For your eyes only? A ‘Do Not Track’ proposal

Abstract

The Internet has become an indispensable part of Americans’ everyday lives. At the same time, its ease of data collection and storage has put the notion of personal privacy in grave danger. The FTC is finally gearing up to face this danger and opened discussions on how Do Not Track regulations should operate. This article first explores the landscape of the current tracking mechanisms and surveys what Americans actually think of these practices and how much they understand about their legal protections. Second, it proposes a possible solution, partially grounded in a comparison with the popular and proven Do Not Call regulations. Specifically, I parse the problem into three main types of behavior – first-party tracking, third-party tracking, and the selling/sharing of collected data – and suggest a different legal rule for each. Selling/sharing of data poses the greatest threat to personal privacy and therefore, should be governed by an opt-in regime. Third-party tracking can be placed under a browser level opt-out control. This proposal leaves first-party tracking as is, though with some caveats for the direction of potential future regulations. Finally, the article considers a cost-benefit analysis of imposing limits on tracking and offers three responses to the economic-based criticisms of such limits. One, that the choice between free Internet and personal privacy is a false one. Two, that customization and not personalization is a much better answer for both consumer and industry. And three, that there is enough evidence to suggest that the purported benefits are specious at best, and consumers deserve the ability to dispute the cost-benefit balance currently struck by the industry at their expense.