European digital chief Neelie Kroes has lashed out at advertisers and others who are trying to keep tracking web users, no matter whether or not they opt out of being followed in this way.
The nascent Do Not Track (DNT) standard is supposed to allow people to opt out of having their web-surfing tracked through cookies, which are frequently used to target advertising at those users. DNT is implemented through a browser setting, which tells websites what the user's preference is. All the widely-used browsers, except for Google's Chrome, implement it in some form.
The standard is being finalised at the World Wide Web Consortium (W3C). However, advertisers and marketers have been trying to neuter the standard in those discussions by insisting on storing data about people even if DNT is turned on, and even claiming marketing cannot be blocked because it is "one of the most important values of civil society".
In a speech on Thursday at the Centre for European Policy Studies, the digital agenda commissioner appeared to be losing patience with the standardisation process.
Kroes gets angry
"Let me be frank: standardisation work is not going according to plan. In fact, I am increasingly concerned about the delay, and about the turn taken by the discussions hosted by the W3C," Kroes said. "I know that my colleagues across the Atlantic, at the Federal Trade Commission, feel the same. What is the problem? Top of my list comes the watering down of the standard.
"What is the problem? Top of my list comes the watering down of the standard" — Neelie Kroes
"I said it last June, and I said it in January. Loud and clear. But, for the avoidance of doubt, I will say it again today: the DNT standard must be rich and meaningful enough to make a difference when it comes to protecting people's privacy. It should build on the principle of informed consent, giving people control over their information."
Without mentioning it by name, Kroes referred to a patch, submitted by Adobe's Roy Fielding to the Apache web server project, that overrides Internet Explorer 10's DNT settings.
"Recently, there were reports about a popular web server introducing a feature that amounted to overriding the DNT signal; in effect, ignoring users' wishes. I find that troubling, and undesirable," she said.
The commissioner stressed that online business has to take account of online privacy, otherwise "it won't work at all because people won't use what they don't trust".
Kroes noted that the consensus within the W3C group seemed to suggest any agreed DNT standard would only apply to third-party cookies. In Europe, the e-Privacy Directive insists that people should be able to block many kinds of first-party cookies as well.
"I am not naïve. The way the discussion is going right now shows that the DNT standard, on its own, will not guarantee satisfying legal cookie requirements," Kroes said.
"If you want to track Europeans, you have to play by our rules" — Neelie Kroes
However, she insisted that DNT was "still useful and valuable", as it represented a standardised way of addressing e-privacy.
"In short, nobody in Europe should want to see DNT standardisation stall or fail," she said. "It's in no one's interest. The cookie consent rules will be enforced and providers will have to comply. Nobody wants users who can't trust the web; nobody wants expensive ad-hoc solutions; nobody wants to be sued for illegal tracking.
"When I say this is in everyone's interest, I mean everyone. Including American companies. Because if you want to track Europeans, you have to play by our rules."