Discover what's up in the business of marketing each Friday.
Industry “Do Not Track” Efforts Bogged Down As Privacy Regulators Move In
Citing a lack of coherent or uniform standards, Yahoo announced earlier this month that it was walking away from “Do Not Track” (DNT), at least for the time being. That action seemed to directly contradict earlier claims that industry mega-group Digital Advertising Alliance (DAA) would unveil a DNT solution with industrywide support.
The DAA still maintains that it’s close to revealing a consensus proposal around DNT. However a new wrinkle has emerged. Smaller networks, data vendors and analytics providers are reportedly objecting that DNT wouldn’t do much to big networks like Google or Facebook but would discriminate unfairly against them:
Alan Chapell, an attorney who represents smaller ad-technology firms, said the draft rules circulating from both groups would give Facebook and Google more leeway than smaller rivals to track users across the Internet.
That’s because the proposals would allow tracking users on a company’s own sites that could be used to build profiles to target advertising. In Google’s case, that could include Google.com, YouTube, and Gmail, among others.
A February proposal from the Digital Advertising Alliance, reviewed by The Wall Street Journal, would also allow Facebook and Google to track users on other sites that include their “plugins,” such as Facebook’s “Like” button or a YouTube video player.
But the rules would not allow advertising companies to follow users who click the do-not-track button across multiple unaffiliated sites. That’s how companies like Rocket Fuel Inc., Quantcast Corp., and Conversant Inc. build profiles of users’ interests that they then sell to advertisers.
This objection would appear to be yet another significant obstacle to industry consensus on DNT in an effort to avoid a solution imposed by regulators.
Separately California Attorney General, Kamala Harris is pushing for compliance with a new state disclosure law (see guidelines below) that asks internet companies to clearly inform consumers about their privacy policies, including how they handle DNT.
The law, contained in CA Business and Professions Code Section 22575, provides that publishers and ad networks must, among other things, do the following:
(1) Identify the categories of personally identifiable information that the operator collects through the Web site or online service about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information.
(5) Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.
While publishers and networks have 30 days from the time of being notified of non-compliance to comply there appear to be no penalties associated with defying the California law. One would anticipate that over time fines and other potential “teeth” would be added.
By passing this law California is effectively starting to step into the void left by the industry’s failure to agree on privacy and DNT rules. Ultimately Congress could pre-empt state rules like this. But unless or until then California may become the de facto privacy regulator for the US internet.