Ignoring IE's DNT Default Header: Will Implied Consent Be Enough To Trump Do Not Track?

Microsoft, without much fanfare, announced that IE 10, will ship with the “Do Not Track” setting turned on by default. The browser will not block cookies but will send a message to every website indicating that the user does not want to be tracked by any third party cookies – just a header. The DNT movement has some powerful allies – among them the FTC and the EU – but it is not enshrined in law.

We also have a bunch of companies working with the W3C on a standard DNT header, but we are still well away from an outcome there. Microsoft has decided to go rogue on this, and introduced DNT as a default setting on the new IE 10. And it won’t be easy to turn off either, as apparently it is buried in a sub-folder which many users will find hard pressed to change.

Giving The Consumer The Choice

It is remarkable to think that Microsoft is able to read the minds of 25% of the internet population (used to be 75% – and continues to fall). By not giving the user the option to choose the DNT feature, Microsoft is taking away the consumer’s ability to browse a fully functional internet. Doubtless, that would be the fluffy argument of the IAB. It is unlikely Microsoft took this decision without thinking through the consequences. The thought process might have gone a little like this:

“What happens if we set the DNT option to default? Hmmm, we might inadvertently kill our ad network/ad exchange/publisher business. But then it doesn’t make us a profit – and we are software company. And we could give Google a commercial kick to the guts. And of course everyone hates third party cookies. Well, we are assuming. Implied consent… sure, let’s do it…”

Legislators Will Love The DNT Option

The EU has made such an ungodly mess of the privacy directive that it is desperately trying to find a face-saving solution. Do No Track is that face-saving solution. Every day you see Nellie Kroes et al blowing on about some EU digital initiative, and you have to ask yourself how much untold damage are these people about to wreak on the fastest growing industry in the EU. Congratulations, you now might have your get-out-of-jail card.

Does Implied Consent Trump The IE’s DNT Header? Should I Ignore It?

Should we as a publisher ignore the DNT header. Yes, we will. Given that the law in the UK requires implied consent, we and other publishers are well within our rights to ignore the DNT header coming from a piece of software that didn’t ask its users if it could set the DNT option to default. Maybe Microsoft is using “implied consent” to make that assumption. Most publishers will ignore the DNT header so long as implied consent is given by the users. But wait, the Dutch have thrown a spanner in the works.

Universal Consent Tool Now Required By European Publishers

In a piece published this week by ExchangeWire, it was assumed that the new Dutch law on privacy would exempt foreign language (non-Dutch) sites setting first and third party cookies. ExchangeWire has now been informed by vendors in the Netherlands that is not the case. All sites setting cookies on Dutch users are covered by the new law. We are all looking forward to the Dutch state versus BusinessInsider court case (which on the last count was setting 35 third party cookies). How the Dutch government will implement this law is beyond comprehension.

More now than ever we need European publishers to come together on this and formulate a solution. ExchangeWire put forward a suggestion for a Universal Consent Tool this week. If it was implemented, it wouldn’t matter how many DNT headers you were sent by browsers. If the user opt-ins for all third party and first party cookies, you’d simply ignore it.

In Defence Of The Publisher

We have seen this debate roll on for the better part of three years now, and little or no real coverage has been devoted to the potential impact on publishers. We all recognise the importance of privacy, but the use of third party cookies is hardly akin to the selling of data offline. A cookie only recognises the machine – not the person. If you take away the ability to third party ad serve then you will be killing ad-funded content. And with it a great number of innovative digital media companies. We can’t let bureaucrats and large vendors dictate the terms of the game. Publishers have but one choice: work together to take the legislation head on.