"Do Not Track" Has It Backwards
Google is doing its part for Internet privacy by adding a Do Not Track feature to its Chrome Web browser. The move is admirable, and Do Not Track may be better than nothing, but why should users have to opt out of having their online actions monitored?
The move from Google comes in the wake of allegations that it has been circumventing privacy controls in the Safari Web browser on iOS devices, and in Internet Explorer to track online activity. However, it is not a reaction to that controversy. A Google spokesperson told me: “We've been evaluating our [Do Not Track] options for a long time and have also been closely involved with standards bodies.”
It also comes on the heels of increased pressure from Washington DC in the form of President Obama’s blueprint for a Consumer Privacy Bill of Rights. Susan Wojcicki, Google Senior Vice President for Advertising, praised that initiative. “We’re pleased to join a broad industry agreement to respect the ‘Do Not Track’ header in a consistent and meaningful way that offers users choice and clearly explained browser controls.”
Tracking isn’t a truly black and white issue, though. Wojcicki pointed out in a recent blog post that gathering information about online behavior enables Google to tailor the Web experience. By tracking activity, Google can target relevant content more likely to be of interest to you.
Even if the issue was truly that simple, though, the Do Not Track solution leaves a lot to be desired. The Wall Street Journal points out that the very concept of the Do Not Track feature has holes because it is dependent on companies agreeing to play by those rules--it is a voluntary system. It also points out that the Do Not Track initiative limits the ways data can be collected or used, but it can still be used for certain purposes like “market research”, or “product development.”
Assume for a minute, though, that Do Not Track actually meant what it says, and that every online company agreed to play along. There is still something inherently wrong with a system that automatically assumes you want to be spied on until or unless you figure out where the Do Not Track button is for your browser and make the effort to enable it.
The Internet operates on some sort of reverse moral code that says if you don’t make it implicitly clear that you don’t want something to happen, then--ipso facto--you have given implied consent for that something to occur.
What if other areas of life worked that way? Most people expect others not to randomly walk up and kick them without having to wear a sign that says “Do Not Kick.” They assume that nobody will throw rocks through their windows without the need for a sign that says “Do Not Stone.” They are confident that strangers won’t come up and start screaming in their face without having to display a “Do Not Yell” sign.
Why is it, then, that when we go online it becomes OK for companies to do things they know cross the line simply because they choose to pretend the line doesn’t exist unless you explicitly remind them? It doesn’t make any sense.
All tracking should be specifically opt-in. Companies should state up front what types of information they want to track, and what benefits that tracking will potentially provide for the online experience, and request consent before monitoring online activity and user behavior.