In case you missed it, regards DNT / do-not-track privacy settings in HTTP:
The debate over the Do Not Track standard has officially moved beyond Alice in Wonderland. These days, I’m not sure whether it’s 1984 or Brazil.
In a sane world, telling a website “do not track me” would result in behavior that assumed the person making the request did not want to have unnecessary data collected about them.
But to the online advertising industry, that DNT:1 signal means, “Right, you’re one of those idiots who thinks this is about privacy. Now give me all your data. You’re welcome.”
I cannot make this stuff up. The representative to the W3C working group from the Direct Marketing Association (DMA) proposed this change the other day to the Tracking Definitions and Compliance section of the DNT standard:
Marketing should be added to the list of “Permitted Uses for Third Parties and Service Providers” in Section 6.1 of the Tracking Definitions and Compliance Document.
Marketing fuels the world. It is as American as apple pie and delivers relevant advertising to consumers about products they will be interested at a time they are interested. DNT should permit it as one of the most important values of civil society. Its byproduct also furthers democracy, free speech, and – most importantly in these times – JOBS. It is as critical to society – and the economy – as fraud prevention and IP protection and should be treated the same way.
Marketing as a permitted use would allow the use of the data to send relevant offers to consumers through specific devices they have used. The data could not be used for other purposes, such as eligibility for employment, insurance, etc. Thus, we move to a harm consideration. Ads and offers are just offers – users/consumers can simply not respond to those offers – there is no associated harm.
Further, DNT can stop all unnecessary uses of data using choice and for those consumers who do not want relevant marketing the can use the persistent Digital Advertising Alliance choice mechanism. This mechanism has been in place for 2 years.
…and the smackdown from Roy T “I invented REST” Fielding is here.
It’s really not that hard to understand: with a “do not track” checkbox will come a set of implicit security assumptions and policies that people will expect to get; the goal is to work out and document what those assumptions will be so that folk can implement them consistently.
Having your data collected for marketing purposes probably does not fall into a list of what people will expect to have happen if DNT is switched on.