A recently reported initiative by Microsoft resulted in the
residual or "default" setting on the new Internet
Explorer 10 browser being fixed as a "do not track"
request. This would mean that unless an individual user took
the proactive step of changing their settings on an
"opt-in" basis to permit online tracking, the deemed
choice of the individual when using this Microsoft product would be
to send websites a notification saying they should not be tracked.
This is the first time a major on-line participant has set the
default as "opt-out". Usually, the pre-set
instructions are designated as "opt-in" to permit online
tracking, but also enable the individual to elect to remain
anonymous by changing their settings to "do not track".
Sometimes the opt-out is easy to implement, and sometimes not.
Not surprisingly, in the world of on-line advertising, this has
prompted some battle lines to be drawn.
The on-line marketing and advertising industries depend on
on-line tracking to provide meaningful data to their clients, to
support targeted marketing. This revenue stream makes a major
contribution to keeping the internet relatively "free" of
user-based charges. Even with a minor portion of the user base
occasionally opting out by expending effort to trigger "do not
track" options, the remaining data is still seen as meaningful
However, as noted in the media discussion linked to above, a
movement to an automatic setting of "do not track"
signifcantly changes the state of affairs. If only a minor portion
of users take the time and trouble to "opt-in" to
such tracking, by changing their settings, the available tracking
data becomes skewed, less relevant, and therefore less valuable for
sale and resale. The revenue stream may be materially
affected. Therefore, the Digital Advertising
Alliance, a voluntary industry association, is questioning whether
its members will respect an automatic setting of "do not
track". The Alliance is suggesting that any "do not
track" setting, to be valid, must be a conscious decision
affirmatively implemented by some consumer action. Also, there
is a potential for mixed signals if other products used with this
browser (eg. a Google account) contain a different default
Privacy advocates may find the Alliance position ironic, as the
Alliance members have historically relied on a deemed
"opt-in" for automatic settings, to justify collection
and monetization of their data. Arguably there is no conscious
decision or affirmative step involved in that deemed opt-in.
Why should the default be an "opt-in"? Personal
information protection legislation in many jurisdictions (including
BC) starts from the general proposition that no information can be
collected at all, unless there is:
a) express consent;
b) implied consent; or
c) statutory exemption.
The reasoned debate would centre around the concept of implied
consent – whether any reasonable person, in all the
circumstances, would expect and consider that they were being
tracked on-line unless they took steps to erect some barriers to
affect that state of affairs. With so much at stake,
evidence and argument will be assembled on both sides. It may
also be the case that any reasoned debate is overshadowed by a
stark reality. If the privacy advocates win this battle, and
"opt-out" becomes an accepted and enforceable default
setting, then what will be the eventual impact on the financial
structure of the on-line world?
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Specific Questions relating to this article should be addressed directly to the author.
With security breaches being on the rise, the requirement to have organizations notify the relevant privacy commissioners and affected individuals upon a security breach taking place is becoming increasingly important.
A credit union (the "Employer") dismissed a helpdesk analyst (the "Analyst") with cause after discovering the Analyst had, without permission or authorization, remotely accessed another employee’s confidential document stored on the Employer’s network.
The Office of the Privacy Commissioner of Canada has announced that the Federal Trade Commission, the UK Information Commissioner’s Office, the OPC and the Office of the Information and Privacy Commissioner for British Columbia and 15 other enforcement authorities worldwide are participating in an "Internet Privacy Sweep".