In my experience as a product manager there are almost no win:win situations in real life. Solving a problem for someone means adding to the workload of another, and prioritising one feature means delaying another. Everything is a game of trade-off where the business case is king.
However, there is a situation currently impacting our industry within which a number of very significant issues could all be resolved neatly, in a way which appears to be in everyone’s interests and requires minimal effort.
I can only think that the reason this has not already taken place is the amount of time spent by people with differing interests, teasing and tugging at the strands of this issue until it resembles the Gordian knot. I humbly submit the following as my simple solution to cut through the muddle.
As an industry we have the following problems:
- An insufficient self-regulatory programme. AdChoices has good consumer awareness, but is enabled via cookies- requiring users to repeatedly opt out when they reset their cookies- and it doesn’t work for mobile. There is a plugin to persist this in the browser, but download rates are predictably tiny.
- DoNotTrack is a car-crash of a user privacy empowerment initiative. It has been talked about for four years or so and has achieved very little, preposterously even to define what “track” means.
What it has achieved, however, is a setting in all major browsers which does not depend on cookies for persistence. (Users can tick this box – it doesn’t really change anything, as no-one has been able to agree what should happen.)
Do you see what I see?
Adtech vendors ALREADY know what we mean by ‘targeting’, which may only be a subset of ‘tracking’, but has the advantage of being nicely defined and an already be opted out of via an existing, if slightly clunky, mechanism. It also seems to be the aspect of tracking that most people are excited about.
So, as an industry, we just need to recognise the ‘Do Not Track’ (DNT) signal from the browser as the equivalent of an opt-out cookie being set, and act accordingly. DNT will then have meaning, and fulfil the task a user would expect: not building up profiles for future targeting, and not seeing targeted advertising.
This would also be a mechanism which works beyond cookies, and would therefore function on all tablets and smartphones. DNT would become “Do Not Target” rather than “Do Not Track”.
Ok, so there are a few concessions to be made, but they seem microscopic compared with the benefits:
- Proponents that DNT should stop all tracking would need to concede that “Do Not Target” is good enough. This seems like a big win – having an approach that works cross-device without requiring more data from users in order to not track them would be massive. If users do not want to leave a trace online they can use Incognito mode/Private browsing (or Tor if they’re really serious about it), and if they don’t want to see any ads, they can use an ad blocker.
- Adtech firms need to concede that DNT would be a fair representation of a user’s wishes. While in US and elsewhere globally, the default should be “off” reflecting the general legal stance and history of the internet as a largely free, ad-funded model.
In Europe however, the concession from Adtech may end up being greater – the ePrivacy directive absolutely talks about browser-based controls being suitable for the purpose of providing consent to receiving targeted advertising…but consent is generally regarded as opt-in, so DNT could legitimately be enabled by default.
This does start getting into the nitty-gritty of how best to achieve the goals of the EU legislation (which, let’s remember, is in the process of changing), but honouring DNT when it has been set by a user seems a fair starting position. This means Microsoft IE’s DNT setting would be ignored (as is enabled by default).
What are the benefits?
- Consumers get an opt-out function that works, does not require a plugin (which may be provided by someone with a less than clear commercial agenda), is persistent until they change their minds and will work on browsers on all devices (although not apps).
- Privacy advocates get a baseline DNT functionality that works and does what a user would reasonably expect. It could be enhanced, sure, but the use of a cookie to define what to do about cookies would finally be broken in a way that doesn’t counterintuitively require MORE information from the user.
- Adtech gets to heal several painful open sores in a way that demonstrates self-regulation can be effective. The value of being able to show the EU and even the FTC what we can get done to help empower and protect the consumer while building sustainable legitimate data-fuelled businesses cannot be overstated.
My proposal to the IAB, NAI and DAA inter alia is that they should add to their existing self-regulatory regimes this simple requirement:
Signatories must honour the DNT flag as if it were an opt-out cookie
Admittedly, this would need to come with two provisos:
- As DNT values specified by Microsoft IE browsers do not reflect users’ active choice, they should be ignored, until further notice.
- Discussions need to be held with browser manufacturers and the Article 29 Working Party before DNT can be construed as a genuine indicator of consent.
I appreciate there is a huge sunk cost associated with the current state of play of Do Not Track. A discipline of product management is to treat sunk cost correctly, i.e. it is not germane to the current decision.
Combining AdChoices with Do Not Target represents valuable progress for privacy advocates, consumers and the Adtech industry – it could be argued this is a win:win:win situation, which I shouldn’t need to tell you, is an even rarer animal.