What is Do-Not-Track?
- Do-Not-Track (DNT) is a framework unveiled in Dec 2010 by the FTC setting guidelines for providing consumers with notice and choice about data collection.
What are the key elements of the framework?
- The FTC spelled out three key elements:
- reduce the burden on consumers to seek out and “choose” privacy protective data practices,
- give consumers meaningful privacy options while preserving beneficial uses of data, and
- improve consumer understanding.
- In doing so, the FTC also called out the following:
- businesses should be able to engage in certain “commonly accepted practices” without seeking consumer consent
- allowing for the scalability of privacy practices based on the sensitivity of data and its intended use
Who does DNT apply to?
- All commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or other device
- However, the FTC specifically carved out an exception for first party commonly accepted practices.
- The FTC also calls out that service providers acting on behalf of another company fall under the rules for that company, as long as they do not make further use of the data.
What are “commonly accepted practices”?
- The FTC specifically calls out the following:
- Product and service fulfillment – e.g. information necessary to ship a product.
- Internal operations – e.g. customer satisfaction survey, visit and click-through rates collected to improve site navigation
- Fraud prevention
- Legal compliance – e.g. responding to subpoenas
- First-party marketing
What type of data is covered?
- The FTC recognized that the line between personally identifiable information (PII) and non-PII data has blurred, and that DNT should apply to all data.
- However, it is also clear that privacy practices should be commensurate to the sensitivity of the data. In the FTC’s own words: “companies that collect and use small amounts of non-sensitive consumer data should not have to devote the same level of resources to implementing privacy programs as companies that collect vast amounts of consumer data or data of a sensitive nature.”
When do companies have to comply?
- The FTC framework remains at the stage of a proposal, and no laws have been passed requiring implementation. Businesses should therefore consider this framework as guidance toward best practices, rather than legal requirements.
What does this all means for Webtrends customers?
- Our customers use Webtrends products to understand and optimize consumer’s use of their web properties. This activity is strictly first party marketing and therefore excluded from DNT choice requirements.
- Privacy concerns are real and transparency toward consumers and visitors to web site will benefit business in the long term. Moreover, for companies conducting businesses internationally, regulatory requirements in other jurisdiction can render these practices mandatory. Webtrends therefore recommends that companies follow privacy best practices.
- If you collect personally identifiable information, provide your customers with a means to opt out. For customers who do not opt out, provide a means to review the information collected and correct it if needed.