To Track or “Do Not Track” – that is the Question

To Track or “Do Not Track” – that is the Question

By Omer Tene

Jules Polonetsky, Co-chair and Director of the Future of Privacy Forum, and I are delighted to announce that our paper, “To Track or ‘Do Not Track’: Advancing Transparency and Individual Control in Online Behavioral Advertising,” has been accepted for publication in the Fall 2011 issue of the Minnesota Journal of Law, Science, and Technology (MJLST).

The paper, which was presented at the last Privacy Law Scholars Conference (PLSC) in Berkeley, reviews and criticizes the current debate on online behavioral tracking, including the Federal Trade Commission’s Do Not Track (DNT) proposal.

The past decade has seen a proliferation of online data collection, processing, analysis and storage capacities leading businesses to employ increasingly sophisticated technologies to track and profile individual users. The use of online behavioral tracking for advertising purposes has drawn criticism from journalists, privacy advocates and regulators. Indeed, the behavioral tracking industry is currently the focus of the online privacy debate, with DNT at the center of attention. We point out that the debate surrounding DNT and specific details of its implementation disguises a more fundamental disagreement among stakeholders about deeper societal values and norms. Unless policymakers address this underlying normative question – is online behavioral tracking a societal good or an unnecessary evil – they may not be able to find a solution for implementing user privacy preferences.

By emphasizing “notice and choice” (or “transparency and consent” in European parlance), the current legal framework imposes a burden on businesses and users which both sides struggle to lift. Users are ill placed to make responsible decisions about their online data, given the increasing complexity of the online information ecosystem. Indeed, even privacy professionals would be hard-pressed to explain the inner-workings of the online market for consumer information; the parties involved; and actual or potential uses of information. Imposing this burden on users places them at an inherent disadvantage and ultimately compromises their rights.

The discussion among policymakers has been captured by debate of exactly how choice should be made; obsessed with the procedural mechanics of choosing (opt-in; opt-out; pre-checked box; forced choice; central opt-out; located on web page; linked to privacy policy; in browser; in advanced settings; etc.). The underlying premise is: “if users only knew – they would choose right.” We argue that this is not a valid value-based proposition. Putting forth – “we do not have a position with respect to online behavioral tracking; our only position is that users should have a freedom to choose” – typically hides the real argument, which is “users should choose what we think is right for them.” Regardless of fine-tuning, notice and choice mechanisms presented to users will never be “value neutral.”

The balance between innovation and privacy will be better served if policymakers focus the debate on the tradeoff between efficiency and individual rights, and if businesses implement tracking mechanisms fairly and responsibly. Policymakers simply cannot continue to sidestep these questions in the hope that “users will decide” for themselves. Instead of repeatedly passing the buck to users, the debate should focus on the limits of online behavioral tracking practices by considering which activities are socially acceptable and spelling out default norms. At the end of the day, it is not the size of the font in privacy notices or location of check-boxes in advanced browser settings which will legitimize or delegitimize online behavioral tracking. Rather, it is the boundaries set by policymakers, either in law, regulation or self-regulation, based on balancing industry interests and individual rights.

The reason policymakers fail to reach consensus on notice and choice is that such mechanisms are inherently skewed and always disguise an implicit value judgment. Policymakers decided smoking is a social evil, imposing tremendous costs on the state and individuals; hence notices on cigarette packs are visceral (photo of emaciated lungs or dead bodies) and scolding (“cigarettes cause cancer”; “smoking can kill you”). Policymakers decided front seat passenger airbags should not be deactivated except after careful, premeditated deliberation; hence they disguised the disabling switch and permitted only authorized mechanics to perform the operation after customers execute liability release forms. Policymakers in most European Union Member States decided organ donations were a societal good with benefits far outweighing the costs in religious sentiment; they therefore adopted a legal regime of opt out, or presumed consent, where every citizen is deemed to have consented to organ donation unless expressly opting out by recording in writing their unwillingness to donate. If policymakers do not decide whether online behavioral tracking is a societal good or evil, they are unlikely to ever settle the current dispute.

In our paper, we describe the various online tracking technologies deployed by industry and the different purposes of online behavioral tracking. We lay out the existing regulatory framework applicable to online behavioral tracking in the European Union and United States and address some of the existing proposals for regulatory reform. Finally, we discuss our views with respect to the desirable allocation of responsibility among users, businesses and policymakers.

A draft of our paper can be downloaded from the SSRN site here.

Leave a Reply


Privacy Calendar

Apr
23
Wed
6:30 pm Behind the Headlines: NSA Surveillance and Ongoing Revelations @ The Washington Post
Behind the Headlines: NSA Survei… @ The Washington Post
Apr 23 @ 6:30 pm – 8:30 pm
Nearly a year after former government contractor Edward Snowden revealed the extent of the NSA’s surveillance system, revelations about the global programs continue to emerge. [...]
Apr
24
Thu
all-day 6th Biannual International Surveillance & Society Conference
6th Biannual International Surve…
Apr 24 – Apr 25 all-day
The 6th Biannual International Surveillance & Society conference hosted by the University of Barcelona and supported by the Surveillance Studies Network is currently calling for [...]
12:00 pm Data Privacy in Education: Ensuring Student Security while Encouraging Innovation in K-12 Education @ Rayburn House Office Building, Room B-354
Data Privacy in Education: Ensur… @ Rayburn House Office Building, Room B-354
Apr 24 @ 12:00 pm – 1:00 pm
The Congressional E-Learning Caucus in cooperation with Into and the National Coalition for Technology in Education and Training presents a luncheon to discuss “Data Privacy [...]
Apr
29
Tue
all-day IAPP Europe Data Protection Intensive 2014
IAPP Europe Data Protection Inte…
Apr 29 – May 1 all-day
The IAPP Europe Data Protection Intensive features timely programming centred on the top issues impacting the European data protection community, with a focus on addressing [...]
Apr
30
Wed
5:30 pm InSecurity: Race, Surveillance and Privacy in the Digital Age @ New America Foundation
InSecurity: Race, Surveillance a… @ New America Foundation
Apr 30 @ 5:30 pm – 7:30 pm
Now more than ever, digital tools sit at a precarious tipping point, and many question whether they will be used to address pre-existing disparities, [...]
May
7
Wed
all-day IAPP Canada Privacy Symposium 2014
IAPP Canada Privacy Symposium 2014
May 7 – May 9 all-day
The IAPP Canada Privacy Symposium is the leading conference for education, debate and discussion of issues that matter most to Canadian privacy and data protection [...]
Jun
5
Thu
all-day Privacy Law Scholars Conference (7th Annual) @ The George Washington School of Law
Privacy Law Scholars Conference … @ The George Washington School of Law
Jun 5 – Jun 6 all-day
  UC Berkeley School of Law and The George Washington University Law School will be holding the seventh annual Privacy Law Scholars Conference (PLSC) on [...]
Jun
8
Sun
all-day Computers, Freedom, and Privacy 2014 Conference @ Airlie Center
Computers, Freedom, and Privacy … @ Airlie Center
Jun 8 – Jun 10 all-day
Mark your calendars! The 2014 Computers, Freedom, and Privacy Conference will be held June 8-10 at the Airlie Center in Warrenton, Virginia. The Airlie Center [...]

View Calendar