Privacy & Information Security Law Blog

On July 12, 2011, Stanford Law School’s Center for Internet and Society reported the preliminary results of tests conducted with experimental software designed to detect third-party tracking.  Over the months spent developing “a platform for measuring dynamic web content,” researchers at the Stanford Security Lab analyzed tracking on the websites of Network Advertising Initiative (“NAI”) participants by observing how cookies are altered when a user opts out of behavioral tracking on the NAI website, or enables Do Not Track.

According to the blog post by Stanford researcher Jonathan Mayer, preliminary tests produced the following results:

• Of the 75 NAI members’ websites surveyed, 64 of the sites contained tracking content (e.g., ads or beacons).
• At least two NAI members (Media6Degrees and BlueKai) are taking overt steps to respect Do Not Track.
• Over half of the tested sites left tracking cookies in place after even after a visitor opted out.  NAI member companies pledge to allow opting out of behavioral advertisement “targeting,” but not “tracking.”
• At least eight NAI members failed to comply with their promise to remove tracking cookies if a visitor opts out.  The researchers identified various violations of company privacy policies, including the failure to delete tracking cookies pursuant to an opt out, or the reinstallation of deleted tracking cookies after content is reloaded.
• At least ten NAI members do more than their privacy policies assert by removing their tracking cookies even though they only promise to stop behavioral ad targeting.

View our posts on the FTC's December 2010 report, which contemplated an enforceable Do Not Track mechanism, and the Congressional hearing on Do Not Track legislation.  We also reported on a lawsuit filed in August 2010 against an ad network for its online tracking practices.