Do-Not-Track as Default

Joshua A.T. Fairfield, Washington & Lee University School of Law

Posted with permission from the copyright owner.

Abstract

Do-Not-Track is a developing online legal and technological standard that permits consumers to express their desire not to be tracked by online advertisers. Do-Not-Track has the ability to change the relationship between consumers and advertisers in the information market. Everything will depend on implementation. The most effective way to allow users to achieve their privacy preferences is to implement Do-Not-Track as a default feature.

The World Wide Web Consortium’s (W3C) standard setting body for Do-Not-Track has, however, endorsed a corrosive standard in its Tracking Preferences Expression (TPE) draft. This standard requires consumers to set their privacy preference by hand. This "bespoke" standard follows in a long line of privacy preference controls that have been neutered by increased transaction costs.

This article argues that privacy controls must be firmly in consumers’ hands, and must be automated and integrated to be effective. If corporations can deprive consumers of privacy through automated End User License Agreements or Terms of Service, while consumers are constrained to set their privacy preferences by hand, consumers cannot win. Worse, the TPE bespoke standard is anticompetitive. Already, browsers like Microsoft’s Internet Explorer 10 (IE10) will launch with default Do-Not-Track enabled. But the TPE bespoke standard offers advertisers a free pass to ignore the Do-Not-Track flags that will be set by IE10 and prohibits other browsers from offering automatic, integrated, and therefore useable privacy features.