Skip to Content

Privacy & Data

“Do Not Track” Solves Only Part of the Problem

The past few weeks have seen a flurry of attention around a concept known as “Do Not Track” (DNT). DNT, as a legislative or industry-enforced proposal, would create a browser-based mechanism that would empower users to communicate whether or not they want to be “tracked” by certain entities online.

The idea behind this flavor of privacy enhancing technology is not a new one. In 2007, CDT and other consumer groups introduced the idea of DNT in a whitepaper; CDT has also been working for years in international standards bodies to draft standards that would require that rules for data collection and use be communicated along with data itself. CDT has long encouraged browser makers to step up and build the capacity for a DNT-type mechanism into their products, but – as the Wall Street Journal has documented – they have been reluctant.

While DNT is an intriguing idea, and one CDT has supported, it is not a silver bullet. If implemented, it would likely address, at best, just a portion of a larger problem. In its narrowest conception, DNT might give consumers an opportunity to state that they do not want data that has been collected about them to be used for the targeting of behavioral advertisements; enforceable rules would ensure that these expressions of consumer intent are respected.

But conceived in this way, DNT would leave consumers in the same, unfortunate position with regard to how their data – web browsing history, transaction data, contact information – is collected and how it is shared for purposes outside of behavioral advertising: with market research firms, data brokers, life insurance companies and the like. DNT further fails to address emerging challenges to online privacy: cloud computing, social networking, and the growth of the app economy. And DNT would certainly not address the collection and use of offline consumer data such as mortgage information, credit card information, DMV records, and other business records. DNT alone will not solve all of our privacy challenges.

Meanwhile, just unpacking the term “do not track” requires navigating a wide array of challenging questions. The very broad concept of DNT is appealing for consumers. But does DNT mean don’t collect user data, don’t use it for behavioral advertising specifically, or don’t use it for non-operational purposes generally? What are operational purposes? Should there be distinctions between first party collection and use and third party collection and use? What about sensitive information?

In fact, unpacking the term “do not track” requires grappling with the same questions that must be addressed before baseline consumer privacy legislation can be passed. It seems inefficient to slog through these questions in pursuit of a narrow answer to one particular privacy problem, when instead the process can be harnessed to reach consensus around baseline consumer privacy legislation.

In short, DNT is no replacement for baseline privacy legislation. While DNT-type mechanisms could function as useful privacy-enhancing technologies, we should not let a discussion about DNT distract us from a task that American businesses, the Department of Commerce, Congress, and consumers have all said is a priority: finally passing baseline privacy legislation.

Related Reading

Samir Jain Testimony for House Committee. White document on black background.

CDT VP of Policy Samir Jain Testimony Before U.S. House Energy & Commerce Committee on “Legislative Solutions to Protect Kids Online and Ensure Americans’ Data Privacy Rights”
The CDT logo. A light and dark grey "cdt" alongside "Center for Democracy & Technology" on a white background.

Deprecating third-party cookies: a small step towards a more private web
CDT brief, entitled "Unintended Consequences: Consumer Privacy Legislation and Schools." White and blue document on a grey background

Brief – Unintended Consequences: Consumer Privacy Legislation and Schools