Skip to content
etracker
Start now

“Do-Not-Track” is not dead

Blog
3 Minutes Reading time

by Katrin Nebermann

At the end of August, the Berlin Regional Court ruled:

“The defendant [LinkedIn] is ordered […] to refrain from […] informing consumers that a signal preset and sent in the consumer’s browser […] (“do-not-track signal”) is not considered an effective objection to such data processing […].”

(See %C3%%C3% p. 1 f.)

Do Not Track (DNT for short) must therefore be implemented in accordance with GDPR Art. 21 para. 5 be understood as a contradiction:

“In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.”

This is true even though the DNT header never made it to the W3C standard (W3C stands for World Wide Web Consortium) and can now only be activated in a few browsers (such as Firefox).

However, this is not really a problem for most websites, because

  • either they use services that require consent, such as Google Analytics, and are not allowed to process data without the explicit consent of users anyway
  • or they use data protection-friendly services that do not require consent by default, such as etracker Analytics, which generally observe DNT through data protection-friendly processing.

According to the W3C, which is behind the specification of the DNT header, the signal is used to reject tracking in the sense of:

“Tracking is the collection of data about the activities of a particular user in different contexts and the storage, use or disclosure of data derived from those activities outside the context in which they took place. A context is a set of resources controlled by the same party or jointly controlled by multiple parties.”

(Tracking Preference Expression (DNT) see https://www.w3.org/TR/tracking-dnt/; translated by deepL)

When etracker Analytics is used, the data is only provided to the website operator within its own context and is not merged for other purposes or with other data across websites. In this respect, data processing with etracker Analytics does not have to be specially adapted if users have activated DNT headers via their browser settings, as the rejected type of data processing does not take place anyway.

Only when using solutions such as Google Analytics would it be necessary to prevent or adapt data collection for DNT headers, as cross-website profiling, merging outside the context and use for Google’s own purposes takes place as standard.

The browser manufacturer Mozilla formulates it similarly in its information on the “do not track” function:

“Most large websites track the behavior of their visitors and then sell this data or pass it on to other companies. The data can be used to show you customized advertising, products or services. Firefox has a feature called Do Not Track, which allows you to tell any website, its advertisers and other content providers that you do not want your browsing behavior to be tracked.”

(See: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen)

This also corresponds to Apple’s definition, which also does not use the term “tracking” as a generic generic term, but only for a specific form of data processing:

“‘Tracking’ refers to linking data collected by your app about a specific end user or device, such as a user ID, device ID, or profile, with third-party data for targeted advertising or ad measurement, or sharing data collected by your app about a specific end user or device with a data broker.”

(See https://deve loper.apple.com/app-store/app-privacy-details/#user-tracking)

In the same way, the more recent browser signal from Global Privacy Control (GPC) is not directed against privacy-friendly web analysis, but explicitly against the sale of data (see https://globalprivacycontrol.org/).

In this respect, even after the latest ruling on DNT:

Do-not-track settings must be observed if data is collected across websites or made available to third parties.

etracker Analytics processes the data exclusively on behalf of the respective website operator. It is therefore not necessary to stop data acquisition when the Do-Not-Track signal is transmitted.

This article does not constitute legal advice and cannot replace individual legal advice. We work closely with lawyers specializing in data protection and are happy to establish direct contact for individual consultations.

More on the topic
Alle Beiträge