New standard for online privacy released

Will the W3C browser proposals help EU businesses implement the new Privacy Directive?

Value/Importance: [rating=5]

Recommended link: W3C announcement and BBC Summary

Our commentary

On Smart Insights, we’ve discussed the challenge for marketers of the new laws requiring disclosure on how cookies affect privacy which come into full force in May 2012. Many marketers and site owners have hoped that a browser-based solution would stop the need for expensive and disruptive system updates to their sites. Well, if you’re in that category, this looks like good news. The World Wide Web consortium (W3C) which sets many online standards has worked together with many well known online companies to help define a solution. These include Adobe Systems; Apple Inc; Center for Democracy and Technology; Deutsche Telekom AG; Facebook; Google Inc.; IBM; Mozilla Foundation; Microsoft; Opera Software; Stanford University; The Nielsen Company; TRUSTe; and Yahoo! Inc.

The new approach released on the 14th November 2011 is defined by the “Tracking Protection Working Group” allows users to set their preferences via two standards which it hopes will be finalised by mid-2012:

• Tracking Preference Expression (DNT), which defines mechanisms for users to express cross-site tracking preferences and for sites to indicate whether they honour these preferences. This doc gives an overview of how the approach will operate in practice. My understanding is the user-agent (i.e. browser) will send a header that will contain Do Not Track preferences if set. These may be overridden if the user has a separate agreement with the site/ad network to permit tracking (e.g. stored in a cookie):The goal of this protocol is to allow a user to express their personal preference regarding cross-site tracking to each server and web application that they communicate with via HTTP, thereby allowing each server to either adjust their behaviour to meet the user’s expectations or reach a separate agreement with the user to satisfy both parties.

• Tracking Compliance and Scope Specification, which defines the meaning of a “Do Not Track” preference and sets out practices for websites to comply with this preference. This details the approach - if you take a look you will see there are many definitions of first vs third party tracking and what is “de-identified” data (ouch) that still need to be agreed.

Marketing implications of new proposal

Well, if I’m reading this correctly, then this is great news for site owners and web users since it will enable owners of sites to use a standard way of managing user privacy preferences via the browser. It will mean we shouldn’t see this type of drop in tracking from the Information Commissioners site which will render web analytics meaningless.

There will still need to be work on the part of site owners to integrate their content/commerce management systems with the browser preference system and create their own method to communicate with the user to override it though. However, much of this work should be borne by the CMS or web analytics platform and site owners can state it is part of their privacy plan which is required by law. We also need to see how this is implemented within the browser since this will affect how many users set "Do Not Track" - but the draft suggests it won't be a default and only concerned users would set it.

We’d be interested to hear your thoughts, what are the downsides of this?