To Track or “Do Not Track” – that is the Question

To Track or “Do Not Track” – that is the Question

By Omer Tene

Jules Polonetsky, Co-chair and Director of the Future of Privacy Forum, and I are delighted to announce that our paper, “To Track or ‘Do Not Track’: Advancing Transparency and Individual Control in Online Behavioral Advertising,” has been accepted for publication in the Fall 2011 issue of the Minnesota Journal of Law, Science, and Technology (MJLST).

The paper, which was presented at the last Privacy Law Scholars Conference (PLSC) in Berkeley, reviews and criticizes the current debate on online behavioral tracking, including the Federal Trade Commission’s Do Not Track (DNT) proposal.

The past decade has seen a proliferation of online data collection, processing, analysis and storage capacities leading businesses to employ increasingly sophisticated technologies to track and profile individual users. The use of online behavioral tracking for advertising purposes has drawn criticism from journalists, privacy advocates and regulators. Indeed, the behavioral tracking industry is currently the focus of the online privacy debate, with DNT at the center of attention. We point out that the debate surrounding DNT and specific details of its implementation disguises a more fundamental disagreement among stakeholders about deeper societal values and norms. Unless policymakers address this underlying normative question – is online behavioral tracking a societal good or an unnecessary evil – they may not be able to find a solution for implementing user privacy preferences.

By emphasizing “notice and choice” (or “transparency and consent” in European parlance), the current legal framework imposes a burden on businesses and users which both sides struggle to lift. Users are ill placed to make responsible decisions about their online data, given the increasing complexity of the online information ecosystem. Indeed, even privacy professionals would be hard-pressed to explain the inner-workings of the online market for consumer information; the parties involved; and actual or potential uses of information. Imposing this burden on users places them at an inherent disadvantage and ultimately compromises their rights.

The discussion among policymakers has been captured by debate of exactly how choice should be made; obsessed with the procedural mechanics of choosing (opt-in; opt-out; pre-checked box; forced choice; central opt-out; located on web page; linked to privacy policy; in browser; in advanced settings; etc.). The underlying premise is: “if users only knew – they would choose right.” We argue that this is not a valid value-based proposition. Putting forth – “we do not have a position with respect to online behavioral tracking; our only position is that users should have a freedom to choose” – typically hides the real argument, which is “users should choose what we think is right for them.” Regardless of fine-tuning, notice and choice mechanisms presented to users will never be “value neutral.”

The balance between innovation and privacy will be better served if policymakers focus the debate on the tradeoff between efficiency and individual rights, and if businesses implement tracking mechanisms fairly and responsibly. Policymakers simply cannot continue to sidestep these questions in the hope that “users will decide” for themselves. Instead of repeatedly passing the buck to users, the debate should focus on the limits of online behavioral tracking practices by considering which activities are socially acceptable and spelling out default norms. At the end of the day, it is not the size of the font in privacy notices or location of check-boxes in advanced browser settings which will legitimize or delegitimize online behavioral tracking. Rather, it is the boundaries set by policymakers, either in law, regulation or self-regulation, based on balancing industry interests and individual rights.

The reason policymakers fail to reach consensus on notice and choice is that such mechanisms are inherently skewed and always disguise an implicit value judgment. Policymakers decided smoking is a social evil, imposing tremendous costs on the state and individuals; hence notices on cigarette packs are visceral (photo of emaciated lungs or dead bodies) and scolding (“cigarettes cause cancer”; “smoking can kill you”). Policymakers decided front seat passenger airbags should not be deactivated except after careful, premeditated deliberation; hence they disguised the disabling switch and permitted only authorized mechanics to perform the operation after customers execute liability release forms. Policymakers in most European Union Member States decided organ donations were a societal good with benefits far outweighing the costs in religious sentiment; they therefore adopted a legal regime of opt out, or presumed consent, where every citizen is deemed to have consented to organ donation unless expressly opting out by recording in writing their unwillingness to donate. If policymakers do not decide whether online behavioral tracking is a societal good or evil, they are unlikely to ever settle the current dispute.

In our paper, we describe the various online tracking technologies deployed by industry and the different purposes of online behavioral tracking. We lay out the existing regulatory framework applicable to online behavioral tracking in the European Union and United States and address some of the existing proposals for regulatory reform. Finally, we discuss our views with respect to the desirable allocation of responsibility among users, businesses and policymakers.

A draft of our paper can be downloaded from the SSRN site here.

Leave a Reply


Privacy Calendar

Dec
2
Tue
all-day IAPP Practical Privacy Series 2014
IAPP Practical Privacy Series 2014
Dec 2 – Dec 3 all-day
Government and FTC and Consumer Privacy return to Washington, DC. For more information, click here.
Dec
11
Thu
9:00 am Progress of the EU Data Protecti...
Progress of the EU Data Protecti...
Dec 11 @ 9:00 am
The EU Member States have agreed to conclude the negotiations on the EU Data Protection draft Regulation in 2015. The process will have arrived at a critical point by the end of this year. The[...]
Jan
26
Mon
8:30 am Privacy as a Profit Center: Leve... @ Old Slip by Convene
Privacy as a Profit Center: Leve... @ Old Slip by Convene
Jan 26 @ 8:30 am – Jan 27 @ 4:15 pm
Learn how those on the leading edge of privacy governance and digital innovation from companies including Cigna, Cisco Systems, eBay Inc. Public Policy Lab, FocusMotion,Ghostery, Goodyear Tire & Rubber Company, Google, HP Enterprise Security Products, JPMorgan[...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
Mar
4
Wed
all-day Global Privacy Summit 2015
Global Privacy Summit 2015
Mar 4 – Mar 6 all-day
For more information, click here.
Mar
10
Tue
6:00 pm CDT Annual Dinner “TechProm” 2015
CDT Annual Dinner “TechProm” 2015
Mar 10 @ 6:00 pm – 9:00 pm
Featuring the most influential minds of the tech policy world, CDT’s annual dinner, TechProm, highlights the issues your organization will be facing in the future and provides the networking opportunities that can help you tackle[...]
Mar
13
Fri
all-day BCLT Privacy Law Forum
BCLT Privacy Law Forum
Mar 13 all-day
This program will feature leading academics and practitioners discussing the latest developments in privacy law. UC Berkeley Law faculty and conference panelists will discuss cutting-edge scholarship and explore ‘real world’ privacy law problems. Click here[...]

View Calendar