Chris Babel
CEO | TRUSTe

Image Credit

We started 2012 out with a bang, moving into new offices (stop by if you happen to be in the Moscone Center or Union Square area) and announcing our $15 million Series C funding led by Baseline Ventures and supported by existing investors Accel, DAG and Jafco. This investment will allow us to build on the substantial momentum we achieved in 2011, as we continue to expand our privacy management solutions into new markets in 2012. In 2011 we enjoyed phenomenal growth on all fronts, with record sales, new product launches, and an employee headcount that nearly doubled. We’ve got lots of new faces hard at work on new data privacy challenges and we look forward to bringing more innovative technologies and certifications to market in 2012. This past year has proven beyond a doubt that the demand for privacy management solutions is strong and all indications point toward even more demand in the years ahead.

This Saturday we celebrate Data Privacy Day, an international holiday to raise awareness and promote privacy education. When I reflect on the state of the internet today I am struck by the complexities of the online privacy and security ecosystem compared to ten years ago. The proliferation of data collection channels and mechanisms – from iPhone apps to Flash cookies – has produced a fire hose stream of information that has given rise to “big data” and other data management challenges. Big data is fast becoming one of the most important assets to businesses for its ability to deliver optimized and personalized products, services and advertising. These data sets are so immense, and managed and touched by so many different parties, that they have created entirely new privacy management challenges on an international scale. Read the rest of this entry »

Chris Babel
CEO | TRUSTe

The new EU privacy directive (a.k.a. the “Cookie Directive”) has more than a few executives concerned over how to comply and protect their brand in Europe. While there has been a lot of industry debate over compliance technologies and mechanisms – as well as the requirements of the Directive itself, brands would be unwise to conclude that because there is ambiguity and uncertainty a “wait and see” approach is best. That time has come and passed. Enough member states have enacted the Directive and indicated they will begin enforcement in 2012 that companies must act now.

TRUSTe believes that an optimal compliance strategy is one that takes into consideration the differences that exist across cultures and is sufficiently flexible to address these differences.  TRUSTe has successfully deployed opt-out solutions across the US and Europe.  At the request of certain clients, we are also developing an opt-in solution which meets the needs of all constituents – consumers, regulators, and businesses. Our decade of international regulatory experience has taught us that a one-size-fits-all approach to privacy is problematic. Europe, with its fragmented politics and diverse approaches to data protection, is a perfect example to apply this lesson.

As of January 2012, eight of the twenty-seven EU member countries have implemented national legislation enacting an EU privacy directive requiring opt-in choice for online behavioral advertising. While opt-out based approaches currently exist in some member countries, a European privacy management strategy would be remiss to not also retain a working opt-in solution.  Companies must prepare for a scenario where regulators take a hard-line, opt-in-only enforcement approach in one or more of the twenty-seven EU member countries.

While there is ambiguity over enforcement plans for the directive, there is no ambiguity over its requirements. The directive clearly prohibits placing tracking files on consumer devices without the consumer’s informed consent (with certain exceptions). In a December 2011 opinion, the Article 29 Working Party, who advises the European Commission, confirmed that the current American opt-out approach overseen by the DAA does not satisfy the directive requirements – since tracking file placement and data collection activity occur regardless of consumer opt-outs. The Working Party members consist of representatives from the data protection authorities of each EU member country and it is these authorities that will ultimately enforce the directive.

While the directive enforcement plans of each EU member country remain ambiguous and largely undefined, it is highly unlikely that all member countries will adopt a uniform enforcement interpretation. Browser-based Do Not Track implementations may become acceptable compliance tools, dependent on the outcome of the standards work of the World Wide Web Consortium (W3C). TRUSTe recommends that companies immediately undertake an audit of all tracking technologies on their properties and implement robust opt-out solutions across Europe. Companies should also be prepared to pursue workable opt-in solutions to enable a comprehensive and flexible compliance strategy that will protect their brand from unacceptable levels of risk in Europe.

Matthew Shevach
Director, Product Marketing | TRUSTe
@matthewshevach

A screenshot of the new DAA website

The Digital Advertising Alliance (DAA), a self-regulatory body of the online advertising industry, has launched a new ad campaign and consumer facing website. The new campaign, titled ‘Your AdChoices’, is a public education campaign that will run across media channels with creative produced pro bono by the Salt Lake City office of MRM.   The campaign focuses on highlighting the consumer benefits of behavioral advertising and educating consumers on how they take control of their own online advertising preferences.

An example of an ad for the new DAA campaign

TRUSTe is a partner of the DAA and is also the leading provider of compliance technology for their self-regulatory program (through our TRUSTed Ads platform). To further educate consumers on issues of online advertising and privacy we have launched an interactive page providing information on the inner workings of behavioral advertising and consumer privacy choices. Google also recently launched its ‘Good to Know’ campaign that will place ads in U.S. newspapers, magazines, and public spaces to educate consumers on how to protect their personal information online. Campaigns like these will help drive consumer awareness understanding of the online advertising space and help them make informed choices about sharing and protecting their online privacy. Read the rest of this entry »

John Gamble
Marketing Associate | TRUSTe
@johnaddison

On Monday, the Digital Advertising Alliance (DAA) released new principles amending its Self-Regulatory Program for Online Behavioral Advertising (OBA). This move comes on the heels of criticism from consumer interests groups and the FTC, who have taken issue with data collection activities that persist despite consumer opt-outs.  These new DAA “Self-Regulatory Principles for Multi-site Data” govern data collection and use that occurs outside of behavioral advertising activities.  More specifically, they address “multi-site data”, which is data collected about a user over time and across non-affiliate websites.  You should know these five things about the new principles:

1. You’ve got (some) time to comply
The DAA has announced that these new principles are “intended to be implemented in 2012”. No hard deadline has been set, but it’s reasonable to expect that they will begin enforcing them in early 2012 since they already have accountability mechanisms up and running.

2. You’ll need notice and choice for multi-site data collection
If you’re a third-party or service provider who collects or shares multi-site data for purposes other than OBA, then you too will need to offer consumers privacy notice and choice. Exceptions are made only when this data is used for systems management, market research, product development, or where it is de-identified.

3. You can’t collect or use multi-site data to make employment, health care, credit or insurance decisions
If you share multi-site data with a partner or third-party, however, and they use it to make such decisions you will not be held liable, provided you have a reasonable basis for believing they would not use the data in this way.Having trust in your data partners’ integrity will become increasingly important. Read the rest of this entry »