Defaults and compliance

I've been following with concern the discussions on the list about the threshold of user consent required for a user agent to set a DNT: 1 header.  In particular, I'm worried by suggestions that the standard might invite websites receiving the header to second-guess the process by which it was set.  I've written up a blog post explaining my concerns:

http://laboratorium.net/archive/2012/06/19/the_sabotage_of_do_not_track

Here is the core of the argument:

"But once websites have an excuse to look beyond the header they receive, Do Not Track is dead as a practical matter. A DNT:1 header is binary: it is present or it is not. But second-guessing interface decisions is a completely open-ended question. Was the check box to enable Do Not Track worded clearly? Was it bundled with some other user preference? Might the header have been set by a corporate network rather than the user? These are the kind of process questions that can be lawyered to death. Being able to question whether a user really meant her Do Not Track header is a license to ignore what she does mean.

Return to my point above about tools. I run a browser with multiple plugins.. At the end of the day, these pieces of software collaborate to set a Do Not Track header, or not. This setting is under my control: I can install or uninstall any of the software that was responsible for it. The choice of header is strictly between me and my user agent. As far as the Do Not Track specification is concerned, websites should adhere to a presumption of user competence: whatever value the header has, it has with the tacit or explicit consent of the user."

James

--------------------------------------------------
James Grimmelmann   	          Professor of Law
New York Law School                 (212) 431-2864
185 West Broadway       james.grimmelmann@nyls.edu
New York, NY 10013    http://james.grimmelmann.net

Received on Wednesday, 20 June 2012 08:24:52 UTC