In the last ten years Microsoft has invested heavily in user privacy. Just like security, privacy considerations are baked into every Microsoft product.
It is almost a year since the World Wide Web Consortium (W3C), an international community that develops open standards to ensure the long-term growth of the Web, accepted and published Microsoft’s member submission for an Internet Standard to help protect consumer privacy. Last September I described how the W3C had announced the creation of a Tracking Protection Working Group that would bring together a broad set of stakeholders from across the industry to work on standards for “Do Not Track” technology and the group has been hard at work since then.
This week there are three important events related to online privacy:
The third face-to-face meeting of the W3C Tracking Protection working group, which begins today; and
The Computers, Privacy and Data Protection Conference starting tomorrow in Brussels.
These forums bring together opinion leaders and stakeholders from academia, industry, and government to discuss information technology, privacy, and data protection.
W3C’s Third Face-to-face Meeting of the Tracking Protection Working Group
The W3C Tracking Protection working group is chartered to produce three deliverables:
Tracking Preference Expression Definitions and Compliance – When a large group of experts is brought together from across industry and government it is essential that they agree on terminology to prevent misunderstandings where people think they agree or disagree when in fact they don’t. The First Public Working Draft (FPWD) of this document was published in November and this week the group will discuss the changes made to the Editor’s Draft since then. The document highlights the large number of open issues that the group is working on.
Tracking Preference Expression (Do Not Track) – The second document is a technical specification that defines the mechanisms to be used by browsers and other applications in order to signal user preferences not to be tracked online. Today, Internet Explorer 9 sends this “DNT” signal when you enable a Tracking Protection List. The FPWD of this document was also published in November and again the group will discuss the latest Editor’s Draft this week. Sending the DNT signal relies on Web sites to correctly recognize and obey the user’s request to not be tracked. At the present time, few Web sites take any action when they receive the signal.
Tracking Selection Lists – The third deliverable for the Tracking Protection working group is a specification defining an interoperable format for Tracking Selection Lists. Tracking Selection Lists define rules that browsers can use to allow or block tracking elements on Web pages. A number of browsers today support this kind of list, either directly or via add-ins. In Internet Explorer, these lists are called Tracking Protection Lists (or TPLs). Internet Explorer 9 provides built-in support for TPLs specifically designed to help users control how they are tracked on the Web. A Web standard that defines the format of these lists will encourage a rich ecosystem of list providers that can work with any browser that chooses to support this feature. The working group hasn’t yet published a FPWD for Tracking Selection Lists but will discuss the Editor’s Draft written by participants from Microsoft and Opera in the meeting this morning.
Tracking Selection Lists are designed to complement the DNT signal, which will take some time to be effective. Inevitably, not all sites will respect the DNT user preference and Tracking Selection Lists will provide consumers an additional control to avoid being tracked by those sites. When a Tracking Selection List is enabled, the browser will avoid contacting the listed sites. You can read more about IE9’s Tracking Protection from previous blog posts.
Computers, Privacy and Data Protection Conference
I am looking forward to participating in the Tracking Protection Workshop at the CPDP Conference tomorrow afternoon. Simon Davies, a Research Fellow at LSE and Director of Privacy International, and Alexander Hanff, who heads up Privacy International’s Digital Privacy portfolio, host a panel exploring the dynamics of Tracking Protection Lists. This should be an engaging session and I’m keen to listen to the questions and comments from all involved.
The W3C working group has an aggressive timetable to make progress in the coming months, to tease out the consensus from the different groups involved, and to move the specification documents through the W3C process. You can follow the progress through the group’s mailing list archive. I plan to provide further updates on IEBlog. The minutes from this week’s meeting will be published on the group’s home page.