Online Privacy, Do Not Track, and the “Post-Cookie” World: New Guidance from the IAB

115562673_03b7fceea6_nEven as website owners and operators struggle with how to comply with recent changes to the law governing Online Privacy Policies, changes to the underlying technology are in the works, bringing about the so-called “Post-Cookie World” and begging the question of how to adapt your online privacy policy to meet this new technology. I won’t pretend to understand the intricacies of cookie or post-cookie technology; my concern is drafting online privacy policies for my clients that adequately address whatever technology is currently in vogue and understanding just enough of it to do so.

In an effort to understand the underlying technology just enough to be dangerous (and glean some drafting principles that may follow from it), I recently came across guiding principles for developing cookie replacement technology published by the Interactive Advertising Bureau (“IAB”) entitled “Privacy and Tracking in a Post-Cookie World.” In developing its guiding principles, the IAB begins by “Imagining a world where HTTP cookies were never invented” and suggests that, in developing alternatives to the cookie for tracking consumers, it is important to bear in mind what the consumer wants.  In my experience dealing with regulators who have no concept of something being outside their regulatory authority (particularly with consumers complaining to them), the IAB is correct that a proactive approach could keep the regulatory wolves at bay:

With consumer concerns comes the very real prospect of regulatory intervention. Regulators are taking a close look at current practices and considering legislation to address consumer demand for increased transparency and choice, such as the FTCs recommendation for a “Do Not Track mechanism. As the appetite for intervention grows, the digital advertising industry faces increasing operational and compliance costs as regulatory measures become reality. To avoid these burdens on all sides, the industry is searching for solutions that can ease consumer and regulator concerns while proactively addressing current state management needs. Major browsers have also used “Do Not Track” settings (Internet Explorer) or are considering blocking all third party cookies (Firefox) as a mechanism for showing alignment with consumer’s concerns. .

Recognizing the burden of compliance with existing privacy policy initiatives such as California’s new rule relating to “Do Not Track” disclosures in online privacy policies (discussed here) and the critical role of consumer needs and concerns, the IAB suggests considering guiding principals such the following in considering and developing alternatives to the cookie:

  • Provide consumers with a single privacy dashboard where they can see what is stored about them and where it is stored.
  • Provide consumers a universal privacy view where they can read about them, and where, across all domains and services (a place where they can say yes or no to everyone).
  • Provide consumers with comprehensive control over the sharing of their private information (allowing them to opt-in, modify, purge, or opt-out of data collection or transfer, across all parties).
  • Allow consumer preferences to persist across their entire Internet experience (across all domains, apps, services, browsers, etc.)
  • Provide a simple and easy way for consumers to identify those actors who do not comply with their wishes.

The white paper outlines other principles from the perspective of publishers, content creators, and industry third parties. For the truly geekly among us, have at it. For the rest of us, what is significant is the recommendation that consumer preferences play a major role in the successor to the cookie, which may give us all more control over our online privacy and may ultimately render certain provisions of online privacy policies (including the “Do Not Track” disclosure) moot (the consumer will be in the driver’s seat). In the meantime, as new technologies develop, it is important for us to consider whether and how these new developments may impact the language of those policies.

fine printCovering my bases: There is no legal advice contained in this post. Legal advice entails applying the law to specific facts. I don’t know what your facts are and any resemblance to them here is purely coincidental. Instead, this post is meant to provide general information, which may or may not be complete and accurate. If you need legal guidance, please feel free to contact me using the contact information on my firm’s web site – www.salberglaw.com.

 

Leave a Reply

Your email address will not be published. Required fields are marked *