DNT case study 1: Advertising company

We spoke with the engineer who implemented DNT at an advertising company. He came to work one morning, read about DNT in Slashdot, and wrote a few lines of code. Start to finish, the implementation took approximately thirty minutes of his time. The advertising company already had an existing code base to support opt-out cookies so they were able to reuse existing code.

When they detect a DNT header from a user, they perform the following steps:

  1. Set the content of their remarketing cookies to an empty string. This removes all identifiable data from the cookie at once.
  2. Set the expiration date for the user’s cookies to a time in the past. This deletes their cookies the next time the user requests the page, which may not happen immediately.
  3. Their existing code logged every time they could not set a cookie, as well as every time they detected an opt-out cookie. They added a new category for every time they detect a DNT header. This logging happens based on which branch of their code executes, and is not tied to any user information. As a result they cannot tell how many unique users have DNT turned on, but they know what percentage of their traffic involves blocked cookies, opt-out cookies, or a DNT header.
  4. They do not set a new opt-out cookie. They reasoned that anyone with a DNT header probably also manages their cookies. An opt-out cookie would either not be set at all, or would be deleted quickly. They do use all of the same code already in place when they read opt-out cookies, and treat DNT just like an opt-out cookie.
  5. If a user is viewing the privacy policy with a DNT header on, they communicate directly with the user. They conclude their privacy policy with a colored box addressed to DNT users, confirming the ad company received the DNT header and will not track the user. They also remind users that DNT applies to each browser, so users may need to set DNT in multiple places. This again parallels their opt-out cookie support. Without a DNT header, users see a colored box that reports whether they have opt-out cookies or not, and includes a button to opt out if there is no opt-out cookie set.

The advertising company considered implementing DNT a “no brainer” because it was straightforward to code and gives users another way to express privacy choices. As an ad network they already had done the work to support opt-out cookies, so DNT was easy to add. The ad company sees DNT as just one more form of communication with their users. They decided there was no reason to wait to implement DNT when they could handle it so quickly and demonstrate commitment to supporting users’ privacy choices.

Up: Case studies

Next: 2 Technology provider

Document Tags and Contributors

 Contributors to this page: Sheppy, jswisher
 Last updated by: Sheppy,