Remember Do Not Track? It’s back.
Sen. Josh Hawley, R-MO, is reviving the decade old concept in proposed legislation that aims to let consumers opt out of online tracking beyond just browser-based activity.
In its original form in 2011, Do Not Track (DNT) relied on voluntary participation from browsers to respect a consumer’s desire to opt out of tracking. The idea was to insert an instruction within the HTTP header that would alert companies when consumers had denied permission to track their activity.
After years of back and forth, the initiative effectively fell apart at the feet of the tech and advertising lobby. Millions of people have Do Not Track enabled today, but most pundits agree that it doesn’t do much to protect privacy, since there’s no mechanism to require that companies comply.
But Hawley’s Do Not Track Act, if passed, would have teeth – rather than an honor system – to prohibit companies from profiling anyone who activates DNT. The full text of the bill is expected to be released on Tuesday.
The law would, according to Hawley, create a program akin to the national Do Not Call List, which allows consumers to register their phone numbers if they don’t want telemarketers to contact them. (Who those people are who actually want telemarketers to contact them is another question entirely.)
In Hawley’s view, consumers should have the right to block online companies from collecting their data “beyond what is indispensable” to the online service those companies provide.
Run afoul, and the law would impose “strict penalties.”
“Big tech companies can collect incredible amounts of deeply personal, private data from people without giving them the option to meaningfully consent,” Hawley said Monday when he first announced the bill. “They have gotten incredibly rich by employing creepy surveillance tactics on their users, but too often the extent of this data extraction is only known after a tech company irresponsibly handles the data and leaks it all over the internet.”
There’s been a groundswell of tech-skepticism in Washington, DC over the last year.
Just last month, for example, a bipartisan bill entered the Senate that would outlaw large internet companies like Facebook and Google from using deceptive design practices to manipulate users into unwittingly sharing their personal data.
The Hawley proposal is “yet another clear articulation of how consumers feel about unconsented data collection,” said Bill Simmons, co-founder and CTO of dataxu. “GDPR, CCPA and this proposal from Sen. Hawley all lead to one place: The controls must be put in the hands of consumers, not the internet companies.”
But there’s a weird little irony here, one that has always existed when the question of a universal opt-out crops up. You’ve got to track someone … in order to know not to track them.
When someone enables DNT, it sends a signal to anyone who tries to collect data that this person has opted out of data collection and data sharing across the web. But if someone uses multiple browsers, let alone more than one device, there’s no single signal, which means having to enable DNT multiple times.
“DNT would require a universal tracking ID to allow companies to know who not to track,” said Victor Wong, CEO of Thunder Experience Cloud.
But legislators also need to be careful not to be overly specific about browser implementation, Wong said, or it might lead to unintended consequences, like what happened in Korea where Internet Explorer was inadvertently written into dominant market share with the passage of legislation in the 1990s that required a specific security feature that only IE had in place.
“Legal tech monopolies can be created by poor legislation,” Wong said.