Do Not Track legislation


Do Not Track legislation protects Internet users' right to choose whether or not they want to be tracked by third-party websites. It has been called the online version of "Do Not Call". This type of legislation is supported by privacy advocates and opposed by advertisers and services that use tracking information to personalize web content. Do Not Track is a formerly official HTTP header field, designed to allow internet users to opt-out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of that data outside its context. Efforts to standardize Do Not Track by the World Wide Web Consortium did not reach their goal and ended in September 2018 due to insufficient deployment and support.

Overview

With the development of Internet technology, a large number of people, business entities and organizations heavily interact with each other. For instance, Facebook enables its users to socialize with each other. Google provides e-mail services and entertainment through Gmail and YouTube. Customers pay fees for the services or are exposed to advertisements. While this interaction is processed, users leave a trace of their personal information such as IP address or search history on the internet.
Personal information has become a valuable asset because many business entrepreneurs are utilizing it to implement targeting advertisements or marketing promotions. According to a press release from the Consumer Watchdog, however, there is a growing concern for the rampant collection of personal information. Privacy advocates worry about the fact that search engine companies can store and utilize the users' profile, medical history, criminal records, location, and their orientation to implement a marketing strategy. In an effort to alleviate those concerns, several U.S. legislators are trying to enact laws to protect internet users' privacy.
Most U.S. citizens are aware that their online behaviors are being tracked by advertisers, and they are often opposed to this practice. A survey conducted by The Gallup Organization and the USA Today shows 61% of respondents know that some advertisements are shown to them based on their interests. 67% of respondents said that targeting advertisements based on consumers' online behaviors is unallowable, and 61% of respondents argued that online behavior tracking is unjustifiable. 37% of respondents answered they do not want targeting advertisement, 14% said that they would allow those advertisements.

History

On December 1, 2010, the U.S. Federal Trade Commission published a preliminary report highlighting the consumers' right to prevent websites from tracking their online behaviors. The central plank of the bill was to add a do not track opt-out function to web browsers. The FTC judged that online marketers' pervasive collection of personal information could possibly violate privacy. This issue began to surface again in 2012 after Google announced its new privacy policy. Representatives Edward Markey, Joe Barton, and Cliff Stearns asked the FTC to investigate the legality of Google's change of privacy policy. They sent a letter to the FTC regarding Google's changed privacy policy.

United States legislation

Do Not Track Act of 2019

The most recent legislation was introduced by Senator Josh Hawley in 2019. The bill updates previous efforts to create Do Not Track programs by applying the concept beyond web browsers and to all Internet activity, including mobile applications. The bill would allow individuals to, at a touch of a button, prohibit any company from collecting any more data than is indispensable to providing its service, and the bill would impose strict penalties on any company that violated the act.

Do Not Track Me Online Act of 2011

The Do Not Track Me Online Act of 2011 attempted to make the FTC set the standards for the use of an online opt-out function in the United States, which allows a consumer to forbid the collection or use of private information and to demand a business entity to comply with the choice of a consumer to opt out of such collection or use. The bill was regarded as an online version of the Do Not Call law which prevents telemarketers from placing a call to individuals who do not want to receive calls from them. This bill also stated that each respective business entity should disclose the current status of personal information collection and whom they share the information with.
According to the Do Not Track Me Online Act of 2011, personal information includes:
  • Name, a postal address or other location, an email address or other user name, a telephone or fax number
  • Government-issued identification numbers like tax identification numbers, passport numbers, or driver's license numbers
  • Financial account number, or credit card or debit card number, or any required security code, access code, or password that is necessary to permit access to an individual's financial account
The bill also forbids data collection about the following:
  • Medical history, physical or mental health, or the provision of health care to the individual
  • Race or ethnicity
  • Religious beliefs and affiliation
  • Sexual orientation or sexual behavior
  • Income, assets, liabilities, or financial records, and other financial information associated with a financial account, including balances and other financial information, except when financial account information is provided by the individual and is used only to process an authorized credit or debit to the account
  • Precise geolocation information and any information about the individual's activities and relationships associated with such geolocation
  • Biometric data, including a fingerprint or retina scan
  • Social Security number
The bill was introduced on February 11, 2011. However, it was not enacted.

California Senate Bill 761

Bill 761 was introduced by Senator Alan Lowenthal on February 18, 2011, and amended by the California Senate on May 10, 2011. The intent of this bill was to forestall shirking of responsibility of corporations' personal information leakage and to strengthen the protection for customers. This bill also included:
  • Levying a fine to companies which do not follow the bill
  • Requiring every company in California to make public the activities such as collection, utilization, and storage of customers' personal information
  • Providing methods to select whether or not to be tracked for the customers
However, on April 27, 2011, several business entities expressed strong opposition to the bill in a letter. The objectors characterized the bill as:
  • Unnecessary
  • Harmful for California's Internet economy and innovation
  • Unworkable and unenforceable
  • Gratuitously singles out advertising companies for special regulation
  • Would have repercussions beyond entities directly regulated by the bill
  • Costly to the state of California
  • Unconstitutional

    California Assembly Bill AB 370

The state's Assembly and Senate approved the bill that requires commercial websites and online services to disclose how they respond to a web browser's "do not track" signals and whether and how third parties collect personally identifiable information from consumers who visit those sites.

Children's Online Privacy Protection Act of 1998

Effective April 21, 2000, the Children's Online Privacy Protection Act applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age. It details what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing of those under 13.

Consumer Privacy Protection Act of 2011

U.S. Representatives Cliff Stearns and Jim Matheson introduced a bill to improve and protect consumer privacy on April 13, 2011. This bill suggests consumers control the uses of private information collected by websites. This bill also states that consumers should be able to place a limit upon the disclosure of information to third-party websites. According to this bill, websites must prompt a clear and conspicuous notice for customers before collecting personal information which is irrelevant to main transactions. In addition, at the time of the information collection, websites must display their privacy policy to customers. The policy is supposed to clarify the types of information collected, as well as the way the information would be utilized. Websites are also required to provide consumers with the "opt-out" option. Once the customer makes a decision, websites cannot ask him/her to change the opt-out status until at least a year after the customers' choice.
The bill failed to pass beyond the House Committee on Energy and Commerce.

Commercial Privacy Bill of Rights

U.S. Senators John Kerry and John McCain announced a bipartisan commercial privacy bill of rights, which they said would be the "first comprehensive privacy law" for the U.S. during a press conference on April 12, 2011.
The purpose of this bill, which prescribed consumer privacy rights, was to establish a regulatory framework for the comprehensive protection of personal data for individuals. It would have mandated that websites collecting user information on over 5,000 individuals:
  • Implement security measures
  • Provide clear notice to customers
  • Provide opt-out mechanism to users
  • Collect personal information in order only to process a transaction or to enhance the quality of service
  • Discard the information collected after a certain period of time
The bill failed to pass through the Senate's Committee on Commerce, Science, and Transportation.