OMB is considering a three-tiered approach to use web tracking technologies on federal government websites.
According to a blog written by Federal CIO Vivek Kundra and Michael Fitzpatrick, associate administrator of OMB's Office of Information and Regulatory Affairs, the three tiers are:
"We expect that there would be more stringent restrictions or review of the technologies within the tiers that might have higher privacy risks," Fitzpatrick and Kundra, who's official title is OMB administrator of e-government and IT, wrote on the blog posted on the website of the White House Office of Science and Technology Policy.
Last month, in another blog, the two OMB officials outlined ways to enhance citizen participation in government through basic policy changes, including revisions to the current policy cookies.
"We heard a lot of informal comments on that blog, so we decided to pursue the more formal comment route through the Federal Register," they wrote. "The goal of this review is to develop a new policy that allows the federal government to continue to protect the privacy of people who visit federal websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics."
In 2000, during the waning days of the Clinton administration, the OMB director issued a memorandum to ban federal agencies from using certain web-tracking technologies, primarily persistent cookies, due to privacy concerns, unless the agency head approved of these technologies because of a compelling need. "In the ensuing time," the two OMB officials wrote in their most recent blog, "cookies have become a staple of most commercial websites with widespread public acceptance of their use. For example, every time you use a 'shopping cart' at an online store, or have a website remember customized settings and preferences, cookies are being used."
Under the framework OMB is exploring, any federal agency using web tracking technologies on a government website would be subject to basic principles governing the use of such technologies and would be required to:
- Adhere to all existing laws and policies (including those designed to protect privacy) governing the collection, use, retention, and safeguarding of any data gathered from users;
- Post clear and conspicuous notice on the website of the use of web tracking technologies;
- Provide a clear and understandable means for a user to opt-out of being tracked; and
- Not discriminate against those users who decide to opt-out, in terms of their access to information.