Web to get 'do not track' privacy standards

The World Wide Web Consortium has published the first drafts of two new standards designed to protect the privacy of web surfers.

The draft standards, entitled Tracking Compliance and Scope Specification and Tracking Preference Expression, came out on Monday. The W3C said it expects the new standards to be finalised in June next year.

The first standard provides a definition of Tracking Preference Expression, also known as Do Not Track, or DNT. The second gives users a standardised method to say whether or not they agree to being tracked across sites, while also giving site operators a way to indicate that they honour this preference. Users will be able to grant specific sites exemptions to a DNT preference.

"Smarter commerce and marketing strategies can and must co-exist with respect for individual privacy," Matthias Schunter, the chair of the W3C Tracking Protection Working Group and an IBM researcher, said in a statement. "Open standards that help design privacy into the fabric of how business and society use the web can enable trust in a sustainable manner."

The W3C's working group includes representatives from most of the web's biggest companies, ranging from Apple and Microsoft to Google, Facebook and Mozilla. According to the statement, the group is trying to "address both the privacy concerns of users and regulators, and the business models of the web, which today rely heavily on advertising revenue".

Sharing information

People share an increasing amount of information with web service providers, although they often do not realise they are doing so. The information, usually gained by tracking the user with cookies, helps companies tailor advertisements and modify their own sites to be more useful.

It is a technique that has been around for years and is integral to the business models of many companies, such as Google. However, it has increasingly caught the attention of regulators and lawmakers. Facebook, for example, has been targeted by members of the US Congress for tracking its users when they visited sites with an embedded 'Like' button, even while they were logged out of Facebook itself.

Open standards that help design privacy into the fabric of how business and society use the web can enable trust in a sustainable manner.

– Matthias Schunter

"Many users appreciate the personalisation made possible through this data collection: an improved user experience, reduction in irrelevant or repetitive ads, and avoidance of 'pay-walls' or subscription-only services," the W3C said. "Others, however, perceive targeting as intrusive, incorrect or amounting to junk mail. In particular, it can evoke strong negative feelings when data collected at a trusted site is used or shared without the user's consent."

According to the W3C, letting web surfers decide whether or not to allow tracking "helps to establish a new communication channel between users and services to prevent surprises and re-establish trust in the marketplace".

Aleecia McDonald, a senior privacy researcher at Mozilla and co-chair of the Tracking Protection Working Group, said DNT will let people "choose the trade-offs that are right for them". She also described the group's discussions on the matter as "constructive", although she suggested that decisions were not yet reached by consensus.

DNT is already an option in many browsers such as Chrome and Safari, although in an unstandardised way.

Commission warning

The timescale for the standards' final publication fits in nicely with the wishes of the European Commission, which warned web companies in June that they would need to get DNT sorted out by mid-2012.

At the time, digital agenda commissioner Neelie Kroes said companies had to agree on what they mean when they say they are honouring DNT, or else the Commission would "employ all available means to ensure our citizens' right to privacy".

Other ideas have been floated as to how to ensure online privacy when the user wants it. W3C director Tim Berners-Lee, who effectively invented the web by writing the Hypertext Markup Language (HTML), said in October that people could end up putting their data into personalised cloud storage that they control. This would allow people to grant social networks, for example, access to their data when appropriate.