Support for enforcement of a do-not-track option in browsers has been gathering steam. Such an option presents a simple method for consumers to protect their privacy. The problem is how to enforce this choice. The Federal Trade Commission (FTC) could enforce a do-not-track option in a consumer browser under its section 5 powers. The FTC, however, currently appears to lack the political will to do so. Moreover, the FTC cannot follow the model of its successful do-not-call list since the majority of Internet service providers (ISPs) assign Internet addresses dynamically — telephone numbers do not change, whereas Internet protocol (IP) addresses may vary.
This Article explores whether, as a matter of contract law, a browser do-not-track option is enforceable against a corporation, and concludes that it is. The emerging standard of online consent has been whether a party proceeds with a transaction after the counterparty informs the party of the terms of the contract. Adhesion contracts in electronic contexts have bound consumers for over a quarter century in precisely this manner.
This Article argues that what applies to consumers should apply to corporations. When a consumer expresses her preference, in the very first exchange between the consumer and corporate computers, for the corporation not to track her information, the company is free to refuse the transaction if it does not wish to continue on the consumer’s terms. This Article therefore proceeds in three broad parts. Part I introduces the current methods of corporate surveillance of consumers, which have reached dizzying heights. Part II discusses the law of e-commercial and mass-market contracts, which courts have held to bind consumers even on the merest fig leaf of a legal theory of consent. Part III proposes a solution: the answer is not to continue making consumers read more privacy policies on various websites, but instead to enforce the simple preferences that the consumer expresses once.