W3C unveils draft 'do not track' standards

In a bid to address rising concerns about online privacy, the World Wide Web Consortium (W3C) has published two first drafts outlining standards that will allow users to express preferences related to online tracking.
Written by Ellyne Phneah, Contributor

In a bid to address rising concerns about online privacy, the World Wide Web Consortium (W3C) has published two first drafts outlining standards that will allow users to express preferences related to online tracking.


(James, I think your cover's blown! image by Ludovic Bertron, CC BY 2.0)

To help users control how they want their personal data managed, W3C on Monday unveiled the Tracking Preference Expression (DNT), which defines mechanisms for the online user community to express cross-site tracking preferences, and for sites to indicate whether they honour these preferences. The consortium also released the Tracking Compliance and Scope Specification, which defines the meaning of a "Do Not Track" preference, and sets out practices for websites to comply with these guidelines.

These documents are early works of a broad set of stakeholders in the W3C Tracking Protection Working Group which includes browser vendors, content providers, advertisers, search engines and experts in policy, privacy and consumer protection. Participants in this group currently include Apple, Facebook, Google, IBM, Mozilla Foundation, Microsoft, Yahoo and Stanford University. Invited experts include representatives from the Electronic Frontier Foundation (EFF) and the US Federal Trade Commission (FTC).

The Tracking Protection Working Group was chartered to address privacy concerns of users and regulators, as well as offer recommended web business models, which rely heavily on advertising revenue.

"Smarter commerce and marketing strategies can and must coexist with respect for individual privacy," Matthias Schunter, a member of IBM Research and co-chair of the working group said in a statement. "Open standards that help design privacy into the fabric of how business and society use the web can enable trust in a sustainable method."

These new standards will also enable users to express their preferences regarding how data about them should be collected for tracking purposes, establishing a new communication channel between users and services to prevent surprises and re-establishing trust in the marketplace.

Additionally, the proposed standards will define mechanisms for sites to signal whether, and how, they honour these user preferences and provide a mechanism for allowing the user to grant site-specific exceptions to DNT.

"We know there are many types of users — some eagerly welcome the benefits of personalised web services, while others value their privacy above all else," Aleecia McDonald, Mozilla Foundation and co-chair of the Tracking Protection Working Group, noted in the statement. "'Do Not Track' puts users in control, so they can choose the trade-offs that are right for them."

Privacy challenges with expanding platforms

According to W3C, the expanding web of connected devices and services has also created powerful applications that users desire, but with privacy implications that they may not always recognise.

Advertisers that play an important role in web business models want to customise ads based on user behaviour — similar to how market data is used for placing ads in print media and TV commercials. Website owners also want to understand traffic and purchasing patterns accordingly, and social-networking widgets gather personal data that users volunteer, the consortium added.

On the other hand, powerful search engines make it easy to aggregate information and identify potentially sensitive data. Hence, various organisations routinely collect data from such content, and from user visits to a site.

Many users appreciate the personalisation made possible through data collection, such as improved user experience, reduction in irrelevant or repetitive ads and avoidance of "pay walls" or subscription-only services. However, others perceive such user-targeted messages as intrusive, incorrect or amounting to junk mail, and reflect strong negative feelings when data collected at a trusted site is used or shared without the user's consent.

Via ZDNet Asia

Editorial standards