Users have many privacy tools including setting opt-out cookies, using browser settings to enforce session cookies or blocking cookies entirely; ad blocking plugins that prevent content from loading; and Tracking Protection Lists (TPLs) in Internet Explorer. These are all unilateral actions taken by users, sometimes not based on an understanding of how the Internet works. DNT allows users to express their intentions and their desire for privacy. DNT also moves beyond cookie-based approaches. For example, DNT might affect a company that fingerprints users’ browsers or uses other forms of local storage, like Silverlight or LSOs (sometimes referred to as “Flash cookies” by the press.) Rather than needing to understand how these technologies work, users can enable DNT to signal a preference once and let companies determine how best to respond to that request.
Implementing DNT complements other self-regulatory mechanisms, and is not a replacement for your current investment in self-regulatory approaches. Privacy is a very nuanced, individual topic. Different users will be comfortable with different ways to manage their data. DNT gives them another way to voice their choices, and gives you another way to understand your users’ preferences.
The disadvantage of communicating via privacy policies is that few people read them. You might consider other ways to communicate with users, too, based on what you know of your site use patterns, and whether there are specific areas where privacy concerns are likely to be heightened.
Opt-out cookies and ad choice
Opt-out cookies and the Ad Choice campaign are complementary to Do Not Track. You may encounter users with:
- DNT on but no opt-out cookies
- DNT off but opt-out cookies
- both DNT and opt-out cookies
In all three cases we suggest that you treat this as a decision from the user that they do not want to be tracked on your site. The majority of your users will have neither DNT on nor opt-out cookies set, in which case you can respond with your normal practices.
Do Not Track and the law
There is no explicit regulatory requirement in any country that mandates implementing support for the DNT header. That said, there are legal and compliance-related considerations to keep in mind when designing how to support consumer requests not to be tracked online via browser-based DNT mechanisms.
The self-regulatory program being proposed by the online advertising industry currently does not include support for DNT, as implemented by browser manufacturers. In the United States, supporting members of the DAA and the IAB are required to offer an opt-out mechanism, but the program does not require support for the DNT header at this time.
Regulation may emerge, as early as 2012, if industry doesn’t show that it can support DNT on its own and/or current policy makers in the US and Europe aren’t successful with their proposals. In the United States, several commissioners and the chairman of the Federal Trade Commission have called for a Do Not Track system. Several legislative proposals have also been submitted at the state and federal levels that call for the creation of DNT. In Europe, a few policy makers at the national and country level have started to endorse the idea of DNT, including the Minister of the Department of Media, Culture and Sport in the United Kingdom and the Vice President of the European Commission’s Digital Agenda. Both policy makers are pushing for DNT support by mid-2012.
Please consult with your legal and privacy teams to weigh the regulatory and compliance risks associated with implementing support for Do Not Track.
Previous: What does tracking mean?
Next: Case studies
 See http://www.chitika.com/privacy
 Ad Choice puts an icon on ads. Users can click the icon and navigate to a page that lets them view and set opt-out cookies for different advertisers. In Europe, so far this is not seen as a viable alternative to affirmative consent to cookies. See http://www.aboutads.info/