Privacy Must be a Choice. Managing Choice Must Be Simple.
The digital Privacy debate continues and the W3C are defining Do Not Track (DNT) standards right now. The goal is good, but I fear they are making things more complicated than they need to be. In an ideal world, users would have a choice over everything that gets shared and with whom it is shared. But alas, the world is not ideal and while choice can be 3P enhancing, I understand that everyone will progress through the 3Ps at their own pace.
The reality is that most people simply use default settings in every application – including their browsers (see this great little study by UIE). The other reality is people want their privacy to be respected. Most are willing to share relevant information to delivering a great experience – if you ask their permission. So if you are not going to give them full choice, give them a simple choice: Track or Do Not Track.
This is the worldwide Web. The standard affects everyone around the world. Not everyone has the same norms or laws. So while, I’m all for respecting the privacy laws of each country, don’t build the standards so that in order to comply with them, every website is obligated to collect location data with each request. A simple default to Do Not Track when it is unclear as to the user’s consent level is sufficient. I have not met a U.S. citizen, yet, who subscribes to the belief that the Web standard default should be Track Me. Simply because U.S. laws don’t address this specific issue like EU country laws, doesn’t mean it’s a U.S. cultural norm.
Now, lets forget “Joe Average Citizen” for the moment. Can you imagine the performance hit to the Web if every time a page is visited it must query the user’s location? What if GPS is not available and cell-tower or Wi-Fi location cannot be resolved? What about the cost of compliance? Most companies and websites are simply not that sophisticated. Will there be exemptions for B2B sites? My company doesn’t share any data – do I still have to comply? Does regional privacy compliance create an even greater privacy threat than the issues surrounding behavioral targeting – the primary reason the DNT standard is being put into effect?
Keep it simple. More DNT exceptions equates to more complexity and more unintended consequences. The more complexity, the greater the implementation burden and cost to businesses.
Privacy is not binary… but if full choice is not supported, then a simple binary choice is far better than a good idea gone astray. Too many programmatic exceptions to the DNT standard will undermine the original intent of the initiative and we’ll have to keep writing these blogs. Personalization and fast performance are much more fun! 😉