W3C Announces First Draft of Standard for Online Privacy

Do Not Track Approach Balances User Preferences with Personalized Web Experiences

To address rising concerns about privacy on the Web, W3C has published two first drafts for standards that allow users to express preferences about online tracking:

  • Tracking Preference Expression (DNT), which defines mechanisms for users to express cross-site tracking preferences and for sites to indicate whether they honor these preferences.  
  • Tracking Compliance and Scope, which defines the meaning of a "Do Not Track" preference and sets out practices for websites to comply with this preference.

These documents are the early work of a broad set of stakeholders in the W3C Tracking Protection Working Group, including browser vendors, content providers, advertisers, search engines, and experts in policy, privacy, and consumer protection. W3C invites review of these early drafts, which are starting points of work to come. W3C expects them to become standards by mid-2012.

Expanding Platform Creates Opportunities but Privacy Challenges

The expanding Web of connected devices and services has created powerful new applications that users desire, but with privacy implications they may not always recognize.

Advertisers, who play an important role in Web business models, want to customize ads based on user behavior, similar to how market data is used for placing ads in print media and TV commercials.  

Web site owners want to understand traffic and purchasing patterns and tailor sites accordingly.

Social networking widgets gather personal data that users volunteer.

Powerful search engines make it easy to aggregate information and locate potentially sensitive information. Various parties thus routinely collect data from content and from visits to a site.

Many users appreciate the personalization made possible through this data collection: an improved user experience, reduction in irrelevant or repetitive ads, and avoidance of "pay-walls" or subscription-only services.  Others, however, perceive targeting as intrusive, incorrect, or amounting to junk mail. In particular, it can evoke strong negative feelings when data collected at a trusted site is used or shared without the user's consent.

Multi-Stakeholder Effort Seeks Balance

To find a balance, to prevent surprises, and to foster trust on the Web, the W3C has chartered the Tracking Protection Working Group to address both the privacy concerns of users and regulators, and the business models of the Web, which today rely heavily on advertising revenue.

"Smarter commerce and marketing strategies can and must coexist with respect for individual privacy," commented Dr. Matthias Schunter, IBM Research and co-chair of the Working Group. "Open standards that help design privacy into the fabric of how business and society use the Web can enable trust in a sustainable manner."

The new standard will allow users to express a preference whether or not data about them can be collected for tracking purposes. This helps to establish a new communication channel between users and services to prevent surprises and re-establish trust in the marketplace. The standard will also define mechanisms for sites to signal whether and how they honor this preference and a mechanism for allowing the user to grant site-specific exceptions to DNT.

"We know there are many types of users. Some eagerly welcome the benefits of personalized web services, while others value their privacy above all else," said Aleecia M. McDonald, Mozilla Foundation and co-chair of the Tracking Protection Working Group. "Do Not Track puts users in control, so they can choose the tradeoffs that are right for them. I congratulate the Working Group members on meeting this milestone, and I am delighted by the constructive discussions we have had as we work to reach consensus decisions."

The participants in the Tracking Protection Working Group currently include experts from 23 W3C Members: Adobe Systems, Alcatel-Lucent, Apple Inc, BlueCava, Center for Democracy and Technology, Deutsche Telekom AG, Effective Measure International, ESOMAR World Association for Social, Market and Opinion Research, Facebook, Future of Privacy Forum, Google Inc., IAB Europe, IBM, Microsoft, Mozilla Foundation, The Nielsen Company, Online Publishers Association, Opera Software, Stanford University, TRUSTe, The Walt Disney Company, W3C and Yahoo! Inc.

Several invited experts include representatives from the Electronic Frontier Foundation, the US Federal Trade Commission (FTC), Consumer Watchdog, the German Independent Center for Privacy Protection (ULD) and Leiden University.

    

About the World Wide Web Consortium (W3C)

The World Wide Web Consortium (W3C) is an international consortium where Member organizations, a full-time staff, and the public work together to develop Web standards. W3C primarily pursues its mission through the creation of Web standards and guidelines designed to ensure long-term growth for the Web. Over 325 organizations are Members of the Consortium. W3C is jointly run by the MIT Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) in the USA, the European Research Consortium for Informatics and Mathematics (ERCIM) headquartered in France and Keio University in Japan, and has additional Offices worldwide. For more information see https://www.w3.org/