The debate around "Do Not Track" has been going on since 2009 and it's a doozy. Most people don't know about it but, if they did, there might well be an outcry. I'm about to do my part.
You probably interact with this tracking all the time without knowing. Say you're shopping for something and you notice that, magically, much of your information is filled in when you go to check out. The site remembers you because it has installed a small piece of software, called a "cookie", on your computer with that information or some identifier that allows the site to search your info on its database. If you want that convenience, it's there.
But so is the threat because that type of tracking (called "simple" or "party-to-party" tracking) has a companion protocol called "third-party tracking" and that ugly piece of surveillance works like this. You go to a website with a graphic (maybe a photo or ad... you've seen them). That graphic is actually on some other website -- not the one you're visiting -- and can be loaded with code that installs another cookie on your computer, which transmits information about where you're going and what you're doing to whoever installed it. This is one of the Internet's most common forms of surveillance and one few people really know about.
Your entire web session is recorded in detail by a company (or organization) you might not know exists. What's more, that company can do whatever it wants with that data and never report what it did to anyone, especially you.
The answer is "nobody"; the addendum is "but it doesn't matter". There are no rules governing tracking on the Internet.
Last week, the problem was put on display as the W3C "standards committee" continued to limp to a definitive standard, 18 months behind schedule.
The W3C (short for World-Wide-Web Consortium) is as close as we come to a world "authority" on web-browser standards. With nearly 400 members, the Consortium (founded by Sir Tim Berners-Lee, generally considered the "first developer" of the World Wide Web) meets and develops "standards" for browsers. In short, what are browsers maximally allowed to do and what do they minimally have to do?
All of this is pretty much regulated. That's why browsers, try as they might to be "unique", do pretty much the same thing. If they didn't, we couldn't have a World Wide Web.
In 2009, at the urging of privacy advocates, the Consortium took on the issue of tracking and promised strong standards to regulate it. The problem is that W3C members are heavily weighted toward companies and many of those companies don't want a lot of regulation on tracking. So they've slowed the process down, through amendments and tactics worthy of the U.S. Congress, and we still don't have standards. A browser can still literally do whatever it wants in tracking you and that, up to now, hasn't changed. Many experts believe it won't.
Even those who trust that standards will be set acknowledge that industry reps have watered things down considerably. In fact, the latest standards proposal includes several pretty horrible points:
* The current default settings stay the same, giving advertisers and trackers complete freedom to collect and use any information they like in any way they want and never telling you that they're doing it or how.
* First-party (or party-to-party) tracking is completely permitted. You can't turn it off: an actual retrenchment from current standards.