The US Federal Trade Commission (FTC) this week proposed a new plan to protect individual privacy online. Modeled on the successful "Do Not Call" registry, this new scheme—called "Do Not Track"—would allow consumers to choose whether third parties can track their online browsing and buying habits. Currently, these third parties (often advertisers on otherwise trusted websites) can and do track user habits in ways many would find shocking and intrusive.
"The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation, and consumer choice," FTC Chairman Jon Leibowitz said at a news conference on Wednesday. "We believe that's what most Americans want as well."
Do Not Track would work a lot like Do Not Call, but there are differing ideas about the implementation. Rather than maintain a list of consumers—the Do Not Call list is 200 million members strong—Do Not Track could require some technology in web browsers, either through an add-on or built-in functionality, which would prevent sites and services from tracking the user. That would be a simpler and more secure and private solution than maintaining a list.
However it's implemented, Do Not Track would also make requirements of the companies that do collect personal data online. Under discussion are "substantive privacy protections" (which would ensure that individual user data is secured and retained only for set periods of time), simpler choices for consumers, and greater transparency around what data is collected and retained.
Google is the highest-profile company that opposes such a plan. But then Google is arguably the company with the widest range of privacy violations, as well. In fact, the FTC specifically noted that "self-regulation of privacy has not worked adequately," and while the agency didn't specify Google, reining in the online giant's behavior is clearly part of the plan.
Browser makers such as Google, Microsoft, and Mozilla do all include some form of privacy controls already, of course, and they will likely argue that such features mitigate the need for Do Not Track regulation. But consumer advocates note that such features need to be manually enabled, and re-enabled each time the browser is started up. Do Not Track would require such functionality to be enabled by default, and always enabled unless a user explicitly opts out.