This article is also available in:
Deutsch: [Hochrangige Diskussion über Online-Tracking |]

A meeting organised jointly by the University of Berkeley and the Institute
for Information Law of the University of Amsterdam drew together an
outstanding collection of international experts, NGOs and industry
representatives to discuss online tracking protection and browsers.

Information Society Commissioner Neelie Kroes opened the event where she
brandished the “stick” of strict enforcement of the e-Privacy Directive if
industry did not accept the “carrot” of self-regulation to achieve
compliance. She described as “encouraging” the EASA and IAB Best Practice
Recommendation, which uses a tiny icon that aims at alerting users that they are being tracked and profiled and being delivered advertising designed to match that profile – using a cookie as an opt-out mechanism.

She pointed out that tracking is far more than cookies and can be done via
browser fingerprinting and add-ons. She therefore called on the advertising
industry to come up with a “do not track” (DNT) standard that “must be rich
enough for users to know exactly what compliant companies do with their
information and for me to be able to say to industry: if you implement this,
then I can assume you comply with your legal obligations under the ePrivacy
Directive.” She challenged the industry to come up with such a standard
within twelve months.

Commissioner Kroes’ speech was followed by one from Federal Trade
Commissioner Julie Brill. She provided an overview of the current US
thinking and policy development. She said that her thinking was driven by
three key concepts – the need for privacy by design, the need for simplified
choice and the need for increased transparency. Regarding a DNT standard,
she said it needed to be easy to use, effective, universal, had to cover
collection as well as use of data and had to represent a persistent choice.
The use of data and the persistent choice have proved to be problematic due , for example at least one case in the US where an “opt-out” offered by an online company only lasted several days.

Commissioner Brill expressed particular concern about the situation in the
mobile market. She said that, of the top 30 mobile apps, 22 did not have a
privacy policy and those that did have a policy, did not make them
particularly easy to find.

The third policy-maker to speak was Robert Madelin, Director General of DG
Information Society of the European Commission. He acknowledged and welcomed
the G8 approach that Internet regulation needed to be convergent and
interoperable. He described his minimum criteria for the creation of
self-regulatory systems, the basis of which comes from a document produced
when Mr Madelin was Director General of the Health and Consumer Protection
Directorate General of the Commission. Key points which he stresses are
clear goals from the outset and involvement of all relevant stakeholders from
the outset and clear metrics for the measurement of results.

The remainder of the meeting consisted mainly of very high-level panel
discussions and a fascinating insight into the extent of online tracking,
the technologies used and the main companies involved by Ashkan Soltani.

Self-regulation principles

Ashkan Soltani

Event website

IAB/EASA Best practice guideline

Do Not Track: The Regulators’ Challenge

Wall Street Journal’s “What They Know” series of articles

New code for online behavioural ads – will it work? (16.04.2011)

Online behavioural ads – is the industry doing enough? (17.02.2011)

FTC’s materials about OBA

(Contribution by Joe McNamee – EDRi)