From this report, it sounds like the Do-Not-Track header (as implemented in Firefox 4) now has the support of at least two tracking companies, Chitika and BlueKai. By implementing the header these companies support a forward-looking approach to user privacy, and add credibility to the industry’s self-regulatory effort.
If your company uses tracking, here’s how you can also comply right now, with a minimum of effort:
- Don’t wait for a fancy definition. Even if the edge boundaries of the definition of “tracking” are not yet universally agreed, for the vast majority of tracking companies, it’s clear enough that a Do Not Track election is intended to cover their core activities. Take BlueKai for example: there’s no question that nearly everything they do on a user’s machine involves “tracking” by just about any definition. If the same is true for your company, there’s no reason to wait to give effect to the user’s choice.
- Treat the header like an opt-out cookie. Even though ad-industry leadership has yet to deal with the “do-not-target” versus “do-not-track” distinction, a fine starting approach is to treat a computer transmitting the Do-Not-Track header just as you would a computer that already has your opt-out cookie. Whatever policy you apply to opted-out computers you should apply to Do-Not-Track elected computers.
- Write the opt-out cookie when you see the header. An elegant, simple and user-friendly way to give effect to that Do-Not-Track choice (which was suggested to me recently) is to always recognize the header by writing your standard opt-out cookie in response. By adding this process, you can bridge the Do-Not-Track process with your existing opt-out systems, and you can make the user’s choice persistent. Not only that, since the user now sees your opt-out cookie in their cookie list, they have direct assurance that their choice is being honored.