Jump to content

Do Not Track legislation: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
rv spam
 
(40 intermediate revisions by 21 users not shown)
Line 1: Line 1:
{{Short description|Legislation regarding the DNT HTTP header field}}
{{Multiple issues|
{{Globalize|article|USA|2name=the United States|date=May 2013}}
{{Globalize|article|USA|2name=the United States|date=May 2013}}
{{Prose|date=January 2023}}
}}
{{use mdy dates|date=January 2023}}


'''Do Not Track''' legislation protects users’ right to choose whether or not they want to be [[Web visitor tracking|tracked]] by third-party websites. It is often called the online version of "[[National Do Not Call Registry|Do Not Call]]".<ref>{{cite news|last=Linsey|first=Davis|title=Do Not Track: The Online Version of 'Do Not Call'|url=https://abcnews.go.com/WNT/video/track-online-version-call-monitor-tracking-companies-internet-activity-12299832|access-date=1 May 2012|newspaper=abc News|date=Dec 2, 2012}}</ref> The legislation is supported by privacy advocates and opposed by advertisers and services that use tracking information to personalize web content.<ref>{{Cite web|last=Chmielewski|first=Dawn|date=2016-01-04|title=How 'Do Not Track' Ended Up Going Nowhere|url=https://www.vox.com/2016/1/4/11588418/how-do-not-track-ended-up-going-nowhere|access-date=2020-10-24|website=Vox|language=en}}</ref> In 2019, Senator [[Josh Hawley]] introduced legislation called the Do Not Track Act, which is currently pending.<ref name="congress.gov">{{Cite web|url=https://www.congress.gov/bill/116th-congress/senate-bill/1578/text|title=Text - S.1578 - 116th Congress (2019-2020): Do Not Track Act|date=21 May 2019}}</ref>
'''Do Not Track legislation''' protects Internet users' right to choose whether or not they want to be [[Web tracking|tracked]] by third-party websites. It has been called the online version of "[[National Do Not Call Registry|Do Not Call]]".<ref>{{Cite news |last=Linsey |first=Davis |date=Dec 2, 2012 |title=Do Not Track: The Online Version of 'Do Not Call' |work=ABC News |format=Flash video |url=https://abcnews.go.com/WNT/video/track-online-version-call-monitor-tracking-companies-internet-activity-12299832 |url-status=dead |archive-url=https://web.archive.org/web/20130727150856/http://abcnews.go.com/WNT/video/track-online-version-call-monitor-tracking-companies-internet-activity-12299832 |archive-date=27 July 2013 |access-date=1 May 2012}}</ref> This type of legislation is supported by privacy advocates and opposed by advertisers and services that use tracking information to personalize web content.<ref>{{Cite web|last=Chmielewski|first=Dawn|date=2016-01-04|title=How 'Do Not Track' Ended Up Going Nowhere|url=https://www.vox.com/2016/1/4/11588418/how-do-not-track-ended-up-going-nowhere |url-status=live |archive-url=https://web.archive.org/web/20190710143412/https://www.vox.com/2016/1/4/11588418/how-do-not-track-ended-up-going-nowhere |archive-date=2019-07-10|access-date=2020-10-24|website=Vox|language=en}}</ref> [[Do Not Track]] (DNT) is a formerly official HTTP header field, designed to allow internet users to [[opt-out]] of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of that data outside its context. Efforts to standardize Do Not Track by the [[World Wide Web Consortium]] did not reach their goal and ended in September 2018 due to insufficient deployment and support.


== Overview ==
== Overview ==
With the development of [[Internet technology]], a large number of people, business entities and organizations heavily interact with each other. For instance, [[Facebook]] enables its users to socialize with each other. [[Google]] provides e-mail services and entertainment through [[Gmail]] and [[YouTube]]. Customers pay fees for the services or are exposed to advertisements. While this interaction is processed, users leave a trace of their personal information such as [[IP address]] or search history on the internet.
With the development of [[Internet technology]], a large number of people, business entities and organizations heavily interact with each other. For instance, [[Facebook]] enables its users to socialize with each other. [[Google]] provides e-mail services and entertainment through [[Gmail]] and [[YouTube]]. Customers pay fees for the services or are exposed to advertisements. While this interaction is processed, users leave a trace of their personal information such as [[IP address]] or search history on the internet.


[[Personal information]] has become a valuable asset because many business entrepreneurs are utilizing it to implement [[Targeted advertising|targeting advertisements]] or [[Marketing promotion|marketing promotions]].<ref>{{cite journal|last=Mulconrey|first=Brian|title=Your personal information: Managing your most valuable asset|journal=The Futurist|date=Oct 2005|volume=39|series=5|page=24}}</ref> According to a press release from the [[Consumer Watchdog]], however, there is a growing concern for the rampant collection of personal information.<ref>{{cite web|last=Simpson|first=John|title=Consumer Watchdog poll finds concern about Google's Wi-Spy snooping|url=http://insidegoogle.com/2010/07/consumer-watchdog-poll-finds-concern-about-googles-wi-spy-snooping/|publisher=Consumer Watchdog|access-date=18 February 2012}}</ref><ref>{{cite journal|last=Dye|first=Jessica|title=Consumer Privacy Advocates Seek Search Engine Solution|journal=EContent|issue=March|year=2009|url=http://www.econtentmag.com/Articles/News/News-Feature/Consumer-Privacy-Advocates—Seek-Search-Engine-Solution-52679.htm|access-date=4 May 2012}}</ref> Privacy advocates worry about the fact that search engine companies can store and utilize the users’ profile, medical history, criminal records, location, and their orientation to implement a marketing strategy. In an effort to alleviate those concerns, several U.S. legislators are trying to enact laws to protect internet users’ privacy.
[[Personal information]] has become a valuable asset because many business entrepreneurs are utilizing it to implement [[Targeted advertising|targeting advertisements]] or [[marketing promotion]]s.<ref>{{Cite journal |last=Mulconrey |first=Brian |date=Oct 2005 |title=Your personal information: Managing your most valuable asset |url=https://www.proquest.com/docview/218577140 |journal=The Futurist |volume=39 |issue=5 |pages=24–27 |id={{ProQuest|218577140}} |url-access=subscription |via=ProQuest}}</ref> According to a press release from the [[Consumer Watchdog]], however, there is a growing concern for the rampant collection of personal information.<ref>{{Cite web |last=Simpson |first=John M. |date=2010-07-27 |title=Consumer Watchdog poll finds concern about Google's Wi-Spy snooping |url=http://insidegoogle.com/2010/07/consumer-watchdog-poll-finds-concern-about-googles-wi-spy-snooping/ |access-date=2023-01-28 |website=Inside Google |publisher=Consumer Watchdog}}</ref><ref>{{Cite journal |last=Dye |first=Jessica |date=2009-02-19 |title=Consumer Privacy Advocates Seek Search Engine Solution |url=http://www.econtentmag.com/Articles/News/News-Feature/Consumer-Privacy-Advocates—Seek-Search-Engine-Solution-52679.htm |journal=EContent Magazine |issue=March 2009 |archive-url=https://web.archive.org/web/20150501033933/http://www.econtentmag.com/Articles/News/News-Feature/Consumer-Privacy-Advocates%E2%80%94Seek-Search-Engine-Solution-52679.htm |archive-date=2015-05-01 |access-date=2023-01-28}}</ref> Privacy advocates worry about the fact that search engine companies can store and utilize the users' profile, medical history, criminal records, location, and their orientation to implement a marketing strategy. In an effort to alleviate those concerns, several U.S. legislators are trying to enact laws to protect internet users' privacy.


Most U.S. citizens are aware that their online behaviors are being tracked by advertisers, and they are often opposed to this practice. A survey conducted by [[The Gallup Organization]] and the ''[[USA Today]]'' shows 61% of respondents know that some advertisements are shown to them based on their interests. 67% of respondents said that targeting advertisements based on consumers’ online behaviors is unallowable, and 61% of respondents argued that online behavior tracking is unjustifiable. 37% of respondents answered they do not want [[Behavioral targeting|targeting advertisement]], 14% said that they would allow those advertisements.<ref>{{cite news|last=Lymari|first=Morales|title=U.S. Internet Users Ready to Limit Online Tracking for Ads|url=http://www.gallup.com/poll/145337/internet-users-ready-limit-onlinetracking-ads.aspx|access-date=1 May 2012|newspaper=Gallup Economy|date=Dec 21, 2010}}</ref>
Most U.S. citizens are aware that their online behaviors are being tracked by advertisers, and they are often opposed to this practice. A survey conducted by [[The Gallup Organization]] and the ''[[USA Today]]'' shows 61% of respondents know that some advertisements are shown to them based on their interests. 67% of respondents said that targeting advertisements based on consumers' online behaviors is unallowable, and 61% of respondents argued that online behavior tracking is unjustifiable. 37% of respondents answered they do not want [[Behavioral targeting|targeting advertisement]], 14% said that they would allow those advertisements.<ref>{{Cite news |last=Morales |first=Lymari |date=2010-12-21 |title=U.S. Internet Users Ready to Limit Online Tracking for Ads |work=Gallup Economy |url=http://www.gallup.com/poll/145337/internet-users-ready-limit-onlinetracking-ads.aspx |access-date=2012-05-01}}</ref>


== History ==
== History ==
On December 1, 2010, the U.S. [[Federal Trade Commission]] (FTC) published a preliminary report highlighting the consumers’ right to prevent websites from tracking their online behaviors.<ref>{{cite web|title=FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers|date=December 2010|url=http://www.ftc.gov/opa/2010/12/privacyreport.shtm|publisher=Federal Trade Commission|access-date=2 May 2012}}</ref> The central plank of the bill was to add a [[Do not track header|Do Not Track opt-out]] function to web browsers. The FTC judged that online marketers’ pervasive collection of [[personal information]] could possibly violate privacy. This issue began to surface again in 2012 after [[Google]] announced its new privacy policy. Reps. [[Edward Markey]], [[Joe Barton]], and [[Cliff Stearns]] asked the FTC to investigate the legality of Google’s change of privacy policy. They sent a letter to the FTC regarding Google’s changed privacy policy.<ref name="LTRtoFTC">Rep. Joe Barton (R-TX), cosponsor Rep. Ed Markey (D-MA), cosponsor Rep. Cliff Stearns (R-FL), "Letter to FTC regarding Google" (February 17, 2012), http://markey.house.gov/sites/markey.house.gov/files/documents/2-17-12%20LTR%20to%20FTC%20Regarding%20Google.pdf {{Webarchive|url=https://web.archive.org/web/20121030144804/http://markey.house.gov/sites/markey.house.gov/files/documents/2-17-12%20LTR%20to%20FTC%20Regarding%20Google.pdf |date=2012-10-30 }}</ref><ref name="congress.gov"/>
On December 1, 2010, the U.S. [[Federal Trade Commission]] (FTC) published a preliminary report highlighting the consumers' right to prevent websites from tracking their online behaviors.<ref>{{Cite press release |title=FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers |date=2010-12-01 |publisher=[[Federal Trade Commission]] |url=https://www.ftc.gov/news-events/news/press-releases/2010/12/ftc-staff-issues-privacy-report-offers-framework-consumers-businesses-policymakers |access-date=2023-01-28}}</ref> The central plank of the bill was to add a [[Do not track header|do not track opt-out]] function to web browsers. The FTC judged that online marketers' pervasive collection of [[personal information]] could possibly violate privacy. This issue began to surface again in 2012 after [[Google]] announced its new privacy policy. Representatives [[Edward Markey]], [[Joe Barton]], and [[Cliff Stearns]] asked the FTC to investigate the legality of Google's change of privacy policy. They sent a letter to the FTC regarding Google's changed privacy policy.<ref name="LTRtoFTC">{{cite web |last1=Markey |first1=Edward J. |last2=Barton |first2=Joe |last3=Stearns |first3=Cliff |title=Letter to FTC regarding Google |url=http://markey.house.gov/sites/markey.house.gov/files/documents/2-17-12%20LTR%20to%20FTC%20Regarding%20Google.pdf |website=markey.house.gov |publisher=U.S. House of Representatives |access-date=2023-01-28 |archive-url=https://web.archive.org/web/20121030144804/http://markey.house.gov/sites/markey.house.gov/files/documents/2-17-12%20LTR%20to%20FTC%20Regarding%20Google.pdf |archive-date=2012-10-30 |date=2012-02-17}}</ref><ref name="congress.gov">{{Cite web |last=Hawley |first=Josh |date=2019-05-21 |title=S.1578 - Do Not Track Act |url=https://www.congress.gov/bill/116th-congress/senate-bill/1578/text |access-date=2023-01-28 |website=congress.gov |publisher=U.S. Congress}}</ref>


== United States legislation ==
== United States legislation ==


=== Do Not Track Act of 2019 ===
=== Do Not Track Act of 2019 ===
The most recent legislation was introduced by Senator Josh Hawley in 2019.<ref name="congress.gov"/> The bill updates previous efforts to create Do Not Track programs by applying the concept beyond web browsers and to all Internet activity, including mobile applications. The bill would allow individuals to, at a touch of a button, prohibit any company from collecting any more data than is indispensable to providing its service, and the bill would impose strict penalties on any company that violated the act.<ref>{{Cite web|url=https://www.hawley.senate.gov/senator-hawley-introduce-legislation-give-american-people-do-not-track-option|title = Senator Hawley to Introduce Legislation to Give the American People a "Do Not Track" Option}}</ref><ref name="congress.gov"/>
The most recent legislation was introduced by Senator Josh Hawley in 2019.<ref name="congress.gov" /> The bill updates previous efforts to create Do Not Track programs by applying the concept beyond web browsers and to all Internet activity, including mobile applications. The bill would allow individuals to, at a touch of a button, prohibit any company from collecting any more data than is indispensable to providing its service, and the bill would impose strict penalties on any company that violated the act.<ref>{{Cite press release |title=Senator Hawley to Introduce Legislation to Give the American People a "Do Not Track" Option |date=2019-05-20 |publisher=[[Josh Hawley]] |url=https://www.hawley.senate.gov/senator-hawley-introduce-legislation-give-american-people-do-not-track-option}}</ref><ref name="congress.gov" />


=== Do Not Track Me Online Act of 2011 ===
=== Do Not Track Me Online Act of 2011 ===
{{Main|FTC regulation of behavioral advertising#Do Not Track Me Online Act of 2011}}
{{Main|FTC regulation of behavioral advertising#Do Not Track Me Online Act of 2011}}
The Do Not Track Me Online Act of 2011 attempted to make the FTC set the standards for the use of an online opt-out function in the United States, which allows a consumer to forbid the collection or use of private information and to demand a business entity to comply with the choice of a consumer to opt out of such collection or use.<ref name="DNT">Rep. Jackie Speier (D-CA), "Do Not Track Me Online Act of 2011" (February 11, 2011), http://www.gpo.gov/fdsys/pkg/BILLS-112hr654ih/pdf/BILLS-112hr654ih.pdf</ref> The bill was regarded as an online version of the [[Do-Not-Call Implementation Act of 2003|Do Not Call]] law which prevents telemarketers from placing a call to individuals who do not want to receive calls from them. This bill also stated that each respective business entity should disclose the current status of personal information collection and whom they share the information with.
The Do Not Track Me Online Act of 2011 attempted to make the FTC set the standards for the use of an online opt-out function in the United States, which allows a consumer to forbid the collection or use of private information and to demand a business entity to comply with the choice of a consumer to opt out of such collection or use.<ref name="DNT">{{cite web |last1=Speier |first1=Jackie |author1-link=Jackie Speier |title=H.R. 654 Do Not Track Me Online Act |url=https://www.govinfo.gov/content/pkg/BILLS-112hr654ih/pdf/BILLS-112hr654ih.pdf |website=GovInfo |publisher=U.S. Government Publishing Office |access-date=28 January 2023 |date=2011-02-11}}</ref> The bill was regarded as an online version of the [[Do-Not-Call Implementation Act of 2003|Do Not Call]] law which prevents telemarketers from placing a call to individuals who do not want to receive calls from them. This bill also stated that each respective business entity should disclose the current status of personal information collection and whom they share the information with.


According to the Do Not Track Me Online Act of 2011, personal information includes:
According to the Do Not Track Me Online Act of 2011, personal information includes:
* Name, a postal address or other location, an email address or other user name, a telephone or [[fax]] number
* Name, a postal address or other location, an email address or other user name, a telephone or [[fax]] number
* Government-issued identification numbers like [[tax identification number]]s, [[passport]] numbers, or [[driver’s license]] numbers
* Government-issued identification numbers like [[tax identification number]]s, [[passport]] numbers, or [[driver’s license|driver's license]] numbers
* Financial account number, or [[credit card]] or [[debit card]] number, or any required security code, access code, or password that is necessary to permit access to an individual’s financial account
* Financial account number, or [[credit card]] or [[debit card]] number, or any required security code, access code, or password that is necessary to permit access to an individual's financial account
The bill also forbids data collection about the following:
The bill also forbids data collection about the following:
* [[Medical history]], physical or mental health, or the provision of health care to the individual
* [[Medical history]], physical or mental health, or the provision of health care to the individual
Line 32: Line 37:
* [[Sexual orientation]] or sexual behavior
* [[Sexual orientation]] or sexual behavior
* Income, assets, liabilities, or financial records, and other financial information associated with a financial account, including balances and other financial information, except when financial account information is provided by the individual and is used only to process an authorized credit or debit to the account
* Income, assets, liabilities, or financial records, and other financial information associated with a financial account, including balances and other financial information, except when financial account information is provided by the individual and is used only to process an authorized credit or debit to the account
* Precise [[geolocation]] information and any information about the individual’s activities and relationships associated with such geolocation
* Precise [[geolocation]] information and any information about the individual's activities and relationships associated with such geolocation
* [[Biometric]] data, including a [[Fingerprint recognition|fingerprint]] or [[retina scan]]
* [[Biometric]] data, including a [[Fingerprint recognition|fingerprint]] or [[retina scan]]
* [[Social Security number]]
* [[Social Security number]]


The bill was introduced on February 11, 2011. However, it was not enacted.<ref>{{Cite web|url=https://www.govtrack.us/congress/bills/112/hr654|title=Do Not Track Me Online Act (2011 - H.R. 654)}}</ref>
The bill was introduced on February 11, 2011. However, it was not enacted.<ref>{{Cite web |title=H.R. 654 (112th): Do Not Track Me Online Act |url=https://www.govtrack.us/congress/bills/112/hr654 |access-date=2023-01-28 |website=GovTrack.us}}</ref>


=== California Senate Bill 761 ===
=== <ref>{{Cite journal|last=Sante|first=Kally|date=|title=Figure S1: Correlations between citation index (WoSCC) and time cited (WOSCC) (A); citation index (Scopus) and time cited (Scopus) (B); citation index (Scopus) and citation index (WoSCC) (C)|doi=10.7717/peerj.6411/supp-1}}</ref>California Senate Bill 761 ===
[[California Senate]] Bill 761 was introduced by Senator [[Alan Lowenthal]] on February 18, 2011, and amended by the California State Senate on May 10, 2011.<ref name="CASB761">Sen. Alan Lowenthal (D-CA), "California Senate Bill 761" (February 18, 2011), http://info.sen.ca.gov/pub/11-12/bill/sen/sb_0751-0800/sb_761_bill_20110510_amended_sen_v95.pdf{{Dead link|date=July 2019 |bot=InternetArchiveBot |fix-attempted=yes }}</ref> The intent of this bill was to forestall shirking of responsibility of corporations’ [[Information leakage|personal information leakage]] and to strengthen the protection for customers. This bill also included:
[[California Senate]] Bill 761 was introduced by Senator [[Alan Lowenthal]] on February 18, 2011, and amended by the California Senate on May 10, 2011.<ref name="CASB761">{{Cite web |last=Lowenthal |first=Alan |date=2011-02-18 |title=SB-761 Computer spyware |url=https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201120120SB761 |access-date=2023-01-28 |website=California Legislative Information |publisher=California Legislature}}</ref> The intent of this bill was to forestall shirking of responsibility of corporations' [[Information leakage|personal information leakage]] and to strengthen the protection for customers. This bill also included:
* Levying a fine to companies which do not follow the bill
* Levying a fine to companies which do not follow the bill
* Requiring every company in California to make public the activities such as collection, utilization, and storage of customers’ personal information
* Requiring every company in California to make public the activities such as collection, utilization, and storage of customers' personal information
* Providing methods to select whether or not to be tracked for the customers
* Providing methods to select whether or not to be tracked for the customers


However; on April 27, 2011, several business entities expressed strong opposition to the bill in a letter.<ref>{{cite web|title=Opposition letter to SB 761|url=http://static.arstechnica.com/oppositionletter.pdf | access-date = 2 May 2012}}</ref> The objectors characterized the bill as:
However, on April 27, 2011, several business entities expressed strong opposition to the bill in a letter. The objectors characterized the bill as:<ref>{{cite web |title=Letter from over 30 organizations to Senator Lowenthal opposing SB 761 |url=http://cdn.arstechnica.net/oppositionletter.pdf |website=[[Ars Technica]] |access-date=2023-01-28 |archive-url=https://web.archive.org/web/20130423234607/http://cdn.arstechnica.net/oppositionletter.pdf |archive-date=2013-04-23 |date=2011-04-27}}</ref>
* Unnecessary
* Unnecessary
* Harmful for California’s Internet economy and innovation
* Harmful for California's Internet economy and innovation
* Unworkable and unenforceable
* Unworkable and unenforceable
* Gratuitously singles out advertising companies for special regulation
* Gratuitously singles out advertising companies for special regulation
Line 83: Line 88:
=== Consumer Privacy Protection Act of 2011 ===
=== Consumer Privacy Protection Act of 2011 ===


Reps. [[Cliff Stearns]] and [[Jim Matheson]] introduced a bill to improve and protect [[consumer privacy]] on April 13, 2011. This bill suggests consumers control the uses of [[personal information|private information]] collected by websites. This bill also states that consumers should be able to place a limit upon the disclosure of information to third-party websites. According to this bill, websites must prompt a clear and conspicuous notice for customers before collecting personal information which is irrelevant to main transactions.<ref name="CPPAO2011">Rep. Cliff Stearns (R-FL), cosponsor Rep. Matheson (D-UT), "Consumer Privacy Protection Act of 2011" (April 13, 2011), http://www.gpo.gov/fdsys/pkg/BILLS-112hr1528ih/pdf/BILLS-112hr1528ih.pdf</ref> In addition, at the time of the information collection, websites must display their privacy policy to customers. The policy is supposed to clarify the types of information collected, as well as the way the information would be utilized. Websites are also required to provide consumers with the "[[Do not track header|opt-out]]" option. Once the customer makes a decision, websites cannot ask him/her to change the opt-out status until at least a year after the customers’ choice.
U.S. Representatives [[Cliff Stearns]] and [[Jim Matheson]] introduced a bill to improve and protect [[consumer privacy]] on April 13, 2011. This bill suggests consumers control the uses of [[personal information|private information]] collected by websites. This bill also states that consumers should be able to place a limit upon the disclosure of information to third-party websites. According to this bill, websites must prompt a clear and conspicuous notice for customers before collecting personal information which is irrelevant to main transactions.<ref name="CPPAO2011">{{Cite web |last=Stearns |first=Cliff |date=2011-04-13 |title=H.R.1528 - Consumer Privacy Protection Act of 2011 |url=https://www.congress.gov/bill/112th-congress/house-bill/1528/text |access-date=2022-01-28 |website=congress.gov |publisher=U.S. Congress}}</ref> In addition, at the time of the information collection, websites must display their privacy policy to customers. The policy is supposed to clarify the types of information collected, as well as the way the information would be utilized. Websites are also required to provide consumers with the "[[Do not track header|opt-out]]" option. Once the customer makes a decision, websites cannot ask him/her to change the opt-out status until at least a year after the customers' choice.

The bill failed to pass beyond the [[House Committee on Energy and Commerce]].


=== Commercial Privacy Bill of Rights ===
=== Commercial Privacy Bill of Rights ===


Senators [[John Kerry]] and [[John McCain]] announced a [[bipartisan]] Commercial Privacy Bill of Rights, the United States' "first comprehensive privacy law", during a [[press conference]] on April 12, 2011.<ref name="CPBR">Sen. John Kerry (D-MA), cosponsor Sen. John McCain (R-AZ), "Commercial Privacy Bill of Rights Act of 2011" (April 12, 2011), http://www.kerry.senate.gov/imo/media/doc/Commercial%20Privacy%20Bill%20of%20Rights%20Text.pdf {{Webarchive|url=https://web.archive.org/web/20120522081613/http://www.kerry.senate.gov/imo/media/doc/Commercial%20Privacy%20Bill%20of%20Rights%20Text.pdf|date=2012-05-22}}</ref><ref>{{cite web|title=Introducing the Commercial Privacy Bill of Rights(press conference)|url=https://www.senate.gov/fplayers/CommPlayer/commFlashPlayer.cfm?fn=srs041211&st=964|access-date=3 May 2012}}</ref> The purpose of this bill, which prescribed consumer privacy rights, was to establish a regulatory framework for the comprehensive protection of personal data for individuals.<ref name=wsj>{{cite news|last=Angwin|first=Julia|author-link=Julia Angwin|title=Senators Offer Privacy Bill to Protect Personal Data|url=https://www.wsj.com/articles/SB10001424052748703385404576258942268540486|newspaper=Wall Street Journal|date=13 April 2011}}</ref> It mandated that websites collecting user information on over 5000 individuals:
U.S. Senators [[John Kerry]] and [[John McCain]] announced a [[bipartisan]] commercial privacy bill of rights, which they said would be the "first comprehensive privacy law" for the U.S. during a [[press conference]] on April 12, 2011.<ref name="CPBR">{{Cite web |last1=Kerry |first1=John |last2=McCain |first2=John |date=2011-04-12 |title=S.799 - Commercial Privacy Bill of Rights Act of 2011 |url=https://www.congress.gov/bill/112th-congress/senate-bill/799/text |access-date=2023-01-28 |website=congress.gov |publisher=U.S. Congress |ref=CPBR}}</ref><ref>{{cite web|title=Introducing the Commercial Privacy Bill of Rights (press conference)|url=https://www.senate.gov/fplayers/CommPlayer/commFlashPlayer.cfm?fn=srs041211&st=964|archive-url=https://web.archive.org/web/20110417052643/http://www.senate.gov/fplayers/CommPlayer/commFlashPlayer.cfm?fn=srs041211&st=964|url-status=dead|archive-date=April 17, 2011|access-date=2012-05-03}}</ref>
The purpose of this bill, which prescribed consumer privacy rights, was to establish a regulatory framework for the comprehensive protection of personal data for individuals.<ref name="wsj">{{Cite news |last=Angwin |first=Julia |author-link=Julia Angwin |date=2011-04-13 |title=Senators Offer Privacy Bill to Protect Personal Data |work=Wall Street Journal |url=https://www.wsj.com/articles/SB10001424052748703385404576258942268540486 |access-date=2023-01-28}}</ref> It would have mandated that websites collecting user information on over 5,000 individuals:


*Implement security measures
*Implement security measures
Line 94: Line 102:
*Collect personal information in order only to process a transaction or to enhance the quality of service
*Collect personal information in order only to process a transaction or to enhance the quality of service
* Discard the information collected after a certain period of time
* Discard the information collected after a certain period of time

The bill failed to pass through the Senate's [[United States Senate Committee on Commerce, Science, and Transportation|Committee on Commerce, Science, and Transportation]].<ref name="CPBR" />


=== Do Not Track Online Act of 2011 ===
=== Do Not Track Online Act of 2011 ===
On May 6, 2011, the [[U.S. Senate]] pushed ahead a bill forbidding online business entities from collecting online users’ location information.<ref name="DNTOA">Sen. Jay Rockefeller (D-WV), "Do Not Track Online Act of 2011" (May 6, 2011), http://commerce.senate.gov/public/?a=Files.Serve&File_id=85b45cce-63b3-4241-99f1-0bc57c5c1cff</ref> According to this bill, corporations can collect user information under an apparent consent. The notice on the collection and use of information should be provided to users in a clear, conspicuous, and accurate manner. Senator [[Jay Rockefeller]], the chairman of the [[Senate Committee on Commerce, Science and Transportation]], mandated corporations to respect users’ denial of information collection. In addition, the [[Federal Trade Commission|FTC]] was mandated to punish corporations not following this bill. The bill includes [[civil penalties]] of $16,000 per day for violations, with a maximum total liability of $15 million.
On May 6, 2011, Senator [[Jay Rockefeller]] introduced in the [[U.S. Senate]] a bill that would forbid online business entities from collecting online users' location information.<ref name="DNTOA">{{cite web |last1=Rockefeller |first1=John D. |title=S.913 - Do-Not-Track Online Act of 2011 |url=https://www.congress.gov/bill/112th-congress/senate-bill/913/text |website=congress.gov |publisher=U.S. Congress |access-date=2023-01-28 |date=2011-05-09}}</ref> According to this bill, corporations would have been able to collect user information under apparent consent. The notice on the collection and use of information should be provided to users in a clear, conspicuous, and accurate manner. The bill would have mandated that corporations respect users' denial of information collection and further mandated the [[Federal Trade Commission|FTC]] punish corporations not following this bill. The bill included [[civil penalties]] of $16,000 per day for violations, with a maximum total liability of $15 million.


=== Do Not Track Kids Act of 2011 ===
=== Do Not Track Kids Act of 2011 ===


Representative [[Edward Markey]] introduced a bill called the "Do Not Track Kids Act of 2011".<ref>Rep. Ed Markey (D-MA), "Do Not Track Kids Act of 2011" (May 5, 2011), http://markey.house.gov/sites/markey.house.gov/files/documents/dntk_legislation_0.pdf {{Webarchive|url=https://web.archive.org/web/20120526131103/http://markey.house.gov/sites/markey.house.gov/files/documents/dntk_legislation_0.pdf |date=2012-05-26 }}</ref> This bill requires that online stores should get parents’ consent when they collect kids’ information. Even though they can collect it, they cannot use it for marketing purposes.<ref>{{cite web|title=Protecting Children's Privacy in an Electronic World (Statement at Hearing)|website = [[YouTube]]|url=https://www.youtube.com/watch?v=n4bl0bsJDRo|access-date=2 May 2012}}</ref> The goal of the "Do Not Track Kids Act of 2011" is to strengthen privacy protection for children by:
Representative [[Edward Markey]] introduced a bill called the "Do Not Track Kids Act of 2011".<ref>Rep. Ed Markey (D-MA), [http://markey.house.gov/sites/markey.house.gov/files/documents/dntk_legislation_0.pdf "Do Not Track Kids Act of 2011"] (May 5, 2011). {{Webarchive|url=https://web.archive.org/web/20120526131103/http://markey.house.gov/sites/markey.house.gov/files/documents/dntk_legislation_0.pdf|date=2012-05-26}}</ref> This bill requires that online stores should get parents' consent when they collect kids' information. Even though they can collect it, they cannot use it for marketing purposes.<ref>{{cite web|title=Protecting Children's Privacy in an Electronic World (Statement at Hearing)|website = [[YouTube]]|url=https://www.youtube.com/watch?v=n4bl0bsJDRo|access-date=2 May 2012}}</ref> The goal of the "Do Not Track Kids Act of 2011" is to strengthen privacy protection for children by:


*Requiring [[information brokers|data brokers]] to explain the type of information being collected, how the information is used, and policies related to collection of information
*Requiring [[information brokers|data brokers]] to explain the type of information being collected, how the information is used, and policies related to collection of information
Line 130: Line 140:
The FTC also recommends [[mobile app]]lication companies to come up with simple, effective, and approachable privacy protection measures. It also required data brokers to reveal their identities by establishing a centralized website enabling transparent collection of personal information, and to allow users to access personal information collected by data brokers.
The FTC also recommends [[mobile app]]lication companies to come up with simple, effective, and approachable privacy protection measures. It also required data brokers to reveal their identities by establishing a centralized website enabling transparent collection of personal information, and to allow users to access personal information collected by data brokers.


== The Right to be Forgotten (European Union) ==
== The right to be forgotten (European Union) ==
{{Main|The Right to be Forgotten}}
{{Main|Right to be forgotten}}


=== Concept ===
=== Concept ===
The [[European Union]] expressed its concern about the personal information management. On January 25, 2012, [[Viviane Reding]], the vice chairperson of the [[European Commission]], suggested [[General Data Protection Regulation]] which is a more strict form than the Directive 95/46/EC is. This is a right to ask service providers to delete the personal information which were collected by [[data broker]]s under a users’ consent in order to strengthen the user information protection. The right to be forgotten also includes the notion of not to be searched, and extinctive prescription of information.<ref name="RTBF">European Commission, "Proposal for a Regulation of the European Parliament and of the Council", (January 25, 2012), http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf</ref>
The [[European Union]] expressed its concern about the personal information management. On January 25, 2012, [[Viviane Reding]], the vice chairperson of the [[European Commission]], suggested [[General Data Protection Regulation]] which is a more strict form than the Directive 95/46/EC is. This is a right to ask service providers to delete the personal information which were collected by [[data broker]]s under a users' consent in order to strengthen the user information protection. The right to be forgotten also includes the notion of not to be searched, and extinctive prescription of information.<ref name="RTBF">European Commission, [http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf "Proposal for a Regulation of the European Parliament and of the Council"], (January 25, 2012). {{Archive url|url=https://web.archive.org/web/20120307150328/http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf|date=2012-03-07}}</ref>


The regulation recommends service providers to request consent from their users when they deal with sensitive [[personal information]]. When failing to comply with the regulation, service providers would be fined up to €1 million or 2% of their sales figures.<ref>{{Cite web|title=Fines / Penalties|url=https://gdpr-info.eu/issues/fines-penalties/|access-date=2020-10-30|website=General Data Protection Regulation (GDPR)|language=en-US}}</ref><ref>{{Cite web|last=|first=|date=|title=Factsheet on the "Right to be Forgotten" ruling|url=https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2014/06/factsheet_data_protection_en.pdf|access-date=|website=}}</ref>
The regulation recommends service providers to request consent from their users when they deal with sensitive [[personal information]]. When failing to comply with the regulation, service providers would be fined up to €1 million or 2% of their sales figures.<ref>{{Cite web |title=Fines / Penalties |url=https://gdpr-info.eu/issues/fines-penalties/ |access-date=2020-10-30 |website=gdpr-info.eu |publisher=Intersoft Consulting}}</ref><ref>{{Cite web |title=Factsheet on the "Right to be Forgotten" ruling |url=https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2014/06/factsheet_data_protection_en.pdf |url-status=live |archive-url=https://web.archive.org/web/20221006030255/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2014/06/factsheet_data_protection_en.pdf |archive-date=2022-10-06 |access-date=2022-01-28 |website=Privacy & Information Security Law Blog}}</ref>


Reding articulated that change of regulations related to the past Internet environment is inevitable due to the changes of digital circumstances such as technological development and globalization. She also stated that the current credibility of Internet companies is low because of weak personal information management.
Reding articulated that change of regulations related to the past Internet environment is inevitable due to the changes of digital circumstances such as technological development and globalization. She also stated that the current credibility of Internet companies is low because of weak personal information management.
Line 143: Line 153:
* Autonomic control of personal information
* Autonomic control of personal information
* Applicable regulation not only of companies based in the EU area, but also for companies dealing with personal information of EU citizens
* Applicable regulation not only of companies based in the EU area, but also for companies dealing with personal information of EU citizens
* Request users’ apparent consent before collecting personal information
* Request users' apparent consent before collecting personal information
* A unitary regulation applied to the entire EU
* A unitary regulation applied to the entire EU
* Mandatory reporting when [[information leakage]] occurs
* Mandatory reporting when [[information leakage]] occurs
Line 150: Line 160:
=== Objection against the statute ===
=== Objection against the statute ===
As a response to the proposal, there are several objections against the statute.
As a response to the proposal, there are several objections against the statute.
* Corporations are opposed to it, claiming that the strict internet standard would aggravate the economic situation of EU and retard the development of the Internet industry<ref name="Grant">{{cite news|last=Grant|first=Gross|title=Critics: EU's proposed data protection rules could hinder Internet|url=http://www.computerworld.com/s/article/9223717/Critics_EU_s_proposed_data_protection_rules_could_hinder_Internet|access-date=3 May 2012|newspaper=ComputerWorld|date=Jan 25, 2012}}</ref>
* Corporations are opposed to it, claiming that the strict internet standard would aggravate the economic situation of EU and retard the development of the Internet industry<ref name="Grant">{{cite news|last=Grant|first=Gross|title=Critics: EU's proposed data protection rules could hinder Internet|url=http://www.computerworld.com/s/article/9223717/Critics_EU_s_proposed_data_protection_rules_could_hinder_Internet|access-date=3 May 2012|newspaper=ComputerWorld|date=January 25, 2012}}</ref>
* [[Edward Vaizey]], the [[Minister for Culture, Communications and Creative Industries]] in UK, raised doubt on how they can implement the “right to be forgotten” since it is easy to replicate the original copy of content on the Internet<ref>{{cite news|last=Matt|first=Warman|title=Government minister Ed Vaizey questions EU 'right to be forgotten' regulations|url=https://www.telegraph.co.uk/technology/news/9109669/Government-minister-Ed-Vaizey-questions-EU-right-to-be-forgotten-regulations.html|access-date=3 May 2012|newspaper=The Telegraph|date=Feb 28, 2012}}</ref>
* [[Edward Vaizey]], the [[Minister for Culture, Communications and Creative Industries]] in UK, raised doubt on how they can implement the “right to be forgotten” since it is easy to replicate the original copy of content on the Internet<ref>{{cite news|last=Matt|first=Warman|title=Government minister Ed Vaizey questions EU 'right to be forgotten' regulations|url=https://www.telegraph.co.uk/technology/news/9109669/Government-minister-Ed-Vaizey-questions-EU-right-to-be-forgotten-regulations.html|access-date=3 May 2012|newspaper=The Telegraph|date=February 28, 2012}}</ref>
* The Center of Digital Democracy (CDD) anticipated that it would not be easy for the EU to reach an agreement with the Internet service providers<ref name="Grant"/>
* The Center of Digital Democracy (CDD) anticipated that it would not be easy for the EU to reach an agreement with the Internet service providers<ref name="Grant"/>


Line 166: Line 176:


== Opposition to Do Not Track ==
== Opposition to Do Not Track ==

There are some arguments against Do Not Track proposal. Opponents emphasize its economic benefits of online behavioral advertising and its quality of services. According to their arguments:
There are arguments against Do Not Track proposals. Opponents emphasize its economic benefits of online behavioral advertising and its quality of services. According to their arguments:
* Online Behavioral Advertising (OBA) and e-mail are the most effective advertising methods. Privacy regulation can reduce the effectiveness of behavioral advertising. If the effectiveness of OBA deteriorates, the credibility for the effectiveness of advertisement would be diminished, thus hindering entire economic recovery<ref>{{cite journal|title=Ponemon study: Privacy concerns thwart ad spending on behaviorally targeted campaigns|journal=Professional Services Close - up|date=7 May 2010}}</ref><ref>{{cite journal|last=Avi|first=Goldfarb|author2=Catherine E. Tucker|title=Privacy Regulation and Online Advertising|date=Jan 2011}}</ref>
* Online behavioral advertising (OBA) and [[email]] are the most effective advertising methods. Privacy regulation can reduce the effectiveness of behavioral advertising. If the effectiveness of OBA deteriorates, the credibility for the effectiveness of advertisement would be diminished, thus hindering entire economic recovery<ref>{{Cite news |date=2010-05-07 |title=Ponemon Study: Privacy Concerns Thwart Ad Spending on Behaviorally Targeted Campaigns |work=Professional Services Close-up |agency=Close-Up Media, Inc. |url=https://www.proquest.com/docview/818443698 |url-access=subscription |access-date=2023-01-28 |id={{ProQuest|818443698}} |via=ProQuest}}</ref><ref>{{Cite journal |last1=Goldfarb |first1=Avi |last2=Tucker |first2=Catherine E. |date=2011 |title=Privacy Regulation and Online Advertising |url=https://www.proquest.com/docview/904027694 |journal=Management Science |volume=57 |issue=1 |pages=57–71 |doi=10.1287/mnsc.1100.1246 |hdl=1721.1/64920 |id={{ProQuest|904027694}} |url-access=subscription |via=ProQuest |hdl-access=free }}</ref>
* [[Behavioral targeting]] is an essential part of ad network, publisher, and advertiser success. Behavioral targeting advertisement is an important revenue source for publishers and ad networks. Content supported by advertisers is a crucial component of traditional media<ref>{{cite web|last=Howard|first=Beales|title=The Value of Behavioral Targeting|url=http://www.networkadvertising.org/pdfs/Beales_NAI_Study.pdf|access-date=3 May 2012}}</ref>
* [[Behavioral targeting]] is an essential part of ad network, publisher, and advertiser success. Behavioral targeting advertisement is an important revenue source for publishers and ad networks. Content supported by advertisers is a crucial component of traditional media.<ref>{{cite report|last=Beales|first=Howard|title=The Value of Behavioral Targeting|url=https://www.researchgate.net/publication/265266107|access-date=3 May 2012|via=ResearchGate}}</ref>
* Service providers such as [[Google]] collect personal information in order to provide higher-quality service. Moreover, this information collection has been modified reflect changing trends<ref>{{cite web|title=Facebook Founder on Privacy: Public Is the New "Social Norm" (video material)|date=10 January 2010|url=http://mashable.com/2010/01/10/facebook-founder-on-privacy/|publisher=Mashable Social Media|access-date=3 May 2012}}</ref>
* Service providers such as [[Google]] collect personal information in order to provide higher-quality service. Moreover, this information collection has been modified reflect changing trends.<ref>{{cite news |last1=Cashmore |first1=Pete |title=Facebook Founder on Privacy: Public Is the New "Social Norm" |url=https://mashable.com/archive/facebook-founder-on-privacy |work=Mashable |date=2010-01-10}}</ref>


== Reactions of online companies ==
== Reactions of online companies ==
Among the major Internet browsers and search engines, the Do Not Track policy has been quite controversial. For instance, [[Google]]’s contentious change to its privacy settings in 2012, raised questions of how companies would interpret and implement the Do Not Track policy. Also in 2012, [[Microsoft]] implemented a Do Not Track option into its [[Internet Explorer 10]] browser as its default setting, which has instigated a number of public comments and critique from major companies.<ref>{{Cite web|last=Whitney|first=Lance|title=Microsoft ticks off advertisers with IE10 'Do Not Track' policy|url=https://www.cnet.com/news/microsoft-ticks-off-advertisers-with-ie10-do-not-track-policy/|access-date=2022-01-17|website=CNET|language=en}}</ref> Sarah Downey, from Abine Inc., commented on [[Fox Business Network]] that even if you opt-in on the Do Not Track option, advertisers can still collect your data and track your behavior. Abine Inc. created a Do Not Track Plus [[Browser extension|add-on]] that claims to completely block tracking. Downey continues to state that the in-browser Do Not Track option is a more of a "voluntary message" or a "request, not an obligation" to the advertisers not to track you.<ref>{{cite web|title=Companies Ignoring 'Do Not Track' Selections on Web Browsers|url=http://video.foxbusiness.com/v/1926808553001/companies-ignoring-do-not-track-selections-on-web-browsers/#|publisher=Fox Business|access-date=30 October 2012}}</ref>
Among the major Internet browsers and search engines, the Do Not Track policy has been quite controversial. For instance, [[Google]]'s contentious change to its [[privacy settings]] in 2012, raised questions of how companies would interpret and implement the Do Not Track policy. Also in 2012, [[Microsoft]] implemented a Do Not Track option into its [[Internet Explorer 10]] browser as its default setting, which has instigated a number of public comments and critique from major companies.<ref>{{Cite news|last=Whitney|first=Lance|title=Microsoft ticks off advertisers with IE10 'Do Not Track' policy|date=2012-06-01|url=https://www.cnet.com/news/microsoft-ticks-off-advertisers-with-ie10-do-not-track-policy/|access-date=2022-01-17|website=CNET|language=en}}</ref> Sarah Downey, from Abine Inc., commented on [[Fox Business Network]] that even if you opt-in on the Do Not Track option, advertisers can still collect your data and track your behavior. Abine Inc. created a Do Not Track Plus [[Browser extension|add-on]] that claims to completely block tracking. Downey continues to state that the in-browser Do Not Track option is a more of a "voluntary message" or a "request, not an obligation" to the advertisers not to track you.<ref>{{Cite interview |last=Downey |first=Sarah |title=Companies Ignoring 'Do Not Track' Selections on Web Browsers |url=https://video.foxbusiness.com/v/1926808553001# |access-date=2022-01-28 |publisher=Fox News |date=2012-10-26}}</ref>


Furthermore, the Digital Advertising Alliance stated, earlier this year{{When|date=February 2015}} at an industry consortium, that the Do Not Track option should be a “choice actively made by an individual consumer”, in which Microsoft’s new software denies consumers that choice. A [[Yahoo!]] Policy blog post also argues that Microsoft’s decision “degrades the experience for the majority of users and makes it hard to deliver on our value proposition to them”.<ref>{{cite magazine|last=Gilbertson|first=Scott|title=Yahoo, Microsoft Tiff Highlights the Epic Failure of 'Do Not Track'|url=http://www.webmonkey.com/2012/10/yahoo-microsoft-tiff-highlights-the-epic-failure-of-do-not-track/|magazine=Wired|access-date=30 October 2012}}</ref> Executives from [[Dell]], [[IBM]], [[Intel]], [[Visa Inc.|Visa]], [[Verizon]], [[Walmart]], and Yahoo!, one of the initial supporters of the Do Not Track policy, argue that Microsoft should "realign with the broader business community by providing choice through a default of 'off' on your browser's 'do not track' setting".<ref>{{cite news|last=Singer|first=Natasha|title=Do Not Track? Advertisers say 'Dont Tread on Us'|url=https://www.nytimes.com/2012/10/14/technology/do-not-track-movement-is-drawing-advertisers-fire.html|access-date=30 October 2012|newspaper=New York Times|date=13 October 2012}}</ref>
Furthermore, the Digital Advertising Alliance stated, earlier this year{{When|date=February 2015}} at an industry consortium, that the Do Not Track option should be a “choice actively made by an individual consumer”, in which Microsoft's new software denies consumers that choice. A [[Yahoo!]] Policy blog post also argues that Microsoft's decision “degrades the experience for the majority of users and makes it hard to deliver on our value proposition to them”.<ref>{{cite magazine|last=Gilbertson|first=Scott|title=Yahoo, Microsoft Tiff Highlights the Epic Failure of 'Do Not Track'|date=2012-10-29|url=https://www.wired.com/2012/10/yahoo-microsoft-tiff-highlights-the-epic-failure-of-do-not-track/|magazine=Wired|access-date=2023-01-28}}</ref> Executives from [[Dell]], [[IBM]], [[Intel]], [[Visa Inc.|Visa]], [[Verizon]], [[Walmart]], and Yahoo!, one of the initial supporters of the Do Not Track policy, argue that Microsoft should "realign with the broader business community by providing choice through a default of 'off' on your browser's 'do not track' setting".<ref>{{cite news|last=Singer|first=Natasha|title=Do Not Track? Advertisers say 'Don't Tread on Us'|url=https://www.nytimes.com/2012/10/14/technology/do-not-track-movement-is-drawing-advertisers-fire.html|access-date=2012-10-30|newspaper=New York Times|date=2012-10-13}}</ref>


== References ==
== References ==

Latest revision as of 20:13, 31 October 2024

Do Not Track legislation protects Internet users' right to choose whether or not they want to be tracked by third-party websites. It has been called the online version of "Do Not Call".[1] This type of legislation is supported by privacy advocates and opposed by advertisers and services that use tracking information to personalize web content.[2] Do Not Track (DNT) is a formerly official HTTP header field, designed to allow internet users to opt-out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of that data outside its context. Efforts to standardize Do Not Track by the World Wide Web Consortium did not reach their goal and ended in September 2018 due to insufficient deployment and support.

Overview

[edit]

With the development of Internet technology, a large number of people, business entities and organizations heavily interact with each other. For instance, Facebook enables its users to socialize with each other. Google provides e-mail services and entertainment through Gmail and YouTube. Customers pay fees for the services or are exposed to advertisements. While this interaction is processed, users leave a trace of their personal information such as IP address or search history on the internet.

Personal information has become a valuable asset because many business entrepreneurs are utilizing it to implement targeting advertisements or marketing promotions.[3] According to a press release from the Consumer Watchdog, however, there is a growing concern for the rampant collection of personal information.[4][5] Privacy advocates worry about the fact that search engine companies can store and utilize the users' profile, medical history, criminal records, location, and their orientation to implement a marketing strategy. In an effort to alleviate those concerns, several U.S. legislators are trying to enact laws to protect internet users' privacy.

Most U.S. citizens are aware that their online behaviors are being tracked by advertisers, and they are often opposed to this practice. A survey conducted by The Gallup Organization and the USA Today shows 61% of respondents know that some advertisements are shown to them based on their interests. 67% of respondents said that targeting advertisements based on consumers' online behaviors is unallowable, and 61% of respondents argued that online behavior tracking is unjustifiable. 37% of respondents answered they do not want targeting advertisement, 14% said that they would allow those advertisements.[6]

History

[edit]

On December 1, 2010, the U.S. Federal Trade Commission (FTC) published a preliminary report highlighting the consumers' right to prevent websites from tracking their online behaviors.[7] The central plank of the bill was to add a do not track opt-out function to web browsers. The FTC judged that online marketers' pervasive collection of personal information could possibly violate privacy. This issue began to surface again in 2012 after Google announced its new privacy policy. Representatives Edward Markey, Joe Barton, and Cliff Stearns asked the FTC to investigate the legality of Google's change of privacy policy. They sent a letter to the FTC regarding Google's changed privacy policy.[8][9]

United States legislation

[edit]

Do Not Track Act of 2019

[edit]

The most recent legislation was introduced by Senator Josh Hawley in 2019.[9] The bill updates previous efforts to create Do Not Track programs by applying the concept beyond web browsers and to all Internet activity, including mobile applications. The bill would allow individuals to, at a touch of a button, prohibit any company from collecting any more data than is indispensable to providing its service, and the bill would impose strict penalties on any company that violated the act.[10][9]

Do Not Track Me Online Act of 2011

[edit]

The Do Not Track Me Online Act of 2011 attempted to make the FTC set the standards for the use of an online opt-out function in the United States, which allows a consumer to forbid the collection or use of private information and to demand a business entity to comply with the choice of a consumer to opt out of such collection or use.[11] The bill was regarded as an online version of the Do Not Call law which prevents telemarketers from placing a call to individuals who do not want to receive calls from them. This bill also stated that each respective business entity should disclose the current status of personal information collection and whom they share the information with.

According to the Do Not Track Me Online Act of 2011, personal information includes:

  • Name, a postal address or other location, an email address or other user name, a telephone or fax number
  • Government-issued identification numbers like tax identification numbers, passport numbers, or driver's license numbers
  • Financial account number, or credit card or debit card number, or any required security code, access code, or password that is necessary to permit access to an individual's financial account

The bill also forbids data collection about the following:

  • Medical history, physical or mental health, or the provision of health care to the individual
  • Race or ethnicity
  • Religious beliefs and affiliation
  • Sexual orientation or sexual behavior
  • Income, assets, liabilities, or financial records, and other financial information associated with a financial account, including balances and other financial information, except when financial account information is provided by the individual and is used only to process an authorized credit or debit to the account
  • Precise geolocation information and any information about the individual's activities and relationships associated with such geolocation
  • Biometric data, including a fingerprint or retina scan
  • Social Security number

The bill was introduced on February 11, 2011. However, it was not enacted.[12]

California Senate Bill 761

[edit]

California Senate Bill 761 was introduced by Senator Alan Lowenthal on February 18, 2011, and amended by the California Senate on May 10, 2011.[13] The intent of this bill was to forestall shirking of responsibility of corporations' personal information leakage and to strengthen the protection for customers. This bill also included:

  • Levying a fine to companies which do not follow the bill
  • Requiring every company in California to make public the activities such as collection, utilization, and storage of customers' personal information
  • Providing methods to select whether or not to be tracked for the customers

However, on April 27, 2011, several business entities expressed strong opposition to the bill in a letter. The objectors characterized the bill as:[14]

  • Unnecessary
  • Harmful for California's Internet economy and innovation
  • Unworkable and unenforceable
  • Gratuitously singles out advertising companies for special regulation
  • Would have repercussions beyond entities directly regulated by the bill
  • Costly to the state of California
  • Unconstitutional

California Assembly Bill AB 370

[edit]

The state's Assembly and Senate approved the bill (AB 370) that requires commercial websites and online services to disclose how they respond to an Internet browser's "do not track" signals and whether and how third parties collect personally identifiable information from consumers who visit those sites.

THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

SECTION 1. Section 22575 of the Business and Professions Code is amended to read: 22575. (a) An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site, or in the case of an operator of an online service, make that policy available in accordance with paragraph (5) of subdivision (b) of Section 22577. An operator shall be in violation of this subdivision only if the operator fails to post its policy within 30 days after being notified of noncompliance. (b) The privacy policy required by subdivision (a) shall do all of the following:

(1) Identify the categories of personally identifiable information that the operator collects through the Web site or online service about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information.

(2) If the operator maintains a process for an individual consumer who uses or visits its commercial Web site or online service to review and request changes to any of his or her personally identifiable information that is collected through the Web site or online service, provide a description of that process.

(3) Describe the process by which the operator notifies consumers who use or visit its commercial Web site or online service of material changes to the operator’s privacy policy for that Web site or online service.

(4) Identify its effective date.

(5) Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.

(6) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.

(7) An operator may satisfy the requirement of paragraph (5) by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.

Children's Online Privacy Protection Act of 1998

[edit]

Effective April 21, 2000, the Children's Online Privacy Protection Act (COPPA) applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing of those under 13.[15]

Consumer Privacy Protection Act of 2011

[edit]

U.S. Representatives Cliff Stearns and Jim Matheson introduced a bill to improve and protect consumer privacy on April 13, 2011. This bill suggests consumers control the uses of private information collected by websites. This bill also states that consumers should be able to place a limit upon the disclosure of information to third-party websites. According to this bill, websites must prompt a clear and conspicuous notice for customers before collecting personal information which is irrelevant to main transactions.[16] In addition, at the time of the information collection, websites must display their privacy policy to customers. The policy is supposed to clarify the types of information collected, as well as the way the information would be utilized. Websites are also required to provide consumers with the "opt-out" option. Once the customer makes a decision, websites cannot ask him/her to change the opt-out status until at least a year after the customers' choice.

The bill failed to pass beyond the House Committee on Energy and Commerce.

Commercial Privacy Bill of Rights

[edit]

U.S. Senators John Kerry and John McCain announced a bipartisan commercial privacy bill of rights, which they said would be the "first comprehensive privacy law" for the U.S. during a press conference on April 12, 2011.[17][18] The purpose of this bill, which prescribed consumer privacy rights, was to establish a regulatory framework for the comprehensive protection of personal data for individuals.[19] It would have mandated that websites collecting user information on over 5,000 individuals:

  • Implement security measures
  • Provide clear notice to customers
  • Provide opt-out mechanism to users
  • Collect personal information in order only to process a transaction or to enhance the quality of service
  • Discard the information collected after a certain period of time

The bill failed to pass through the Senate's Committee on Commerce, Science, and Transportation.[17]

Do Not Track Online Act of 2011

[edit]

On May 6, 2011, Senator Jay Rockefeller introduced in the U.S. Senate a bill that would forbid online business entities from collecting online users' location information.[20] According to this bill, corporations would have been able to collect user information under apparent consent. The notice on the collection and use of information should be provided to users in a clear, conspicuous, and accurate manner. The bill would have mandated that corporations respect users' denial of information collection and further mandated the FTC punish corporations not following this bill. The bill included civil penalties of $16,000 per day for violations, with a maximum total liability of $15 million.

Do Not Track Kids Act of 2011

[edit]

Representative Edward Markey introduced a bill called the "Do Not Track Kids Act of 2011".[21] This bill requires that online stores should get parents' consent when they collect kids' information. Even though they can collect it, they cannot use it for marketing purposes.[22] The goal of the "Do Not Track Kids Act of 2011" is to strengthen privacy protection for children by:

  • Requiring data brokers to explain the type of information being collected, how the information is used, and policies related to collection of information
  • Mandating online companies to get parents' consent before collecting children's information
  • Preventing online companies from utilizing the collected data for target marketing purposes
  • For parents and children, providing an "erase button" in order to get rid of publicly available information content online

Consumer Privacy Bill of Rights

[edit]

The Obama administration announced that consumers have right to control which companies collect and use their information. The administration also stated that the privacy policy of companies should be transparent and understandable, and hacking and personal information leakage should be completely stopped.[23][24] The Consumer Privacy Bill of Rights advances these objectives by holding that consumers have a right to:

  • Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it
  • Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices
  • Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data
  • Security: Consumers have a right to secure and responsible handling of personal data
  • Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate
  • Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain
  • Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights

The purpose of the Consumer Privacy Bill of Rights is to deter Internet companies from indiscriminate collection of personal information for targeted ads. In response, The Internet companies such as Mozilla, Google, Microsoft, Yahoo!, and AOL promised to provide a "do not track" mechanism so that customers can choose whether they want to participate in online behavioral advertising or not.[25][26] However, the guideline has its limitation that it is not enforceable. The Obama Administration encouraged the United States Congress to grant the Federal Trade Commission the authority to enforce each element of the statutory Consumer Privacy Bill of Rights. Once enacted, Internet companies infringing upon the rights put forth in these guidelines could suffer sanctions from the FTC.

A new Commercial Privacy Bill of Rights

[edit]

"A new Commercial Privacy Bill of Rights" was introduced by Sen. John Kerry and Sen. John McCain.[17]

Federal Trade Commission report

[edit]

In March 2012 the U.S. Federal Trade Commission (FTC) published a report called "Protecting Consumer Privacy in an Era of Rapid Change".[27] FTC Chairman Jon Leibowitz stated that "data brokers have deceived the Internet users” and “we need to focus on that the data brokers have collected personal information without the users knowing it".[28]

The FTC articulated that the purpose of the report was to protect the user privacy which is constantly exposed while surfing the Internet. In addition, the FTC discussed the Do Not Track mechanism and recommended browser vendors to enable users to control the level of personal information tracking by adopting an opt-out function. The Digital Advertising Alliance agreed with the FTC proposal, and it is planning to adopt the opt-out function within 2012.

The FTC also recommends mobile application companies to come up with simple, effective, and approachable privacy protection measures. It also required data brokers to reveal their identities by establishing a centralized website enabling transparent collection of personal information, and to allow users to access personal information collected by data brokers.

The right to be forgotten (European Union)

[edit]

Concept

[edit]

The European Union expressed its concern about the personal information management. On January 25, 2012, Viviane Reding, the vice chairperson of the European Commission, suggested General Data Protection Regulation which is a more strict form than the Directive 95/46/EC is. This is a right to ask service providers to delete the personal information which were collected by data brokers under a users' consent in order to strengthen the user information protection. The right to be forgotten also includes the notion of not to be searched, and extinctive prescription of information.[29]

The regulation recommends service providers to request consent from their users when they deal with sensitive personal information. When failing to comply with the regulation, service providers would be fined up to €1 million or 2% of their sales figures.[30][31]

Reding articulated that change of regulations related to the past Internet environment is inevitable due to the changes of digital circumstances such as technological development and globalization. She also stated that the current credibility of Internet companies is low because of weak personal information management. The proposed law would include the following:

  • Autonomic control of personal information
  • Applicable regulation not only of companies based in the EU area, but also for companies dealing with personal information of EU citizens
  • Request users' apparent consent before collecting personal information
  • A unitary regulation applied to the entire EU
  • Mandatory reporting when information leakage occurs
  • Transferable personal information when users change their Internet service provider

Objection against the statute

[edit]

As a response to the proposal, there are several objections against the statute.

  • Corporations are opposed to it, claiming that the strict internet standard would aggravate the economic situation of EU and retard the development of the Internet industry[32]
  • Edward Vaizey, the Minister for Culture, Communications and Creative Industries in UK, raised doubt on how they can implement the “right to be forgotten” since it is easy to replicate the original copy of content on the Internet[33]
  • The Center of Digital Democracy (CDD) anticipated that it would not be easy for the EU to reach an agreement with the Internet service providers[32]

Discard of resident registration numbers (South Korea)

[edit]

Concept

[edit]

The resident registration numbers (RRN) have been used for online identification purposes in South Korea. The Korea Communications Commission introduced a law preventing the Internet websites which have more than 10,000 daily active users from collecting and using RRN; it took effect on August 18, 2012. The range of law will be extended to every website in 2013.[34]

Objection against the statute

[edit]

However, there are arguments against this law:[35]

  • RRN is required to be presented in order to identify users as a way of protecting vulnerable users such as teenagers or the handicapped from indecent content
  • RRN is widely used for online transactions but there are no suitable alternatives
  • Preparing systems for other verification methods such as i-PIN or authentication certificate can lay an economic burden on service providers

Opposition to Do Not Track

[edit]

There are arguments against Do Not Track proposals. Opponents emphasize its economic benefits of online behavioral advertising and its quality of services. According to their arguments:

  • Online behavioral advertising (OBA) and email are the most effective advertising methods. Privacy regulation can reduce the effectiveness of behavioral advertising. If the effectiveness of OBA deteriorates, the credibility for the effectiveness of advertisement would be diminished, thus hindering entire economic recovery[36][37]
  • Behavioral targeting is an essential part of ad network, publisher, and advertiser success. Behavioral targeting advertisement is an important revenue source for publishers and ad networks. Content supported by advertisers is a crucial component of traditional media.[38]
  • Service providers such as Google collect personal information in order to provide higher-quality service. Moreover, this information collection has been modified reflect changing trends.[39]

Reactions of online companies

[edit]

Among the major Internet browsers and search engines, the Do Not Track policy has been quite controversial. For instance, Google's contentious change to its privacy settings in 2012, raised questions of how companies would interpret and implement the Do Not Track policy. Also in 2012, Microsoft implemented a Do Not Track option into its Internet Explorer 10 browser as its default setting, which has instigated a number of public comments and critique from major companies.[40] Sarah Downey, from Abine Inc., commented on Fox Business Network that even if you opt-in on the Do Not Track option, advertisers can still collect your data and track your behavior. Abine Inc. created a Do Not Track Plus add-on that claims to completely block tracking. Downey continues to state that the in-browser Do Not Track option is a more of a "voluntary message" or a "request, not an obligation" to the advertisers not to track you.[41]

Furthermore, the Digital Advertising Alliance stated, earlier this year[when?] at an industry consortium, that the Do Not Track option should be a “choice actively made by an individual consumer”, in which Microsoft's new software denies consumers that choice. A Yahoo! Policy blog post also argues that Microsoft's decision “degrades the experience for the majority of users and makes it hard to deliver on our value proposition to them”.[42] Executives from Dell, IBM, Intel, Visa, Verizon, Walmart, and Yahoo!, one of the initial supporters of the Do Not Track policy, argue that Microsoft should "realign with the broader business community by providing choice through a default of 'off' on your browser's 'do not track' setting".[43]

References

[edit]
  1. ^ Linsey, Davis (December 2, 2012). "Do Not Track: The Online Version of 'Do Not Call'". ABC News. Archived from the original (Flash video) on July 27, 2013. Retrieved May 1, 2012.
  2. ^ Chmielewski, Dawn (January 4, 2016). "How 'Do Not Track' Ended Up Going Nowhere". Vox. Archived from the original on July 10, 2019. Retrieved October 24, 2020.
  3. ^ Mulconrey, Brian (October 2005). "Your personal information: Managing your most valuable asset". The Futurist. 39 (5): 24–27. ProQuest 218577140 – via ProQuest.
  4. ^ Simpson, John M. (July 27, 2010). "Consumer Watchdog poll finds concern about Google's Wi-Spy snooping". Inside Google. Consumer Watchdog. Retrieved January 28, 2023.
  5. ^ Dye, Jessica (February 19, 2009). "Consumer Privacy Advocates Seek Search Engine Solution". EContent Magazine (March 2009). Archived from the original on May 1, 2015. Retrieved January 28, 2023.
  6. ^ Morales, Lymari (December 21, 2010). "U.S. Internet Users Ready to Limit Online Tracking for Ads". Gallup Economy. Retrieved May 1, 2012.
  7. ^ "FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers" (Press release). Federal Trade Commission. December 1, 2010. Retrieved January 28, 2023.
  8. ^ Markey, Edward J.; Barton, Joe; Stearns, Cliff (February 17, 2012). "Letter to FTC regarding Google" (PDF). markey.house.gov. U.S. House of Representatives. Archived from the original (PDF) on October 30, 2012. Retrieved January 28, 2023.
  9. ^ a b c Hawley, Josh (May 21, 2019). "S.1578 - Do Not Track Act". congress.gov. U.S. Congress. Retrieved January 28, 2023.
  10. ^ "Senator Hawley to Introduce Legislation to Give the American People a "Do Not Track" Option" (Press release). Josh Hawley. May 20, 2019.
  11. ^ Speier, Jackie (February 11, 2011). "H.R. 654 Do Not Track Me Online Act" (PDF). GovInfo. U.S. Government Publishing Office. Retrieved January 28, 2023.
  12. ^ "H.R. 654 (112th): Do Not Track Me Online Act". GovTrack.us. Retrieved January 28, 2023.
  13. ^ Lowenthal, Alan (February 18, 2011). "SB-761 Computer spyware". California Legislative Information. California Legislature. Retrieved January 28, 2023.
  14. ^ "Letter from over 30 organizations to Senator Lowenthal opposing SB 761" (PDF). Ars Technica. April 27, 2011. Archived from the original (PDF) on April 23, 2013. Retrieved January 28, 2023.
  15. ^ "Complying with COPPA: Frequently Asked Questions". FTC Business Center. Federal Trade Commission. March 20, 2015. Retrieved June 22, 2016.
  16. ^ Stearns, Cliff (April 13, 2011). "H.R.1528 - Consumer Privacy Protection Act of 2011". congress.gov. U.S. Congress. Retrieved January 28, 2022.
  17. ^ a b c Kerry, John; McCain, John (April 12, 2011). "S.799 - Commercial Privacy Bill of Rights Act of 2011". congress.gov. U.S. Congress. Retrieved January 28, 2023.
  18. ^ "Introducing the Commercial Privacy Bill of Rights (press conference)". Archived from the original on April 17, 2011. Retrieved May 3, 2012.
  19. ^ Angwin, Julia (April 13, 2011). "Senators Offer Privacy Bill to Protect Personal Data". Wall Street Journal. Retrieved January 28, 2023.
  20. ^ Rockefeller, John D. (May 9, 2011). "S.913 - Do-Not-Track Online Act of 2011". congress.gov. U.S. Congress. Retrieved January 28, 2023.
  21. ^ Rep. Ed Markey (D-MA), "Do Not Track Kids Act of 2011" (May 5, 2011). Archived 2012-05-26 at the Wayback Machine
  22. ^ "Protecting Children's Privacy in an Electronic World (Statement at Hearing)". YouTube. Retrieved May 2, 2012.
  23. ^ David, Goldman (February 23, 2012). "White House pushes online privacy bill of rights". CNN Money. Retrieved May 2, 2012.
  24. ^ The White House, "Consumer Privacy Data in a Networked World" (Feb 23, 2012), https://obamawhitehouse.archives.gov/sites/default/files/privacy-final.pdf
  25. ^ Rainey, Reitman (January 24, 2011). "Mozilla Leads the Way on Do Not Track". Electronic Frontier Foundation. Retrieved May 3, 2012.
  26. ^ Jennifer, Valentino-DeVries (March 29, 2012). "Yahoo to Implement 'Do Not Track' Mechanism". The Wall Street Journal. Retrieved May 2, 2012.
  27. ^ "Protecting Consumer Privacy in an Era of Rapid Change" (PDF). Federal Trade Commission. March 2012. Retrieved May 3, 2012.
  28. ^ Gerry, Smith (March 26, 2012). "Consumer Privacy Defended In FTC's Caution To Congress On Data Brokers". Huffington Post. Retrieved May 2, 2012.
  29. ^ European Commission, "Proposal for a Regulation of the European Parliament and of the Council", (January 25, 2012). Archived 2012-03-07 at the Wayback Machine
  30. ^ "Fines / Penalties". gdpr-info.eu. Intersoft Consulting. Retrieved October 30, 2020.
  31. ^ "Factsheet on the "Right to be Forgotten" ruling" (PDF). Privacy & Information Security Law Blog. Archived (PDF) from the original on October 6, 2022. Retrieved January 28, 2022.
  32. ^ a b Grant, Gross (January 25, 2012). "Critics: EU's proposed data protection rules could hinder Internet". ComputerWorld. Retrieved May 3, 2012.
  33. ^ Matt, Warman (February 28, 2012). "Government minister Ed Vaizey questions EU 'right to be forgotten' regulations". The Telegraph. Retrieved May 3, 2012.
  34. ^ Shin, Inkyu (December 29, 2011). "인터넷서 주민번호 사라진다". 한국경제. Retrieved May 3, 2012.
  35. ^ Jeong, Bora (March 21, 2012). ""주민번호 본인 확인을 다시 허하라"…왜?". Bloter.net. Retrieved May 3, 2012.
  36. ^ "Ponemon Study: Privacy Concerns Thwart Ad Spending on Behaviorally Targeted Campaigns". Professional Services Close-up. Close-Up Media, Inc. May 7, 2010. ProQuest 818443698. Retrieved January 28, 2023 – via ProQuest.
  37. ^ Goldfarb, Avi; Tucker, Catherine E. (2011). "Privacy Regulation and Online Advertising". Management Science. 57 (1): 57–71. doi:10.1287/mnsc.1100.1246. hdl:1721.1/64920. ProQuest 904027694 – via ProQuest.
  38. ^ Beales, Howard. The Value of Behavioral Targeting (Report). Retrieved May 3, 2012 – via ResearchGate.
  39. ^ Cashmore, Pete (January 10, 2010). "Facebook Founder on Privacy: Public Is the New "Social Norm"". Mashable.
  40. ^ Whitney, Lance (June 1, 2012). "Microsoft ticks off advertisers with IE10 'Do Not Track' policy". CNET. Retrieved January 17, 2022.
  41. ^ Downey, Sarah (October 26, 2012). "Companies Ignoring 'Do Not Track' Selections on Web Browsers" (Interview). Fox News. Retrieved January 28, 2022.
  42. ^ Gilbertson, Scott (October 29, 2012). "Yahoo, Microsoft Tiff Highlights the Epic Failure of 'Do Not Track'". Wired. Retrieved January 28, 2023.
  43. ^ Singer, Natasha (October 13, 2012). "Do Not Track? Advertisers say 'Don't Tread on Us'". New York Times. Retrieved October 30, 2012.