Most websites and mobile apps use various tools to track browsing activity. This is done for a number of reasons:
- To get some insight into how many unique visitors the website receives
- To see how users interact with the web pages
- To gauge the effectiveness of ads
DNT is a web browser setting a consumer may set to "on" or "off." When turned on, the user is instructing their browser to disable tracking of their web browsing activities. In simple terms, it's a setting that gives users the option to opt out of being tracked by the websites they visit.
When someone enables the DNT setting in their web browser, the browser automatically sends a special request to the websites they visit, asking the sites to stop tracking their activity. The users who leave the DNT setting disabled in their web browsers are essentially telling the websites they visit that they agree to have their activity tracked.
Why would a user want to have their browsing activity tracked? The answer is that technologies tracking browser activities can personalize and greatly improve the user's online experience with the tracking data.
However, the web browser doesn't have any control over whether or not the DNT request will be honored by individual sites the user visits. Some websites may choose to honor the request, while others may choose to ignore it.
No law exists that requires a website to respect a user's DNT setting.
Do Not Track in Privacy Policies and CalOPPA
The DNT disclosure should be a simple sentence or two that states whether or not the website responds to the DNT signals it receives.
A website has two options when addressing how it responds to the DNT requests it receives from visitors' web browsers:
- The website responds to the DNT setting configured on the user's web browser
- The website does not respond to the DNT setting configured on the user's web browser
In order to comply with CalOPPA's DNT requirements, website owners must make sure they:
- State how they respond to the DNT signals they receive from user's web browsers
The purpose of the DNT requirement is to let visitors know how the website responds to the DNT settings they've configured in their web browsers.
Is it Mandatory to Respond to a Do Not Track Request?
It isn't mandatory to respond to a DNT request. However, it is mandatory under CalOPPA to disclose whether you respond or not.
Simply put, if a website or mobile app receives visitors from California, then the site is required by law to disclose how it manages DNT requests. However, remember that the site is not required to respond to the DNT request.
What this means is that CalOPPA merely requires online business owners to inform site visitors whether or not they follow the DNT setting. Since they are not required to actually honor the request, it's entirely acceptable to state that the website does not honor the DNT requests it receives.
In fact, it is generally recommended that sites should not respond to the DNT request unless and until it can guarantee that third party websites integrating with the site will respond to the DNT request the same way. Third-party websites may include analytics services like Google Analytics, or advertising networks like Google AdSense.
For example, if a simple blog honors the DNT setting on a visitor's web browser but also uses Google Analytics, which doesn't honor DNT settings, then the site should not honor the DNT settings either.
Examples of DNT Disclosures
Most websites include a simple DNT disclosure in their Privacy Policies. Following are some examples of DNT disclosures in the Privacy Policies of some popular websites.
It states that the company's websites do not support DNT settings and aren't participants of DNT frameworks that would allow them to respond to DNT signals. This simple statement meets the requirements of CalOPPA.
This DNT Policy states that they will honor their readers' DNT settings requests. While it's not necessary to include a separate DNT Policy, it does help ensure that your website visitors will be able to quickly and easily find out about your DNT practices.
If a website operates in California or attracts visitors from California and collects personal information, it is required by law to comply with CalOPPA. This includes complying with the DNT disclosure rule and letting your users know whether or not you respond to their DNT settings.
Remember, you don't have to honor DNT requests. You just have to disclose whether or not you do.