After six months of being held up by the lumbering technology world, agile lawmakers see an end in sight. Wait, what?
Since California passed California Assembly Bill 370, commonly referred to as “Do Not Track” legislation, website operators have been struggling to determine what compliance entails. This is particularly troubling considering the law has been effective since January 1, 2014.
As our firm reported in 2013, the new law requires website operators to disclose whether the operator will honor “do not track” signals from Web browsers. The issue is that the World Wide Web Consortium—the body responsible for developing standards in this space—has failed to establish agreeable specifications for a uniform “do not track” Web browser mechanism. Such a mechanism would allow a consumer to universally opt out of Web tracking over time and across websites.
The end result is that we have a law on the books that requires disclosures like this:
“Because there is not yet a common understanding of how to interpret Web browser–based ‘Do Not Track’ signals, we do not currently respond to undefined ‘DNT’ signals.”
Thanks for that.
There appears, however, to be guidance on the horizon. The World Wide Web Consortium's Tracking Protection Working Group set forth a “technical preference expression” specification for last call. This means that the group is looking for third-party review and feedback on any technical problems for the proposed technical definition of “do not track” signals. Feedback will be accepted until June 18, when the group will either decide to adopt the specification or make further revisions.
There is still a long journey ahead in the “Do Not Track” arena, including finalizing the specifications and the standards that will follow, which are penciled in for mid-2015. Still, this is a first step, and companies should consider wording their privacy policies in a manner that complies with the California legislation but still remains flexible through the standards adoption process.