Sept. 22--In early 2011, Mozilla added a do-not-track feature in its Firefox browser that allowed users to clearly state that they didn't want their online activities monitored by websites and advertisers.
Other browser vendors soon followed suit, including Microsoft, Apple and Google, seemingly handing consumers a simple way to protect their information that would persist no matter what new collection technology and techniques the industry invented.
But more than 2 1/2 years later, flipping on the option still offers scant protection for consumers. Not only can companies freely ignore it -- they don't even have to disclose whether or not they ignore it.
At least the latter, however, might soon change. A do-not-track transparency bill has landed on Gov. Jerry Brown's desk and indications suggest he will sign it before the looming deadline in mid-October.
AB370 passed unanimously in the California Assembly and was sponsored by the governor's political ally, Attorney General Kamala Harris.
If Brown signs the bill, introduced by Assemblyman Al Muratsuchi, D-Torrance (Los Angeles County), it's likely to be portrayed as a bigger victory for privacy than it actually is -- the latest indication of California boldly leading the way on online privacy.
It's not that. But it is a small and solid step forward.
Do not track ignored
The law amends an existing statute requiring online companies that collect personally identifiable information to "conspicuously post" their privacy policies.
Going forward, those policies would have to include how the sites respond to do not track requests or similar mechanisms. In another update -- that is only a decade or so overdue -- the site would also have to state whether or not third parties can collect identifiable information about users. Those parties include the dozens or even hundreds of ad networks like TribalFusion, Facebook's FBX and Google's AdSense that inconspicuously track activity across vast swaths of the Internet.
Strictly speaking, companies would only have to disclose this information to California residents, but since no business will be eager to craft and display varying policies for varying states, it would effectively serve as a national law (if not a global one).
To be clear, a real victory here would be to take the common sense step of requiring companies to abide by the explicitly stated privacy preferences of their users. But to date that goal has proven politically unpalatable, amid stiff ad and tech industry opposition.
A committee of the World Wide Web Consortium (W3C), an online standards body, has been working for years to create an agreeable definition of do not track. But the parties have failed to agree on both basic and complicated technical questions. Participants have peeled off in frustration in recent months and days, most recently including the Digital Advertising Alliance.
In contrast, the relevant trade groups are officially unopposed to AB370 -- though not in support of it.
That in itself -- the lack of usual hyperbole about the bill bringing down the online economy -- is the most obvious sign it doesn't do enough. But AB370 remains important for a few reasons.
First: While it is abundantly clear that few consumers carefully read the privacy policies of the sites and apps they use, tech journalists and privacy advocates do. So you can be sure that if this law goes into effect, stories will follow emphasizing that big reputable companies have made the conscious decision to ignore the wishes of their users.
I certainly look forward to writing some.
"Information on who does what will move into the public eye," said Joanne McNabb, director of privacy education and policy in the California Attorney General's office. "The goal is to bring the largely invisible practice of online tracking more into the light."
Over time, that sort of public shaming could put pressure on corporate practices. Maybe.