California ‘do not track’ bill is toothless
Wed, September 11, 2013
How is it possible that a piece of legislation purported to advance the principles of "Do Not Track" does nothing to prevent unwanted tracking?
California's AB 370, widely characterized as a "Do Not Track bill,” has inspired both lukewarm praise by some advocates and grumbling from industry as a source of unnecessary regulation. The bill has been marketed as the first DNT legislation but you know there is something amiss when a bill sails through both state houses with no registered opposition.
As it turns out, the bill is as toothless as an abandoned denture factory. What are the penalties under AB 370 if a company chooses to track a consumer who has indicated the she wishes not to be tracked? None whatsoever; companies needn't honor consumer DNT preferences, in keeping with current practices, provided that they add a few lines to their privacy polices that few, if any, consumers will ever read.
According to the bill:
If only that were true.
Online privacy disclosures are intentionally overwritten and incomprehensible because the practice allows businesses to shut consumers out of the data collection discussion. A study from Carnegie Mellon found that the average consumer would need to spend an average of 76 days a year in order to read all the privacy policies they encounter on the Internet. Are we to believe that making these documents even longer (as AB 370 will do) will benefit consumers?
AB 370 is being called an effort at "transparency" but I believe all it will accomplish is to allow companies to hide behind opaque online disclosures and then do as they please, usually without a user's awareness or informed consent.
A real DNT bill, Senator Rockefeller's S.418, sends a clearer message to online advertisers: when consumers indicate a preference not to be tracked, they must not be tracked. AB 370, by contrast, threatens to undermine the goals of DNT, particularly if other lawmakers adopt this inconsequential legislation as a model for other states. From a privacy standpoint, it is worse than no bill at all.
Once the Governor signs the bill, we're likely to hear a chorus of self congratulatory voices from the tech industry, politicians, and some advocates about how AB 370 supposedly is an important step for Do Not Track and for consumer privacy.
But don't expect many high fives from consumers. There's nothing in it for them.
— Joe Ridout