Do Not Track for Europe

Abstract

Online tracking is the subject of heated debates. In Europe, policy debates focus on the e-Privacy Directive, which requires firms to obtain the consumer’s consent for the use of tracking cookies and similar technologies. A common complaint about the Directive is that clicking “I agree” to hundreds of separate cookie notices is not user-friendly. Meanwhile, there has been discussion about a Do Not Track (DNT) standard, which should enable people to express their wishes regarding tracking with a simple button in their browser.

This paper outlines the requirements that are needed for DNT, or a similar system, to be able to help website publishers and other firms to comply with European privacy law. The three main points of the paper are as follows. First, a DNT system for Europe (eDNT) is possible, and the work of the W3C World Wide Web Consortium on the DNT standard was originally designed to support European compliance. Second, an eDNT standard could emerge from W3C, or from elsewhere. Third, implementers do not need to wait for a standard, and there are current DNT implementations that are almost compliant with European law.

We analyse the requirements for DNT that follow from European data privacy law. We give examples of current implementations of DNT, and show that some implementations could almost be used to comply with EU law.

The interdisciplinary paper is written by a European legal scholar and a US scholar of engineering and public policy.