First, they created a table of all of the product lines they offer. They classified them by products that can see a DNT header and those that cannot (for example, a stand-alone desktop application is not affected because it cannot read a DNT header). For those products that do see a DNT header, they then looked at the details of the product offering. In a few cases they decided it did not make sense to honor a DNT header. For example, they have a small research group with projects of fewer than 100 people, where the point is to get feedback from customers. Customers understand they are sending a great deal of data, including stack traces or debugging information. In this case they decided the appropriate action was to add a note to the top of the download page, visible only to users with Do Not Track enabled. They remind DNT users that despite their preference to avoid tracking in this case their involvement requires data collection and use, and to please not take part in the research if they are not comfortable with that. In other cases, the legal team took notes of which projects they need to investigate further, and which engineers to
speak with. They are going to approach project leaders one-by-one to determine the best way to respond to DNT for any given product.
Second, they created a list of “hot spots” of areas to watch for in all products. These were:
- IP logging
- Email containing HTML beacons
- Internal website metrics
- External analytics vendor
Their analytics partner offers an opt-out cookie, but does not support DNT at this time. They determined they will need to require any analytics partner to honor DNT in the future, and added that to the list of points to negotiate when their contract comes up for renewal in a few months. For the remaining three areas, they will contact the engineers involved to speak about how they collect and use data, and determine the best way to respond to DNT. These issues cross product lines.
Up: Case studies
Previous: 3 Media company