Do no evil here would be doing exactly what MS did, support dnt and make it and user privacy the default. Time for the US/EU to pass laws to levy heavy fines against anyone who doesn't honor dnt.
      Johnny Vegas
      • correction NOT to blame

        Nice step backward taking away edit zdnet, You've had about 100x as much time as you need to fix this.
        Johnny Vegas
  • Kudos to MS

    Google is spying everywhere to sell their shitty ads. Companies who don't respect user privacy must be banned from doing business. Regarding the Apache web server project update, its is nothing but a total shame. I am really glad that EU is taking this privacy issue very seriously.
  • It was never gonna hold.

    Really, it was never gonna hold. I said as much when I first heard about it, and it appears to be coming true.

    Yeah, a little user set flag in the protocol that's easy to ignore. A marketing industry that is bent on recording everything about users unchecked. And now they're leveling the false (but likely convincing to lawmakers) argument that it's really good for society.

    Sorry, but it was never gonna happen. I'm surprised that marketing businesses have cooperated at all.
  • Question...

    Why is there any reason for the ISP to pass along the IP address of the user? I mean annonymous servers don't do it so why must ISPs?
    • Wrong question

      it has nothing to do with the ISPs. The IP address is how the server knows where to send the content, if they don't have the IP address, they can't send the page.

      The problem is, if you look at a page like this one, is that there is content from around 20 different domains displayed on it. Each of those have your IP address in order to send their bit of the content. Each of those should be looking at the DNT flag and if the user says they don't want to be tracked, they should not store the IP address or put a cookie on the PC.

      If they store the IP address or put a cookie on the machine, they can see which other sites you have visited, where they are also advertising partners etc. and they can learn from your browsing habits, what sort of adverts are most likely to appeal to you.

      Unfortunately, they don't really know. For instance, I find Flash ads annoying and block them on most machines, but I would never buy through an advert that is annoying and disturbs my browsing.
  • Good for the EU

    Nice to hear someone standing up for common sense, and the common man. The unreal gibberish recently by the various groups supporting the advertisers and marketers was just plain insane. And apparently, the W3C is just a bunch of wussies. For now we will have to use 3rd party add-ins - but - if all they are doing to setting the DNT flag to "don't track", they will be ignored by web servers too. There's got to be another way for the consumer to actually disable tracking.