At the end of August, the Berlin Regional Court ruled:
“The defendant [LinkedIn] is ordered […] to refrain from […] informing consumers that a signal preset and sent in the consumer’s browser […] (“do-not-track signal”), is not considered an effective objection to such data processing […].”
(Translated by the author)
(See https://www.vzbv.de/sites/default/files/2023-10/23-10-10_Stn_vzbv_HKNRV_Gas_W%C3%A4rme_und_K%C3%A4lte_final_0.pdf, p. 1 f.)
Do Not Track (DNT for short) must therefore be understood as an objection in accordance with GDPR Art. 21 (5):
“In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.”
(Translated by the author)
This applies even though the DNT header never made it to the W3C standard (W3C stands for World Wide Web Consortium) and can now only be activated in a few browsers (such as Firefox).
For most websites, however, this is not really a problem because
- either they use services that require consent, such as Google Analytics, and are not allowed to process data without the explicit consent of the user anyway
- or they use privacy-friendly services that do not require consent by default, such as etracker Analytics, which generally observe DNT through privacy-friendly processing.
According to the W3C, which is behind the specification of the DNT header, the signal is used to reject tracking in the sense of:
“Tracking is the collection of data regarding a particular user’s activity across multiple distinct contexts and the retention, use, or sharing of data derived from that activity outside the context in which it occurred. A context is a set of resources that are controlled by the same party or jointly controlled by a set of parties.”
(Tracking Preference Expression (DNT) see https://www.w3.org/TR/tracking-dnt/)
When using etracker Analytics, the data is only provided to the website operator within its own context and is not merged for other purposes or with other data across websites. In this respect, data processing with etracker Analytics does not have to be specially adapted if users have activated DNT headers via their browser settings, as the rejected type of data processing does not take place anyway.
Only when using solutions such as Google Analytics would it be necessary to prevent or adapt data collection for DNT headers, as cross-website profiling, merging outside the context and use for Google’s own purposes takes place by default.
The browser manufacturer Mozilla formulates it similarly in its information on the “do not track” function:
“Most large websites track the behavior of their visitors and sell this data or pass it on to other companies. The data can be used to show you customized advertising, products or services. Firefox has a feature called Do Not Track, which allows you to tell any website, its advertisers and other content providers that you do not want your browsing behavior to be tracked.”
(Translated by the author)
(See: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen)
This also corresponds to Apple’s definition, which also does not use the term “tracking” as a generic generic term, but only for a specific form of data processing:
“Tracking refers to linking data collected from your app about a particular end-user or device, such as a user ID, device ID, or profile, with Third-Party Data for targeted advertising or advertising measurement purposes, or sharing data collected from your app about a particular end-user or device with a data broker.”
(See https://developer.apple.com/app-store/app-privacy-details/#user-tracking)
In the same way, the more recent browser signal from Global Privacy Control (GPC) is not directed against privacy-friendly web analysis, but explicitly against the sale of data (see https://globalprivacycontrol.org/.
In this respect, even after the latest ruling on DNT:
Do-not-track settings must be observed if data is collected across websites or made available to third parties.
etracker Analytics processes the data exclusively on behalf of the respective website operator. It is therefore not necessary to disable data collection when the do-not-track signal is transmitted.
This article does not constitute legal advice and cannot replace individual legal advice. We work closely with lawyers specializing in data protection and are happy to put you in direct contact for individual advice.