Do Not Track at W3C
Over the last year, W3C has ramped up its activities in the privacy space: Within the context of the PrimeLife project, we've looked at privacy considerations for device APIs, at policy languages, and we've taken a look at the broader Web and Internet privacy picture together with the Internet Society, the Internet Architecture Board, and some colleagues from MIT. As part of our strategic planning exercise, we have committed to further increase our focus on the topic.
All of this reflects an increasing interest in privacy in the broader Web and policy community.
As part of that larger online privacy debate, the discussion about online tracking (for example for behavioral advertising) and possible countermeasures has picked up a lot of steam. We have seen this discussion reflected in policy papers from the FTC and the Department of Commerce. We have seen it in the advocacy by the donottrack.us community. We see "do not track" appear in various policy discussions.
We have also seen this discussion reflected in various recent announcements from browser vendors about code deployments. To name just a few:
- Microsoft announced the inclusion of anti-tracking technology based on tracking protection lists in IE9
- Mozilla announced support for a "do not track" header.
- Google released a browser extension that permits users to persist opt-out cookies.
One striking observation for most of these technologies is the relative simplicity of the technical approach, and the complexity of defining what the real meaning of "Do Not Track" is, on a global Internet.
Today, we have acknowledged the Web Tracking Protection member submission from Microsoft. The submission proposes to standardize two elements: Filter lists that can prevent user agents from making requests to known Web servers that track users, and a do not track user preference that is exposed both as an HTTP header and a DOM property.
As always for a Member Submission, we've written a formal Team Comment that summarizes the submission and outlines next steps.
In this case, the next step will be a W3C workshop: On 28 and 29 April, Princeton University will host us for a day and a half of discussion about what Recommendation-track work W3C should start in this area. We expect to publish a Call for Participation shortly. Why a workshop? As we move forward in this space, we aim to build a broad consensus. We think that this is a topic that affects a broad range of stakeholders in the Web ecosystem: Vendors, Web site operators, privacy advocates, but also those who make use of user tracking to provide their services.
We'll aim to have these various stakeholders in the room in Princeton. Meanwhile, please join the discussion on the public-privacy@w3.org mailing list (public archive; subscribe to this list).
Update, 2011-03-03: The call for participation is now published.
I applaud W3c and Microsoft for this move. User privacy and accessibility are areas that don't get enough attention, but are critically important.
Thank you
I think there is a right to track, and also a right to opt out of being tracked. Let us hope that the W3C can find a standard which does not over complicate the web and at the same time protects the rights of all parties involved.
As part of addressing "Do Not Track" it's important to consider the broader privacy picture which includes both the hidden tracking done largely by 3rd parties as well as the more overt tracking and sharing done on the explicit data provided by users to services. We at Abine welcome participating in bringing the discussion to the next level. There are many nuances to consider, both in definition/scope and in user experience/control that are critical.
Please fix the IAB link: s/iab.net/iab.org/ While at it please also fix the feedback link
http://www.w3.org/QA/IG/#contact at the top of the blog template, it goes to a page telling
me that the Quality Assurance Interest Group is now closed.