Security news that informs and inspires

Do Not Track Act Would Give Users More Power

There’s yet another effort underway in Washington to establish an enforceable Do Not Track system that would provide a one-click mechanism for people to opt out of persistent web tracking by advertisers and social media platforms.

The latest push comes in the form of the Do Not Track Act, a bill unveiled this week by Sen. Josh Hawley (R-Mo.) that emulates the structure of the Do Not Call registry. It would establish a method for consumers to send a signal to online companies that would block them from collecting any information past what is necessary to deliver their services. The bill also would stop companies from building profiles of the people who activate the DNT mechanism or discriminating against them if they use the option.

Hawley’s bill makes the Federal Trade Commission the enforcement authority for the system and any person who violates the measure would be liable for penalties of $50 per user affected by a violation for every day that the violation is ongoing.

“Big tech companies collect incredible amounts of deeply personal, private data from people without giving them the option to meaningfully consent. They have gotten incredibly rich by employing creepy surveillance tactics on their users, but too often the extent of this data extraction is only known after a tech company irresponsibly handles the data and leaks it all over the internet,” Hawley said.

“The American people didn't sign up for this, so I'm introducing this legislation to finally give them control over their personal information online.”

In practice, Hawley’s proposed Do Not Track system would involve an app or extension that people could download and would then “sends the DNT signal to every website, online service, or online application to which the device connects each time the device connects to such website, service, or application; and permits the user of the connected device to designate websites, services, or applications to which such signal should not be sent, but does not exempt any website, service, or application from receiving such signal if it is not so designated.”

"I think we should make it compulsory and give it the force of law and give consumers real choice and force the companies to comply. This puts the ball is the consumer’s court."

The Do Not Track Act is an attempt to rectify what has become an epidemic of online tracking and profile-building. Advertisers, website operators, and social media platforms all are heavily invested in monitoring users’ movements around the web, tracking where and when they interact with other sites and content. That tracking allows sites to build profiles of visitors and their interests and further target ads and other content. Those tracking methods and techniques are completely opaque for most people, and the existing mechanisms for opting out or preventing tracking range from mostly useless to pretty effective, but can also affect people’s browsing experience in a major way.

The Do Not Track option that’s built into most browsers today falls on the mostly useless end of the spectrum. Enabling the option sends a signal to sites that the visitor does not want to be tracked, but there is no enforcement for it and site owners have no obligation to respect it. Ad blockers and other similar browser extensions can be quite effective, but they don’t prevent all tracking and can also break certain elements on some sites and makes others nearly unusable.

Hawley’s bill seeks to remedy this situation by establishing the FTC as the enforcement authority and providing monetary penalties for violations. In a hearing of the Senate Judiciary Committee on Monday, Hawley said the bill was necessary to give consumers control over what data they share and whether they’re tracked.

“Google and Facebook are doing something different in this market. They’re not using traditional advertising models. They track us every single day. [The bill] just says that a consumer can make a one time choice to not be tracked. I think we should make it compulsory and give it the force of law and give consumers real choice and force the companies to comply. This puts the ball is the consumer’s court,” Hawley said.

Hawley’s bill is similar to draft legislation written earlier this month by staffers at DuckDuckGo, the privacy focused search engine provider, although the penalties are structured differently.