DNT Gaining Traction in Europe

The DNT meme has crossed the Atlantic! Two important policy makers in Europe made statements just one week apart supporting Do Not Track (DNT).  It appears there’s genuine interest by these EU regulators to determine how a website’s support for DNT meets compliance with legal obligations under the ePrivacy Directive.

I was in Paris today where Ed Vaizey, UK Minister of the Department for Culture, Media and Sport, told participants at the OECD High Level Meeting on The Internet Economy that “support for DNT is already being explored in the UK” and is part of the discussions underway by his Department’s Browser Working Group.

The strongest call for DNT in Europe came last week from Neelie Kroes, the Vice President of the European Commission responsible for the Digital Agenda for Europe. She told those of us participating in the Online Tracking Protection and Browsers Workshop in Brussels that “we should collectively pay more attention to the emerging ‘do-not-track’ technologies,” and she challenged industry in Europe to make it happen by June 2012. Here’s the key excerpt from her speech (and make sure you read the last sentence below):

DNT is simple: users can instruct their device or application to accompany all network requests with an indication that they do not want to be tracked. Service providers need to react to such explicit requests.

DNT has a lot of potential because it can apply:

  • First, to all networked devices and applications
  • Second, to all types of tracking and
  • Third, to all purposes of tracking.

DNT is already deployed in some web browsers. And some web businesses say they honour it.

But this is not enough. Citizens need to be sure what exactly companies commit to if they say they honour DNT. For example, there is an important difference between a commitment not to record tracks and a commitment not to use them for a specific purpose once recorded. When this is solved more users will deploy DNT – and it will become simpler – and companies will go along. So we are looking at a virtuous circle.

How do we get there? We need a standard! We need to standardise how the DNT signal and the expected reaction should look. The standard must be rich enough for users to know exactly what compliant companies do with their information and for me to be able to say to industry: if you implement this, then I can assume you comply with your legal obligations under the ePrivacy Directive.

I blogged a few weeks ago how I believe the DNT header can fit with the ePrivacy Directive, but I’ll be very interested to see how the thinking evolves among more knowledgeable policy makers and legal experts. And I’ll be sure to update my blog as I learn more…

Alex Fowler