February 24th, 2011
Today, the W3C has accepted and published Microsoft’s member submission for an Internet standard to help protect consumer privacy. This announcement from the Web standards body responsible for HTML5 is an important step forward for people and businesses that interact online.
The privacy concerns from consumers and academics and governments world-wide have both technical and non-technical aspects. Addressing these concerns will involve technology. The W3C’s involvement provides the best forum possible for that technology discussion. Just as the community has worked together at the W3C on interoperable HTML5, we can now work together on an interoperable (or universal, to use the FTC privacy report’s term) way to help protect consumers’ privacy.
Addressing these privacy concerns will also involve much more than technology. Governments and regulators and law enforcement have a crucial role to plan in addressing the public’s privacy concerns. There’s a large and growing body of work that shows the complexities of the non-technical issues they face. Some examples are the privacy report from the US Federal Trade Commission in December 2010, the work of the EU’s Article 29 working group and EU ePrivacy directives, and public discussions like the recent one at the UC Berkeley.
The technology solutions we work on as an industry need to work well with the social, economic, and political discussions that occur world-wide outside the W3C. The FTC’s report, for example, provided a context that made our announcement of IE9’s Tracking Protection functionality much easier for many to understand. That report also notes the following issues and questions about technical solutions:
- A universal mechanism should not undermine the benefits of online behavioral advertising, including funding free online content and providing personalized advertisements that many consumers want.
- A universal mechanism should be different from the Do Not Call program (which has a registry of consumer phone numbers) in one key regard: it should not require a registry of unique identifiers as that could negatively impact privacy. Instead, the FTC recommended a browser-based mechanism.
- Should a universal choice mechanism go beyond a total opt-out and include an option that lets consumers make granular choices about the types of data they are willing to have collected from them and the type of advertising they wish to receive?
- Universal choice mechanisms should be understandable, simple, easy to find and very clear about what the choices mean.
- There are a number of questions about the mechanics of a universal mechanism, including how it should be publicized, how it can be as clear as possible, how many consumers are likely to choose to opt out of targeted advertising, what will happen if many opt out and whether legislation should be passed if the private sector does not implement a universal mechanism voluntarily.
Through this lens, the W3C’s Web Tracking Protection, based on the IE9 Tracking Protection functionality, is a strong step forward.
The proposal with the W3C is a significant step toward enabling an industry standard way for Web sites to (1) detect when consumers express their intent not to be tracked, and (2) help protect themselves from sites that do not respect that intent. Enabling consumers merely to express their intent to not be tracked is just not sufficient. It’s a subset of what effective tracking protection should do. IE9’s Tracking Protection also enables consumers to block the content that does the tracking. You can see some initial examples of Tracking Protection lists here. This diagram illustrates how a browser that supports Web Tracking Protection works with lists:
We look forward to working with the community through the W3C on a common standard for Internet Privacy. It will help consumers who use browsers that support it.
—Dean Hachamovitch, Corporate Vice President, Internet Explorer
Updated 2/24: added link to announcement of IE9’s Tracking Protection