Header graphic for print
Privacy Law Blog

Honoring Do-Not-Track Browser Signals

Posted in Behavioral Marketing, Mobile Privacy, Online Privacy

We’re all familiar with the ads that pop up on the side of our browsers, personalized to highlight things we might be interested in based on our web browsing activity.  Marketers and advertisers regularly track consumers’ online activities, interests and preferences and use the information they collect to create targeted ads, meant to appeal to individual consumers based on their behavioral profiles.  Some consumers have no objections to this type of targeted advertising, but others do not want their online activities monitored.  In response to privacy concerns raised by pervasive online tracking, the U.S. Federal Trade Commission endorsed the implementation of a Do Not Track (“DNT”) mechanism and the World Wide Web Consortium (“W3C”) has been working to develop a DNT technology standard that would allow users to control the tracking of their online activities. 

Although little consensus has been reached on a DNT standard, various browsers, including Internet Explorer, Firefox, and Safari, now offer a DNT option that, in theory, permits users to elect not to have information about their web browsing activities monitored and collected.  For many browsers, the DNT option exists in the form of a DNT header, an HTTP header which, whenever a user’s browser receives or sends data over the Internet, sends a signal indicating that the particular user does not want to be tracked.  The effectiveness of DNT headers is in flux, however, because it relies on the cooperation of the companies receiving the DNT signals to honor the requests.  DNT headers merely express a user’s preference; they are not backed by regulatory or legislative authority and nothing requires recipients to honor users’ requests.  Indeed, success requires browsers, website publishers, developers and other companies to work together and, although most browsers now have DNT options in place, other companies have been slow to honor DNT headers.

Last year, Twitter made headlines by announcing its decision to honor its users’ DNT headers.  When a Twitter user has his browser’s DNT header turned on, Twitter stops collecting the information that would otherwise allow it to tailor suggestions and ads to that user based on his online activities.  More recently, Pinterest announced  that it will follow suit, becoming the second social media site to refrain from collecting data about its users’ activities across the web if they have DNT headers in place.

As for companies that choose not to honor DNT headers, in a recent settlement of note, PulsePoint, a digital advertising company, paid $1,000,000 to settle charges brought against it by the attorney general of New Jersey and the New Jersey Division of Consumer Affairs for circumventing users’ privacy settings.  According to the consent order, PulsePoint bypassed the privacy settings of Safari users whose browsers were set to block third-party ad cookies and covertly placed such cookies on users’ browsers, resulting in as many as 215 million targeted ads.  According to PulsePoint, the practice was initiated by a predecessor company and PulsePoint ended the practice immediately upon learning about it.

Regardless of whether a company chooses to honor DNT headers, it is important to ensure that the company’s actions are consistent with whatever privacy policies it has in place.