Whitehouse proposes Consumer Privacy Bill with Do Not Track

A white paper has been released by the US government proposing a new "Consumer Privacy Bill of Rights" and, as part of the proposals, the use of "Do Not Track" technology is to be enshrined in law. In making the announcement, President Obama said "As the Internet evolves, consumer trust is essential for the continued growth of the digital economy. That's why an online privacy Bill of Rights is so important."

Alongside the white paper, the Digital Advertising Alliance (DAA) announced that member companies including Google, Yahoo!, Microsoft and AOL have agreed to comply when consumers use "Do Not Track" technology in their browser. "Do Not Track" allows users to set, in their browser, an indication that they do not want to be tracked through the use of cookies or other mechanisms.

The companies that have agreed so far account for nearly 90% of online behavioural advertising. The Whitehouse added that having agreed to the "Do Not Track" commitment, those companies will be subject to enforcement by the FTC. "Do Not Track", as proposed by Mozilla in January 2011, was passed to the W3C for standardisation, though this process is still ongoing.

The Electronic Frontier Foundation generally welcomed the proposals, though it noted that "unfortunately, it looks like online advertisers are already working to water down the Do Not Track protections". It pointed out that the DAA is an industry group with no public participation and called on them to "engage with the larger Internet community". The "chipping away" at the simplicity of "Do Not Track" by the DAA and the suggestion that they will not respect "Do Not Track" being set on by default in browsers also concerned the EFF.

The proposed Consumer Privacy Bill of Rights itself addresses several issues – its main principle is that "Consumers have a right to exercise control over what personal data organizations collect from them and how they use it". This core principle is supported by several more specific rights: information about privacy and security practices should be transparent and easily understandable; organisations should collect and use personal data only as appropriate to a situation; information should be handled safely and securely; consumers should be able to access personal data easily and correct it where necessary; and companies should ensure that they comply with the Consumer Privacy Bill of Rights.

The US administration will now work with various interested parties and experts to develop suitable working practices and codes of conduct, and with Congress to draft suitable legislation.

See also:

• "Do not track" privacy standards drafted by W3C, a report from The H.

(ehe)