1 / 28

Do Not Track: A Guide for Information Technology Professionals

Do Not Track: A Guide for Information Technology Professionals. Anna Long Founder and Principal Analyst Web Analytica SM. Agenda. Online privacy and Do Not Track initiatives What do CMG members think about tracking issues? What can you do to prepare?. 1 - 2.

amanda-cherry
Download Presentation

Do Not Track: A Guide for Information Technology Professionals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Do Not Track: A Guide for Information Technology Professionals Anna Long Founder and Principal Analyst Web AnalyticaSM

  2. Agenda Online privacy and Do Not Track initiatives What do CMG members think about tracking issues? What can you do to prepare? 1 - 2

  3. Online Privacy – What’s the Problem? • In the past eighteen months: • The Wall Street Journal, The New York Times, Time Magazine, and other news organizations have written articles raising concerns about abuse of privacy online. • The Privacy Rights Clearinghouse, Consumer Watchdog, Consumer Action, and the Center for Digital Democracy have voice concerns about online privacy. • Politicians and regulators in the US and other regions have conducted studies, held hearings, and introduced legislation attempting to address online privacy violations.

  4. Technology’s Impact on Privacy March 18, 1992 Concerns about technology’s impact on privacy pre-date the commercialization of the World Wide Web. 4

  5. Technology’s Impact on Privacy “A new protocol being developed by the Internet Engineering Task Force (IETF) has raised privacy concerns. Internet Protocol Version 6 (IPv6) is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol (IPv4)... “The new addressing structure, however, may mean that every packet can be traced back to each user's unique network interface card ID… That information... forms the basis of the privacy concerns raised by some observers of the IETF process.” Concerns about the Internet’s effect on privacy go back to the last century. October 12, 1999 5

  6. Online Privacy – Is This The Problem? 6

  7. Online Behavioral Advertising • Online Behavioral Advertising (OBA) accounts for a large portion of all online advertising activity (which totaled 26 billion dollars in the US alone for 2010). • OBA allows advertisers to target ad content very specifically, making it more efficient and cost effective. • OBA builds profiles of online activity to tailor advertising for the individual web user. • OBA requires tracking the activities of the web user. • A recent Wall Street Journal study found that the top fifty websites install on average 64 tracking technology items on the computer of a typical site visitor. A dozen sites stored more than 100 such items.

  8. What Should Be Done About Online Tracking? • Concern about the extent of online tracking has lead to cries for its control, but this issue has many dimensions that defy a quick answer. • Look to Industry self-policing or government regulation? • Is some form of a “Do Not Track” list feasible? • Implement control at the browser or the website? • Affect all databases containing tracking data in any form, or only databases supporting OBA? • Anonymize affected data or delete it entirely? • Restrict only third-parties who collect data and promote offerings on other organizations’ websites? Or should first-party website owners also be restricted?

  9. Survey of CMG Membership:Approach • To understand CMG members’ opinions on online tracking issues, a survey was conducted at 2011 CMG events held in North America and Europe. • Attendees were asked opinion questions and demographic questions. • Three opinion questions addressed specific implementation issues. • Opinion questions were posed from the viewpoint of a website visitor and a website team member. • Surveys with incomplete opinion responses were rejected. • Remaining 101 surveys were tabulated and the results analyzed.

  10. Survey of CMG Membership:Demographics of Respondents • Respondents split into the following segments: • Age: • 18-34 – 15%, • 35-49 – 27%, • 50 and up – 55%, • unidentified – 3% • Gender: • 79% male, • 7% female, • 14% unidentified • IT Experience: • 1-4 years – 5%, • 5-9 years – 5%, • 10 or more years – 84%, • unidentified – 6%

  11. Opinion Question 1Integrating Anonymous Activity with Customer Data For both viewpoints, a sizeable majority opposed integrating the data, with approximately one-quarter to one-third supporting integration.

  12. Opinion Question 2Altering Data When a DNT Request is Received The majority choice reversed between viewpoints, with deletion being selected much more often for the website team member view.

  13. Opinion Question 3Which Database(s) Should a DNT Instruction Affect? Opinions varied, whether the viewpoint was visitor or team member. For both views, a majority believed DNT should affect all three databases or the marketing analysis database and CRM Of the three, the database that was most commonly picked for alteration was the CRM.

  14. Additional ObservationsComparing Variation in Individual Responses with Viewpoint • The opinions of individual respondents often changed when considering a question from the website visitor viewpoint and the website team member viewpoint. Out of 101 respondents: • 50 changed no answers between viewpoints • 27 changed one answer between viewpoints • 19 changed two of their answers between viewpoints • 5 changed all three of their answers between viewpoints • 50% of respondents changed their answer to at least one opinion question when answering from different viewpoints • 5% of respondents change their answers to all three opinion questions when answering from different viewpoints. 14

  15. Additional ObservationsComparing Responses from North America and Europe Considerable variation in responses from both Europe and North America show lack of consensus is not restricted to one region. 15

  16. What Can You Do? Even with this uncertainty, there are steps you can take to help your organization prepare for DNT outcomes. Stay abreast of legislation and regulations that will have an impact on your organization’s online tracking. Take tracking-control technology into account when architecting, developing, testing, and operating your web applications. Implement a consistent set of policies and processes to support tracking control and handling of tracking data. 16

  17. Step 1: Legislative Receptiveness to government involvement in online privacy protection varies from region to region. Legislative and regulatory responses have varied considerably, as illustrated by these three examples: 1) Europe -- acting 2) US – proposing 3) Canada -- observing 17

  18. Legislative ActivityEurope • Europe has traditionally been at the forefront of government involvement with privacy issues. • European Commission established Directive 2002/058 on Privacy and Electronic Communications (the ePrivacy Directive). • 2002 version required website owners to inform visitors about cookie placement and offer a method of refusing cookies • 2009 version requires website owners to gain permission from visitors before storing any cookies not essential to basic site operation. • European Commission directed all EU members to incorporate the amended ePrivacy Directive into their national laws by 25 May 2011. • Many members did not meet that deadline. • UK enacted regulations requiring opt-in checks as of 26 May 2011. • European Data Protection Supervisor is urging quick action. 18

  19. LegislativeUnited States • The US has traditionally looked to industry and the marketplace for privacy solutions not involving medical or financial data, but initiatives addressing online tracking are countering that trend. • In December 2010, the US Federal Trade Commission released a study of online tracking’s impact on consumer privacy. The study concluded that industry self-policing had failed and urged Congress to legislate a “choice mechanism for behavioral tracking”. • The US Congress has responded, holding hearings and introducing legislation addressing the issue in various ways. To date, no legislation has become law. • At the state level, a legislative bill was introduced in California to require establishment of an opt-out mechanism tor tracking. The bill also mandates that websites honor the mechanism. This bill has not become law. 19

  20. LegislativeCanada • Privacy issues are important in Canada and legislation has addressed important privacy issues in the past. • In 2000, the Canadian Government enacted PIPEDA (Personal Information Protection and Electronic Documents Act). PIPEDA addresses various privacy issues but does not explicitly cover online tracking data. • In 2010 Canada’s Office of the Privacy Commissioner reviewed PIPEDA’s adequacy to address tracking and discovered many challenges. • The Office is “following with interest the U.S. Federal Trade Commission’s proposal for a Do Not Track mechanism…” 20

  21. Step 2: Technology • Technology work has begun but is in the early stages of development: • Two candidate approaches are being promoted to put tracking control in the hands of web users: • 1) The DNT flag • 2) Tracking Protection Lists • The World Wide Web Consortium formed a working group to initiate development of standards recommendations. 21

  22. DNT Flag – Mozilla Example Mozilla Firefox has implemented tracking control as a “Do Not Track” flag. When enabled, the browser appends the DNT flag to each URL sent to a web server. This approach is easy to use and easy to implement in the browser. The approach relies on the website owner to honor the request and implement some sort of tracking disablement. Mozilla added tracking control in its June 2011 release and claims that 5% of the version’s users have already enabled the feature. 22

  23. Tracking Protection Lists – Microsoft Example Microsoft has implemented tracking control in Internet Explorer 9 (IE9) as a set of lists. This approach relies on one or more lists and lists can be of allowed or blocked sites. With multiple lists, the control can be very finely controlled, but it is also complex. 23

  24. Third Party TPLs: Truste Tracking Control List Truste is one supplier of tracking control lists that can be imported into IE9. 24

  25. W3C Tracking Protection Working Group • In Spring 2011, the World Wide Web Consortium (W3C) created its Tracking Protection Working Group to deliver standards recommendations. • The Working Group will work with parts of W3C and Internet Engineering Task Force to develop standards to support tracking control. • Standards are planned for both the header method and the tracking selection list method. • In initial meetings standardization of tracking selection lists is having trouble gaining traction. • The Working Group has set a deadline of July 2012 for delivery of recommendations. 25

  26. Step 3: Policies and Processes • Decide on your approach to tracking control and incorporate it into your policies and processes • Policies to be addressed include your website’s online privacy policy as well as policies for data storage, data retention, and data integration. • These policies need to be folded into your data management processes, specifying the tracking data to be collected, how long it is used, and how long it will be retained. • Data to be considered includes IP addresses, website interaction streams, configuration and geolocation data, and any tracking data that can be used to identify or profile users. • Consult guidance from professional organizations and industry alliances such as the Web Analytics Association and the Digital Advertising Alliance as you develop your approach. 26

  27. Digital Advertising Alliance The Digital Advertising Alliance (DAA) is a group of national and international organizations supported by the Council of Better Business Bureaus and includes industry groups such as the Interactive Advertising Bureau. The DAA promotes principles for collection of web activity supporting behavioral advertising in the areas of education, transparency, consumer control, accountability, and proper handling of sensitive data. DAA website includes education for the consumer and a beta feature where consumers can elect to remove themselved from the audience for OBA. DAA Member Icon 27

  28. Anna LongFounder and Principal AnalystWeb AnalyticaSM anna.m.long@webanalytica.net linkedin.com/in/annamlong 126 Colchis Court Cary, NC 27513 919 349-5725

More Related