This Week in Privacy

In
the last ten years Microsoft has invested heavily in user privacy. Just like
security, privacy considerations are baked into every Microsoft product. It is almost
a year since the World Wide Web Consortium (W3C),
an international community that develops open standards to ensure the long-term
growth of the Web,
accepted and published Microsoft’s
member submission for an Internet Standard to help protect consumer
privacy. Last September
I described how the W3C had
announced the creation of a
Tracking Protection Working Group that would bring together a broad
set of stakeholders from across the industry to work on standards for “Do Not Track”
technology and the group has been hard at work since then.

This week there are three important events related to online
privacy:

  • The Digital Life Design (DLD) conference
    in Munich where our own
    Dean Hachamovitch had the privilege of speaking yesterday (see related post

    here);

  • The
    third face-to-face meeting of the W3C Tracking Protection working group, which
    begins today; and
  • The Computers, Privacy and Data Protection
    Conference starting tomorrow in Brussels.

These forums bring together opinion leaders and stakeholders from academia, industry,
and government to discuss information technology, privacy, and data protection.

W3C’s Third Face-to-face Meeting of the Tracking Protection Working Group

The W3C Tracking Protection working group is chartered to produce three deliverables:

  • Tracking Preference Expression Definitions and Compliance
    When a large group of experts is brought together from across industry and government
    it is essential that they agree on terminology to prevent misunderstandings where
    people think they agree or disagree when in fact they don’t. The First Public Working
    Draft (FPWD) of this document was
    published in November and this week the group will discuss the changes made
    to the
    Editor’s Draft since then. The document highlights the large number of open
    issues that the group is working on.
  • Tracking Preference Expression (Do Not Track)
    The second document is a technical specification that defines the mechanisms to
    be used by browsers and other applications in order to signal user preferences not
    to be tracked online. Today, Internet Explorer 9 sends this “DNT” signal when you
    enable a Tracking
    Protection List. The FPWD of this document was also
    published in November and again the group will discuss the latest
    Editor’s Draft this week. Sending the DNT signal relies on Web sites
    to correctly recognize and obey the user’s request to not be tracked. At the present
    time, few Web sites take any action when they receive the signal.
  • Tracking Selection Lists
    The third deliverable for the Tracking Protection working group is a specification
    defining an interoperable format for Tracking Selection Lists. Tracking Selection
    Lists define rules that browsers can use to allow or block tracking elements on
    Web pages. A number of browsers today support this kind of list, either directly
    or via add-ins. In Internet Explorer, these lists are called Tracking Protection
    Lists (or TPLs). Internet Explorer 9 provides
    built-in support for TPLs specifically designed to help users control how
    they are tracked on the Web.

    A Web standard that defines the format of these lists will encourage a rich ecosystem
    of list providers that can work with any browser that chooses to support this feature.
    The working group hasn’t yet published a FPWD for Tracking Selection Lists but will
    discuss the
    Editor’s Draft written by participants from Microsoft and Opera in the meeting
    this morning.

Tracking Selection Lists are designed to complement the DNT signal, which will take
some time to be effective. Inevitably, not all sites will respect the DNT user preference
and Tracking Selection Lists will provide consumers an additional control to avoid
being tracked by those sites. When a Tracking Selection List is enabled, the browser
will avoid contacting the listed sites. You can read more about IE9’s Tracking Protection
from previous
blog
posts.

Computers, Privacy and Data Protection Conference

I am looking forward to participating in the
Tracking Protection Workshop at the CPDP Conference tomorrow afternoon. Simon
Davies, a Research Fellow at LSE and
Director of Privacy International, and Alexander Hanff, who heads up Privacy
International’s Digital Privacy portfolio, host a panel exploring the dynamics
of Tracking Protection Lists. This should be an engaging session and I’m keen to
listen to the questions and comments from all involved.

What’s Next?

The W3C working group has an aggressive timetable to make progress in the coming
months, to tease out the consensus from the different groups involved, and to move
the specification documents through the
W3C process. You can follow the progress through the group’s
mailing list archive. I plan to provide further updates on
IEBlog. The minutes from this week’s meeting will be published on
the group’s home page.

—Adrian Bateman, Program Manager, Internet Explorer


IEBlog