User Experience Designer | TRUSTe
The current industry standard of providing user preferences around ad-related tracking makes use of a script-based in-ad icon as specified by the DAA which links to a preference management tool. Newer browsers are also supporting the Do Not Track (DNT) header request as an alternate method of indicating user preferences.
With the proliferation of DNT it is becoming more obvious that future systems need to be technology-agnostic in their approach to preference management. Until the industry fully adopts DNT, a temporary solution could be to integrate DNT recognition mechanisms into existing cookie-based systems.
DNT vs Cookie-based preferences
DNT is a browser feature that appends a header to http requests expressing a user’s preference not to be tracked (currently implemented in newer versions of Firefox, IE, and soon to be implemented in Chrome).
A strong advantage of DNT is that it makes it easy for consumers state a clear preference regarding tracking. Unfortunately other than an acknowledgement response that the signal was detected, DNT lacks a technical method of enforcement and relies on trackers to honor the request.
Cookie-based opt-out tools are used to indicate that a user wishes to be opted-out of behavioral advertising. This places the burden of control on the user to deal with large numbers of tracking domains, and deleting cookies (a common consumer approach for controlling privacy) also deletes the opt-out preferences.
DNT Exception Handling
DNT in its current incarnation is a global preference associated with the browser, whereas cookie-based opt-out allows for granular tracker-specific preferences.
While DNT only applies to third party trackers, it’s still possible that a user may want to grant exceptions for third parties on a site they trust for the purposes of enabling desired functionality. For this purpose future browser implementations of DNT may accommodate exception handling – allowing the user to set browser-based DNT exceptions for specific domains.
Mozilla was an early champion of DNT and specifically chose the term to avoid the ambiguity of interpretation that plagued cookie-based opt-out mechanisms. Microsoft’s surprising move to make DNT the default in IE10 will force the industry to decide how to interpret this signal. For companies who plan to honor DNT, this will be an opportunity for a new kind of consumer engagement and education by way of a DNT exception request, in which the publisher can request on behalf of the ad providers that the user allow tracking for a trusted site.
Complications of an Integrated Solution
One of the difficulties of integrating DNT and cookie-based preferences is that these two preference mechanisms, while similar in their representation of user intent, are functionally very different. DNT is a global setting in the browser and is communicated along with all http requests, while cookie-based preferences are maintained in the browser cookie storage and can only be accessed by the individual domains who set them.
Any preference mechanism which attempts to recognize both types of preferences will have to deal with collisions – what happens if the user has set a global DNT preference in their browser, but has an opt-in tracking cookie? Collision logic will be necessary to determine which preference is the most accurate signal of user intent. This will be complicated even further if browsers implement domain-based DNT exceptions, wherein users may have a global DNT preference, a domain-based DNT exception, and a cookie-based preference, any of which may conflict.
DNT and Automatic Cookie-based Opt-out
Since a user who has stated a DNT preference most likely does not wanted to be targeted, existing cookie-based systems could also be implemented to respond to DNT detection. TRUSTe has developed a DNT-integrated ad tag solution capable of acknowledging a user’s DNT preference and reflecting it via the transparency afforded by the in-ad icon, using the ad tag script to automatically record the user’s preference by triggering opt-outs for all tracking entities associated with the ad tag.
More on this »
A less invasive approach is for this option to be presented to the user in the ad interstitital messaging, or at the point of interaction with the preference manager (rather than being invoked by the script serving the ad tag). While functionally similar, this approach gives the user control over the execution of the opt-out, rather than letting the system do this automatically.
The future of DNT is still uncertain, as the industry struggles to reach an agreement regarding how it should be honored, which its inclusion as a default in IE10 will only reinforce. A parallel approach to this is to find ways to integrate DNT recognition mechanisms into existing preference systems in ways that are both meaningful and graceful, without forgetting its original intent.