The recent agreement between the White House and tech companies on a voluntary “do-not-track” (DNT) system for web browsing — accompanied by a framework for a more comprehensive vision of the nation’s privacy policies — is a modest but positive step forward in the broader context of personal data privacy.
Most importantly, this announcement articulates a clear set of values and goals from the highest level of government, and establishes an institutional precedent that brings public and private interests together, prior to any legislative action.
The DNT standard had been in the works at a tech industry working group for several months, and some Internet companies had already begun to adopt some aspects of it, so this agreement codifies that process and pushes it forward.
In practice, web browsers would be required to include something like a button to allow users to block ad-tracking “cookies” and opt out of other behavioral tracking systems when browsing the web. Some of these features already exist in built-in functions and add-ons for web browsers, but only advanced users tend to use them because of the learning curve required to set them up. DNT will integrate these functions into a single option on the web browser, removing obstacles for non-expert users.
While web behavior tracking is often done quasi-anonymously with a “zombie” ID saved in a hidden cookie file on your computer or smart phone, these IDs can be associated with you personally — for example when you log in to an identified account in order to use a service.
Such data collection is not particularly new or confined to the Internet. Charles Duhigg, writing recently in the New York Times Magazine, described how companies like Target have been collecting personal data for decades, both from direct interaction (using a credit card or a coupon, filling out a survey, mailing in a refund) and purchased from other sources. Once a company identifies you and collects extensive data on your personal characteristics and consumer behavior, whether online or in physical stores, much can be done with it to influence future purchasing behavior.
In fact, a new field called predictive analytics allows companies to analyze customers’ unconscious behaviors, which Duhigg says have been found to shape 45% of the choices we make every day. Duhigg quotes a behavioral researcher at Target: “We are very conservative about compliance with all privacy laws. But even if you’re following the law, you can do things where people get queasy.”
Privacy laws in the U.S. are currently comparatively weak when put up against those in Europe and elsewhere, and the new framework aims to point this country toward a more substantial privacy regime, by outlining fundamental privacy principles, including customer control, transparency, contextual use, data security, data accuracy, data relevance, and accountable enforcement.
The DNT agreement is by no means a comprehensive fix-all, but it provides a meaningful entry point to address the broader issues that have evolved over several decades. If this first step is not followed by movement toward real legislation, it will leave important privacy issues unresolved. But this is the clearest vision of a privacy mission to come from a U.S. administration, and it established a multi-stakeholder process to get the ball rolling, two important prerequisites to real action. It also places the burden of proof with those who want something different.
Daniel Krimm is a policy researcher and analyst with 20 years’ experience working in online service businesses. He holds a Master of Public Policy degree from the University of Southern California.