Privacy

by Eric Friske, UMN Law Student, MJLST Managing Editor

From one mouse click to the next, internet users knowingly and unknowingly leave a vast array of online data points that reveal something about those users’ identities and preferences. These digital footprints are collected and exploited by websites, advertisers, researchers, and other parties for a multitude of commercial and non-commercial purposes. Despite growing awareness by users that their online activities do not simply evaporate into the ether, many people are unaware of the extent to which their actions may be visible, collected, or used without their knowledge.

Scholars Omer Tene and Jules Polontensky, in their article “To Track or ‘Do Not Tract’: Advancing Transparency and Individual Control in Online Behavioral Advertising,” discusses the various online tracking technologies that have been used by industries to document and analyze these digital footprints, and argue that policymakers should be addressing the underlying value question regarding the benefits of online data usage and its inherent privacy costs.

With each new technological advance that seeks to make us more connected with the world around us, our daily lives and our online presence have become increasingly intertwined. Ordinary users have become more aware that their online activities lacks the anonymity that they once thought existed. However, despite this awareness, many users may not know what personal information is available online, how it got there, or how to prevent it. Moreover, some tracking services are undertaking efforts to prevent users from evading them, even when those users intentionally attempt to keep their online activities private.

Corporations have begun to recognize the importance of providing consumers with the opportunity to choose what information they wish to share while on the internet. For example, last May, Microsoft announced that Internet Explorer 10 will have a “Do Not Track” flag on by default, stating that it believes “consumers should have more control over how information about their online behavior is tracked, shared and used.” Not unexpectedly, the Interactive Advertising Bureau, a global non-profit trade association for the online advertising industry, denounced Microsoft’s move as “a step backwards in consumer choice;” although, some have argued that these pervasive tracking practices are actually robbing individuals of free choice. It should perhaps be noted that the popular internet browser Firefox already possesses a Do Not Track feature, though it is not engage by default, and Google has stated that it will include Do Not Track support for Chrome by the end of the year.

Regardless, while academic and political discussions on how to address these concerns continue to simmer, internet users who desire privacy must learn how to protect themselves in an online environment replete with corporations that are relentlessly trying scavenge every morsel of information they leave behind, something which may not be an easy task when tracking is so prevalent.

by Mike Borchardt, UMN Law Student, MJLST Managing Editor

Recent announcements from Microsoft have helped to underscore the current conflict between internet privacy advocates and businesses which rely on online tracking and advertising to generate revenues. Microsoft recently announced that “Do Not Track” settings will be enabled by default in the next version of their web browser, Internet Explorer 10 (IE 10).

As explained by Omer Tene and Jules Polonetsky in their article in the Minnesota Journal of Law, Science & Technology 13.1, “To Track or ‘Do not Track’: Advancing Transparency and Individual Control in Online Behavioral Advertising,” the amount and type of data web services and advertisers collect on users has developed as quickly as the internet itself. (For an excellent overview of various technologies used to track online behavior, and the variety of information they can obtain, see section II of their article). The success and ability of online services to supply their products free to users is heavily dependent on this data tracking and the advertising revenue it generates. Though many online services are dependent on this data collection in order to generate revenue, users and privacy advocates are suspicious about the amount of data being collected, how it is being used, and who has access.

And it is in response to this growing environment of unease concerning the amount and types of user data being collected that Microsoft has added these new Do Not Track features (All other major browsers are set to include do not track settings, with Google’s Chrome the last to announce them. These settings, however, will likely not be enabled by default. This, however, may not be the boon for user privacy that some have been hoping for. Do Not Track is a voluntary standard developed by the web industry; it relies on browser headings to tell advertisers not to track users (for a more in depth description of how this technology works, see pgs. 325-26 of Tene and Polonetsky’s article). This is where the problem arises-websites can ignore browser headings and track users anyway. Part of the Do Not Track standard developed by the industry is that users must opt in to Do Not Track-it cannot be enabled by default. In response to Microsoft’s default Do Not Track settings, Apache (the most common webserver application), has been updated to ignore do not track setting from IE 10 users. With one side claiming that “Microsoft deliberately violate[d] the standard,” and the other claiming that the industry is ignoring privacy for profit, the conflict over user data collection seems poised to continue.

A variety of alternatives to the industry implemented Do Not Track settings have been proposed. As the conflict continues, one of the most commonly proposed solutions is legislation. Privacy advocates and web companies, however, have very different views about what Do Not Track legislation should cover. (For differing viewpoints see “‘Do Not Track’ Internet spat risks legislative crackdown). Tene and Polonetsky argue that a value judgment must be made, that policymakers must evaluate whether the “information-for-value business model currently prevailing online” is socially acceptable or “a perverse monetization of users’ fundamental rights,” and create Do Not Track standards accordingly. Unfortunately, this choice between the generally free-to-use websites and web services users have come to expect on one hand, and personal privacy on the other, does not seem like much of a choice at all.

There are, however, alternatives to the standard Do Not Track proposals. One of the best is allowing the collection of user data to continue, but to legally limit the ways in which that data could be used. Tene and Polonetsky recommend a variety of policies that could be enacted which could help to assuage users’ privacy concerns, while allowing web services to continue generating targeted advertising revenue. Some of their proposals include limiting user data use to advertising and fraud prevention, preventing the use of data collected from children, anonymizing data as much as possible, limiting the retention of user data, limiting transmission of data to third parties, and clearly explaining to users what data is being collected about them and how it is being used. Many of these options have been proposed before, but used in conjunction they could provide an acceptable alternative to the strict Do Not Track approach proposed by privacy advocates, while still allowing the free-to-use, advertising-based web to thrive.