Steelie Neelie: Settle your Do-No-Track squabbles or else

I will call in the politicians


Regulators may impose a Do-Not-Track standard on squabbling tech vendors and web businesses after they missed a deadline to develop their own proposal.

EU member states are looking at how to enforce DNT under ePrivacy rules, the vice president responsible for the Digital Agenda Neelie Kroes said Wednesday.

Kroes also hinted at action in the US, too, pointing to the Federal Trade Commission's growing frustration with the ongoing lack of agreement and watering down of proposals.

Kroes said techies and businessmen have one last opportunity to agree something that suits users, business and the internet.

“Let me be frank: standardisation work is not going according to plan. In fact, I am increasingly concerned,” she said.

She pointed to the current mess over whether or not DNT should be switched on "by default" in the browser – Microsoft’s Internet Explorer 10 for Windows 8 is by default whereas Mozilla Firefox's DNT must be switched on by the user. She also spoke of the ad-hoc code change by Apache daddy Roy Fielding to make Apache web servers disable DNT setting in IE10, and growing “concern” about delay and deadlock at the World Wide Web Consortium (W3C) Tracking Protection Working Group.

Topping her concerns was the watering down of DNT proposals by all concerned in the process. She said it was crucial to settle how users are informed about their default settings, that websites shouldn’t “second guess” or disregard users’ choices, and added that the rules of what could be done without consent should be limited and made clear.

If the industry doesn’t nail these subjects quickly, then the politicians will come up with their own answer, she warned. “To all of those taking part in these discussions I say today: you need to find a good consensus – and fast,” she said.

Kroes said she’d now raise DNT as a topic for the next meeting of the EU Article 29 working party on protection of personal data before the year’s end. Speaking in June 2011 and January this year Kroes had given the industry until June 2012 to agree a DNT standard.

“I am worried about the soundness of what we are getting – and about the slow speed. Failing to deliver would mean everyone loses. Users miss out on an easy way to protect their privacy, websites miss out on a simple and user-friendly way to comply with consent requirements. And, ultimately, advertisers lose out, too,” she said Wednesday.

She called a DNT standard a “valuable and useful” means of giving users a web they can trust, avoiding expensive ad-hoc solutions and companies or individuals being sued for "illegal tracking".

“We need, as far as possible, a simple and uniform way of addressing e-privacy – across different providers and different types of tracking. You shouldn't have every provider reinventing the wheel on this one,” she said.

“If DNT only goes halfway, providers will need to ensure legal compliance beyond that. There will be a delta, things providers need to do to get valid cookie consent, on top of or beyond implementing DNT.

“There should be a discussion about what that delta looks like in the EU Member States given the legal requirements and given the state of the standard. With the providers who will need to know the answer and with the authorities enforcing ePrivacy, who will need to set out their position.”

It is unclear how an EU solution would be. The original EU ePrivacy Directive was passed in 2002 and the cookie law was only implemented in 2012 in the UK, and following much apathy and foot-dragging.

After delaying implementation for a year, the UK’s Information Commissioner changed the cookie law - already revised - by watering it down.

The law said companies must gain the consent of web users before serving them cookies. The IC change, though, said “implied consent” was “a valid form of consent” in order for operators to comply with the EU law.

The UK wasn’t alone in going slow on cookies. Just two of the 27 bloc states initially delivering proposals to the Commission went on to implement the cookie rules under a revised e-Privacy Directive in 2011.

Post-law, adoption of the new cookie rules seems patchy. The law said companies must gain the consent of web users before serving them cookies.

A KMPG study of UK websites in June – 10 days after the law came into force – found that less than one in five sites had complied with the law. ®


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022