Europe Wants U.S.-Style ‘Do Not Track’ Standard

One month after a deadline by which European states must make most kinds of online data collection – including by cookies – opt-in, only five countries have begun to implement the measure.

“The commission will use its full powers against member states that delay,” the European Commission’s digital agenda VP Neelie Kroes warned at a Brussels workshop on tracking protection on Wednesday, after the measure was introduced in a recent ePrivacy Directive update.

But, despite the non-compliance, Kroes is already casting her privacy net much wider

“Tracking can be used for other things apart from targeting ads, tracking can also be done in other ways than through cookies,” Kroes acknowledged at the workshop.

“Therefore, we need a broader discussion … More specifically, I think we should collectively pay more attention to the emerging ‘do-not-track’ technologies – or DNT for short.

“DNT is simple: users can instruct their device or application to accompany all network requests with an indication that they do not want to be tracked. Service providers need to react to such explicit requests.

“DNT is already deployed in some web browsers. And some web businesses say they honour it. But this is not enough. Citizens need to be sure what exactly companies commit to if they say they honour DNT.

“For example, there is an important difference between a commitment not to record tracks and a commitment not to use them for a specific purpose once recorded. When this is solved more users will deploy DNT – and it will become simpler – and companies will go along. So we are looking at a virtuous circle.

How do we get there? We need a standard! We need to standardise how the DNT signal and the expected reaction should look. The standard must be rich enough for users to know exactly what compliant companies do with their information and for me to be able to say to industry: if you implement this, then I can assume you comply with your legal obligations under the ePrivacy Directive.”

This is the first time Kroes – formerly the EC competition commissioner who fined Microsoft (NSDQ: MSFT) hundreds of millions – has lumped privacy solutions under “Do Not Track” – a catch-all title which refers to a formal technical solution under discussion in the United States Congress and Federal Trade Commission.

That suggests that the European Commission, which routinely takes a pace-setting pro-active stance on digital privacy in consumers’ interests, may be playing catch-up to the U.S. this time. Kroes’ own tweets suggest a trans-atlantic harmony on the idea…


The problem for Kroes – the ePrivacy Directive has only just been implemented and lacks any reference to “Do Not Track”. Playing a rare catch-up to U.S. legislators on this front may be difficult.

Kroes wants the industry in member states to initiate the standard by self-regulation by 2012. Normally, the industry should expect Kroes to draft her own legislative framework if it fails to do so – but the recent protracted ePrivacy Directive development may have exhausted legislative will on the topic for now. Or perhaps a new run at a formal “Do Not Track” will give help bring along the nations who are not in compliance with the directive.

The directive’s existing measures are already having some effect – according to early data from one website which has adhered to the cookie ruling, tracked visits have fallen by a hefty 90 percent.

Under the U.S. Do Not Track proposal, websites would automatically disable collection of user data unless given user consent in a new binary HTTP header field. It has already been implemented in Firefox 4 and later and Internet Explorer 9.

See our other story this week for more on European Commission privacy measures.