We spoke with a media company that has a large portfolio of intellectual property. They keep statistics on the popularity of their offerings, which are accessible through partner websites. The company was very happy to adopt DNT because they like a privacy signal that is not tied to cookies. The media company already had extensive infrastructure for opt-out cookies in place, with a central location to opt out of partner sites, and they were able to leverage that for supporting DNT. It took one engineer a few hours to complete their DNT implementation.
When they detect a DNT header from a user, they perform the following steps:
- Stop setting any new cookies for that user.
- Continue to count the aggregate number of visits to a given media offering, but for DNT users they do not count unique visitors.
- Clear all data in their cookies.
- Set the cookie expiration date to the past so the cookie will b e deleted.
Initially, the media company treated Do Not Track more like a pause button than a stop button, in that they did not delete information they stored in users’ cookies. This way if a user was only experimenting with DNT and later turned DNT off, the media company would recognize them again and resume normal practices. A blogger performing Web forensics raised concerns when he noticed that the media company advertised DNT support, yet kept information stored in cookies. It can be difficult to convince users that even though users see your cookie on their hard drive, you are not reading it. In the end, the media company decided it was easiest just to delete the cookies for DNT users rather than try to explain the nuance of their initial implementation, and they revised their approach to the one we outlined above.
Up: Case studies
Previous: 2 Technology provider
Next: 4 Software company