Online Advertising Coalition Rejects Microsoft Do-Not-Track Browser Default

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

The Digital Advertising Alliance (DAA), an online industry group that has a set of self-regulatory standards for behavioral advertising, announced Oct. 9 that it will not recognize or support for enforcement purposes the do-not-track setting on version 10 of the Microsoft Internet Explorer browser.

The announcement was not unexpected given the recent history of Microsoft's do-not-track efforts. The new IE10 browser will be provided to consumers with the do-not-track feature turned on as a default setting, according to Microsoft. The May announcement of the new browser plan put Microsoft at odds with the online advertising industry (11 PVLR 1068, 7/2/12).

The DAA, a consortium of leading advertising industry groups, including the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, said that it will not sanction nor penalize advertising firms for ignoring this type of default setting.

“Allowing browser manufacturers to determine the kinds of information users receive could negatively impact the vast consumer benefits and Internet experiences delivered by DAA participants and millions of other Web sites that consumers value,” the group said in a statement issued by the DAA.

Lawmakers Object.

Reps. Joe Barton (R-Texas) and Edward Markey (D-Mass.) issued a joint statement Oct. 10 that sided with Microsoft and accused the DAA of “putting profits over privacy.”

“If consumers want to be tracked online, they should have to opt-in to be tracked, instead of the other way around,” said the lawmakers, who sit on the House Energy and Commerce Committee and serve as co-chairmen of the bipartisan House Privacy Caucus.

The DAA and Microsoft are key players in an industry effort to develop do-not-track standards for the internet (11 PVLR 1103, 7/9/12). The project, which is being facilitated by the World Wide Web Consortium (W3C), an international organization that develops internet standards, is designed to make it easier for consumers to avoid having their online activities followed by companies. A draft W3C proposal would allow consumers to make do-not-track choices through their web-browser settings.

The web advertising industry generally prefers an opt-out, rather than opt-in, do-not-track standard.

Another key sticking point has been whether do-not-track should apply to data collection as well as use.


“Allowing browser manufacturers to determine the kinds of information users receive could negatively impact the vast consumer benefits and Internet experiences delivered by DAA participants and millions of other Web sites that consumers value.”  


Digital Advertising Alliance

The White House's online consumer privacy white paper supports no-track options for consumers (11 PVLR 355, 2/27/12). The Federal Trade Commission also issued a consumer privacy final report calling for the online industry to adopt measures to implement a do-not-track system (11 PVLR 590, 4/2/12).

FTC Closely Involved.

Despite such challenges, Federal Trade Commission Chairman Jon Leibowitz has been pushing for completion of an industry do-not-track framework by the end of the year (11 PVLR 1487, 10/8/12).

The W3C is working to facilitate an agreement. The latest round of deliberations took place during an Oct. 3-5 meeting in Amsterdam.

“I'm not sure that the process will be completed by the end of the year, but it's possible,” Justin Brookman, a key member of the W3C Tracking Protection Working Group, told BNA Oct. 10.

As a result of the recent meeting in Amsterdam, the working group now has a “path toward resolution,” according to Brookman, who also serves as consumer privacy director at the Center for Democracy and Technology, a Washington-based technology policy group.

“Where there is disagreement, the chairs will propose two or more texts to the group, and members will object to language they disagree with,” he added. “The chairs will then decide, based on the logical strength of the objections.”

Impact on EU Cookies Consent Issue?

The rejection by online advertisers of a browser-based mechanism to control tracking of consumers' web use may have implications outside the United States.

In the European Union, the so-called “EU Cookie Directive”--the 2009 amended version of the e-Privacy Directive (2009/136/EC)--requires, among other things, user consent for the placement of cookies on a computer.

The Article 29 Working Party of representatives of data protection authorities in the 27 EU member states has taken a hard line on the need for informed consent, but has said that a robust browser-based mechanism to allow users to decline cookies that track their web surfing habits may be an acceptable solution (10 PVLR 1052, 7/25/11).

EC Digital Agenda Commissioner Kroes: Ignoring Browser No-Track 'Troubling'

Any do-not-track (DNT) standard adopted by the online behavioral advertising industry “should not let websites 'second-guess' or disregard user choices,” EU Commissioner for the Digital Agenda and European Commission Vice-President Neelie Kroes said in an Oct. 11 speech at the Centre for European Policy Studies in Brussels. “Recently, there were reports about a popular web server introducing a feature that amounted to overriding the DNT signal; in effect, ignoring users' wishes. I find that troubling, and undesirable,” Kroes said.

Kroes congratulated the online behavioral advertising industry in Europe for making progress in its self-regulatory efforts, but reiterated the need for specific consent to placement of cookies on user's computers as required by the amended EU e-Privacy Directive (2009/136/EC). While the work of browser firms to include forms of DNT is a positive development, Kroes said that she is “increasingly concerned” about delays in the work of the World Wide Web Consortium (W3C) to conclude its work towards developing a universal set of no-track standards. She said that “watering down of the standard” is her top concern.

“I am not naive. The way the discussion is going right now shows that the DNT standard, on its own, will not guarantee satisfying legal cookie requirements. Not least because the emerging consensus appears to exclude first-party cookies from the scope,” Kroes said. Kroes added that she is confident the U.S. Federal Trade Commission agrees with her concerns. Full text of Kroes' prepared remarks are available at

In June, the Art. 29 Party issued its latest opinion on the issue (11 PVLR 971, 6/18/12). The group reiterated that while some routine use of cookies without consent is acceptable, the use of more invasive cookies, such as social plug-in tracking cookies and third party advertising cookies, would require specific consent.

The Art. 29 Party has also rejected efforts in Europe by online behavioral advertising industry groups there similar to the DAA to promote a self-regulatory best practices code and icon-driven opt-out system (10 PVLR 1843, 12/19/11).

For its part, the European Commission has said that a do-not-track setting need not be the default setting for a browser and has told the W3C that users should be informed of the consequences of choosing a setting that rejects cookies (11 PVLR 1080, 7/2/12).

By Alexei Alexis and Donald G. Aplin  

Request Bloomberg Law: Privacy & Data Security