In
the last ten years Microsoft has invested heavily in user privacy. Just like
security, privacy considerations are baked into every Microsoft product. It is almost
a year since the World Wide Web Consortium (W3C),
an international community that develops open standards to ensure the long-term
growth of the Web,
accepted and published Microsoft’s
member submission for an Internet Standard to help protect consumer
privacy. Last September
I described how the W3C had
announced the creation of a
Tracking Protection Working Group that would bring together a broad
set of stakeholders from across the industry to work on standards for “Do Not Track”
technology and the group has been hard at work since then.
This week there are three important events related to online
privacy:
- The Digital Life Design (DLD) conference
in Munich where our own
Dean Hachamovitch had the privilege of speaking yesterday (see related posthere);
- The
third face-to-face meeting of the W3C Tracking Protection working group, which
begins today; and - The Computers, Privacy and Data Protection
Conference starting tomorrow in Brussels.
These forums bring together opinion leaders and stakeholders from academia, industry,
and government to discuss information technology, privacy, and data protection.
W3C’s Third Face-to-face Meeting of the Tracking Protection Working Group
The W3C Tracking Protection working group is chartered to produce three deliverables:
- Tracking Preference Expression Definitions and Compliance
When a large group of experts is brought together from across industry and government
it is essential that they agree on terminology to prevent misunderstandings where
people think they agree or disagree when in fact they don’t. The First Public Working
Draft (FPWD) of this document was
published in November and this week the group will discuss the changes made
to the
Editor’s Draft since then. The document highlights the large number of open
issues that the group is working on. - Tracking Preference Expression (Do Not Track)
The second document is a technical specification that defines the mechanisms to
be used by browsers and other applications in order to signal user preferences not
to be tracked online. Today, Internet Explorer 9 sends this “DNT” signal when you
enable a Tracking
Protection List. The FPWD of this document was also
published in November and again the group will discuss the latest
Editor’s Draft this week. Sending the DNT signal relies on Web sites
to correctly recognize and obey the user’s request to not be tracked. At the present
time, few Web sites take any action when they receive the signal. - Tracking Selection Lists
The third deliverable for the Tracking Protection working group is a specification
defining an interoperable format for Tracking Selection Lists. Tracking Selection
Lists define rules that browsers can use to allow or block tracking elements on
Web pages. A number of browsers today support this kind of list, either directly
or via add-ins. In Internet Explorer, these lists are called Tracking Protection
Lists (or TPLs). Internet Explorer 9 provides
built-in support for TPLs specifically designed to help users control how
they are tracked on the Web.A Web standard that defines the format of these lists will encourage a rich ecosystem
of list providers that can work with any browser that chooses to support this feature.
The working group hasn’t yet published a FPWD for Tracking Selection Lists but will
discuss the
Editor’s Draft written by participants from Microsoft and Opera in the meeting
this morning.
Tracking Selection Lists are designed to complement the DNT signal, which will take
some time to be effective. Inevitably, not all sites will respect the DNT user preference
and Tracking Selection Lists will provide consumers an additional control to avoid
being tracked by those sites. When a Tracking Selection List is enabled, the browser
will avoid contacting the listed sites. You can read more about IE9’s Tracking Protection
from previous
blog
posts.
Computers, Privacy and Data Protection Conference
I am looking forward to participating in the
Tracking Protection Workshop at the CPDP Conference tomorrow afternoon. Simon
Davies, a Research Fellow at LSE and
Director of Privacy International, and Alexander Hanff, who heads up Privacy
International’s Digital Privacy portfolio, host a panel exploring the dynamics
of Tracking Protection Lists. This should be an engaging session and I’m keen to
listen to the questions and comments from all involved.
What’s Next?
The W3C working group has an aggressive timetable to make progress in the coming
months, to tease out the consensus from the different groups involved, and to move
the specification documents through the
W3C process. You can follow the progress through the group’s
mailing list archive. I plan to provide further updates on
IEBlog. The minutes from this week’s meeting will be published on
the group’s home page.
—Adrian Bateman, Program Manager, Internet Explorer