The Behavioral Tracker Registry: What it is not and what it needs to be

September 2, 2009

Today’s announcement of recommendations from a coalition of privacy advocates got a lot of press, which bodes well for a hearty legislative discussion. Some accounts have compared the new proposed “Behavioral Tracker Registry” to the Do-Not-Call registry the FTC operates to limit junk calling. The two actually are quite different.

The Do-Not-Call registry allows consumers to register their telephone number as one that does not want unsolicited calls. Any prospective marketing caller must screen out numbers on that list, or face legal penalties. The Behavioral Tracker Registry, as proposed, would not involve any consumer registration. Rather, it is the targeters who would need to register.

Here’s how the privacy coalition describes the registry:

The FTC should maintain an online registry of organizations that engage in behavioral tracking. Behavioral tracking organizations should be required to provide current information to the FTC registry that will, at a minimum:

a) contain technical information required so that consumers can opt out of tracking through tracking cookies, browser settings or extensions, and other methods.

b) appear online in a format so that third parties can develop consumer tools such as browser settings or extensions or tracking cookie management software that will automatically update from the registry.

c) include the name, physical address, and contact information of the BT company doing the tracking, along with information about how to file a complaint about the company or about its opt-out procedures.

d) include a complete description of the categories of consumer information collected, all online and other sources of consumer information, and the countries where the information is stored.

The essence of the proposal is dead-on right — tracking firms must identify themselves and facilitate third-party tools for consumers to block them. Consumers don’t need to register because their computers and devices can control who has access to their information. Hard to disagree with this, and we will work to develop those tools.

But there’s an important point missing from this formulation of a behavioral tracking registry. In my mind, the most important feature of a registry is this:

  • The tracking company identifies every domain they use in the course of behavioral targeting, and
  • The tracking company binds their privacy policy with those domains, by registering their privacy policy URL

It is easy enough to identify domains that serve content on pages and write cookies. What is usually more difficult is tracking down the network to which the domain belongs. By requiring trackers to claim the domains they use and confirm their privacy promises as to those activities, you create the infrastructure necessary for third party tools to implement consumer preferences.


One Response to “The Behavioral Tracker Registry: What it is not and what it needs to be”

  1. […] the business of collecting and using information about users from across different websites should register each domain they use, and bind it legally to a complete privacy policy that governs the […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: