DNT case study 2: Technology provider

We spoke with a company that is currently designing their DNT support. This company works with DSPs, ad networks, and others as clients for targeted advertising, as well as providing fraud detection services. The technology provider uniquely identifies users through a variety of means, including browser fingerprinting, which is not cookie-based.

The company told us they are interested in DNT because it is a persistent way for users to express preferences and to opt-out permanently. Cookie-based solutions become difficult to explain, with users trying to clear cookies for privacy yet keep opt-out cookies at the same time. The company is particularly interested in being able to communicate with users, to give notice of business practices, and then provide a choice mechanism. They have already built a platform to allow users to opt-out of some data collection and use, and they are currently implementing all DAA requirements so they can join the DAA opt-out page as well.

One of the advantages to their pre-existing solution is that it is flexible: Users can opt out of some clients but not all. In contrast, DNT is currently a single signal that users do not want to be tracked, and does not allow users to make individual exceptions on a per-company or per-advertiser basis. The company concluded that DNT’s advantages make it worthwhile to implement now, while being engaged in DNT innovation and standards in the future.

When they detect a DNT header from a user, they expect to perform the following steps:

  1. Stop collecting and using data for third-party OBA.
  2. Continue to collect and use data for fraud prevention.
  3. Largely continue to collect and use data for first-party analytics and customer recognition. They will offer their customers the option to interpret DNT to mean no first-party collection and use at all, or not, and it will be up to each advertising network to choose. Each ad network must have a privacy policy that discusses how they interpret Do Not Track and to clarify to what extent they support the DNT header. In some cases opt-out cookies will conflict with the policy of ignoring DNT for first-party, if a user has a specific opt-out cookie for the advertising network. In that case the opt-out cookie will be honored.

This company’s approach to ignoring DNT for fraud prevention is likely to be less controversial than the final point on first-party use. The idea that users must have both opt-out cookies and DNT on to be fully protected may cause consumer backlash, depending on whether users think DNT applies to first parties or not, and whether they think first-party status extends to business partners.

In addition to responding to the DNT header, the company is adding more feedback for DNT users on its own preferences page, where they currently manage user opt-outs. When a DNT-enabled user visits the preferences page, the user will see an acknowledgement that DNT is on, plus an explanation of which data practices are — and are not — affected by the DNT signal (e.g., fraud prevention). The technology company is considering passing information about DNT to clients via API calls, but that is not certain yet. They also hope to be able to help their clients have conversations with users who have TPLs or DNT on to explain to the end user what the data practices are, and see if users are interested in opting back in.

Up: Case studies

Previous: 1 Advertising company

Next: 3 Media company

Document Tags and Contributors

 Contributors to this page: Sheppy, trevorh, jswisher
 Last updated by: Sheppy,