The Federal Trade Commission's call for a "Do Not Track" mechanism to protect Web surfers' privacy has received a great deal of attention this week, as those both for and against the idea have debated what it might mean for consumers, businesses, and even innovation in general.
It's still far from clear what form such protections will take, of course. All that's really been said so far is that they should provide universal control and be relatively effortless--unlike the plug-ins and other options currently available.
But while the nation's corresponding "Do Not Call" list works on a registry model whereby consumers sign up once for each telephone number, the FTC has noted that wouldn't work as well for computer users, whose IP addresses can and do change.
Rather, a more viable approach would be to place code much like a cookie on the user's browser to tell Websites whether the user has agreed to be tracked or not, the FTC suggested (PDF).
The commission also noted that such protections wouldn't apply to all data collection. Exceptions would include "certain commonly accepted practices" such as product and service fulfillment, internal operations such as improving services offered, fraud prevention, legal compliance, and first-party marketing, it noted.
Nevertheless, as the FTC collects comments on the topic through the end of January in preparation for compiling a full report, businesses would do well to begin thinking about what such requirements might mean for them and their Websites.
More Than Just Targeting
Unlike the self-regulatory effort recently proposed by the Digital Advertising Alliance, which would allow users to opt out of targeted advertising, the FTC's approach is broader in that it also prevents the collection of the data that would be needed to enable that targeting.
So, if your business has customers participating in the Do Not Track program, you would no longer be able to track their surfing behavior either. What this would mean for non-advertising functions like traffic statistics--which also rely on data collection--isn't yet clear.
If it does end up being browser code that's used to convey tracking preferences, one obvious limitation is that these preferences are by definition limited to one particular instance of a browser on one particular computer. When a computer is shared, those preferences could be applied to all users; conversely, when an individual uses multiple devices--as so many do today--he or she would probably have to specify those preferences on each one.
Without the ability to collect browsing data for users participating in the Do Not Track program, Websites will not be able to serve them targeted ads or content. The alternative, it would seem, would be to deliver generalized, less relevant ads to those users' computers, as several lawmakers and companies have already suggested. The same could happen with content, leading to a more limited browsing experience for those users.
The revenue implications are fairly obvious. Advertisers may end up having to pay for more impressions across a more diverse set of Websites, while publishers may have to begin charging for content.
A Do Not Track list might present new challenges to businesses accustomed to collecting such data, but--as is usually the case in such situations--there might also be new opportunities.
Since consumers' participation is voluntary, there's nothing to say businesses couldn't offer them new incentives to make non-participation more attractive, for instance. Those who don't participate would likely already be receiving more tailored advertising and content, but advertisers and publishers could make that prospect even more compelling with discounts, perqs, or other enticements that could go a long way toward increasing loyalty as well.
One possible result, in fact, might even be that consumers who don't want to be tracked must pay for content, while those who permit tracking receive it free--potentially along with other benefits.
In the Meantime
How it all shapes up remains to be seen. Meanwhile, businesses should be sure that they're already abiding by the FTC's recommended Fair Information Practice Principles:
Notice/Awareness -- Explaining your data-collection practices and use.
Choice/Consent -- Giving consumers options as to how any collected data may be used.
Access/Participation -- Allowing consumers to access their information for accuracy and completeness.
Integrity/Security -- Keeping the information in a safe and secure place.
Follow Katherine Noyes on Twitter: @Noyesk.