Everything You Need to Know About the Do-Not-Track Act of 2019

June 6, 2019

Online advertisement has raised privacy concerns practically since the dawn of the internet, and these concerns have grown increasingly dire since the introduction of targeted ads. While it’s true that sites and apps will need to collect some data from users for certain services to work properly, it’s incredibly common for secondary data to be collected to track users and target them with specific ads. This is private data that is collected from people, and there is no meaningful way to opt in or out of the process. Many believe that putting a stop to this is long overdue.

Do-Not-Track browser settings

Most browsers have a Do Not Track setting that sounds like it would prevent websites from tracking users or collecting their secondary data. This assumption is incorrect, however, as there is no law that explicitly forces websites to honor this setting. As such, most simply choose to ignore it. It is estimated that approximately 25 percent of internet users worldwide have Do Not Track selected in their browser settings, and the vast majority of tech companies are disrespecting their decision, arguably violating user rights. While passing comprehensive internet privacy laws will be a time consuming process, there are some simpler regulations that could be enforced in the meantime.

Reviving the privacy conversation
The Do Not Track browser setting has existed since 2009, but because advertisers and big tech companies were unable to reach an agreement on how to treat the opt-out option, any attempts at setting true online privacy standards were basically abandoned. As such, no meaningful progress has been made since. After years of stalling, that may be about to change.

Just last month, Gabriel Weinberg drafted a potential bill as part of his efforts to revive the privacy conversation and establish a proper Do Not Track law. Weinberg is the CEO of the privacy-first search engine DuckDuckGo, which has been dedicated to establishing better privacy online standards for over a decade. The search engine promises not to use cookies to track users and states that it doesn’t collect any personal information—not even IP addresses. Much of the search engine’s early life was spent in obscurity, but it has been growing rapidly, along with privacy concerns, since 2016.

The “bill” proposed by Weinberg is really more of a suggested road map for future privacy legislation. His proposition would significantly limit how websites could use personal information by disabling third-party tracking on default in browsers, meaning that third-party giants like Google and Facebook would no longer be able to collect and use browser history without user consent. This would also prevent first-party tracking outside of what is absolutely necessary. For example, an app may need your location to function properly, but it would no longer be able to share or sell your location history for other purposes. The full version of Weinberg’s proposed bill can be found here.

Chances in Congress
Weinberg believes his proposed bill to be the simplest way to allow web users to opt out of virtually all online tracking, but it has been largely viewed as a long shot since he came forward. With no interested lawmakers actually signed on, combined with the fact that such propositions have been repeatedly stalled in Congress, it looked like the most this “bill” could do was to get people talking about online privacy again. That is, until Sen. Josh Hawley introduced a similar Do Not Track Act.

The Missouri senator has been outspoken against Facebook, Google, and other tech giants and believes making improvements to the Children’s Online Privacy Protection Act (COPPA) is a great way to start changing online privacy as a whole.

Hawley’s Do Not Track Act seeks to allow users to opt out of any and all secondary data tracking that isn’t necessary for a service to function properly. It further seeks to penalize any companies that would continue collecting unnecessary data. This new bill would punish companies who ignore Do Not Track browser signals by imposing fines up to $1,000 per day per person as long as the total exceeds $100,000. Even if a company unknowingly collected data against the will of their users, they could be fined $50 a day per person. A full version of Hawley’s bill is available on his site.

If lawmakers can continue to push some version of the Do Not Track Act and keep online privacy in the public discourse, enacting meaningful changes to online privacy standards may not be such a long shot after all.

Future accountability
Even if Do Not Track is more successful now than it has been in years past, it is uncertain where responsibilities will lie to enforce it. It’s likely that some responsibility for user privacy will rest with ISPs while others will rest with site operators or app administrators. No matter what happens, companies that collect and use data ethically will minimize their chances of scandals and maximize their chances for success.!