TRUSTe To Develop Guidelines For Whitelisting Sites On New Disconnect Mobile App

iOS Mobile App to block malvertising from Disconnect Mobile.Android Mobile App to block malvertising from Disconnect Mobile.

Earlier today, Disconnect launched the first mobile app to block malvertising –and confirmed that the app is available for iOS and Android after an initial ban by Google caused public outcry.

Malvertising is a major cause of identity theft and is impossible for consumers to identify because malicious tracking and malware often looks like a normal advertisement or website.  Many consumers also do not realize that just visiting a webpage containing malvertising, without even clicking anything, can put them at risk.

“Disconnect Mobile offers unique threat protection at the network request level, so that users are protected across all their apps and mobile browsers.” said Disconnect’s CTO Patrick Jackson, a former NSA engineer. Disconnect Mobile works by blocking more than 5,000 tracking services and suspected malware sites from connecting to a user’s device.

A temporary ban on the app by Google earlier this month citing “interference with other services” led to hundreds of media reports and an uproar on social media. Disconnect resubmitted their app to make it clear that they are not an adblocker and are focused on protecting consumer privacy and Disconnect Mobile is again available for install in the Play Store, as well as iTunes.

Although Google has not specifically responded to requests for more information, industry consensus is that Disconnect Mobile was suspended because it was mistaken for an ad blocker. “We are not an ad blocker and we are not at all opposed to advertising,” says Disconnect COO Gus Warren. “But we are 100% opposed to ads that threaten consumer privacy and security. We are committed to un-blocking any companies on our filter lists who we verify respect consumer safety and privacy.”

At TRUSTe we’re delighted to be working with Disconnect to develop transparent guidelines for whitelisting sites on Disconnect Mobile and rewarding businesses with legitimate websites and apps for their commitment to consumer privacy. This collaboration is a follow up to our successful launch in June of Privacy Icons software that helps people quickly understand how websites handle their data.



September Monthly Spotlight

  • September 4

EU Cookie Inspections: Are You Ready?


There has been significant focus on the EU Cookie Directive ever since the announcement of a “Cookie Sweep” to determine compliance levels with cookie regulations across the EU in mid-September.

Since the Directive has been implemented in different ways across the EU, many companies need guidance to gain an understanding of their obligations under European privacy laws. On September 4th, TRUSTe will join experts from the CNIL and Fieldfisher to present an in-depth look at how businesses should plan for these cookie inspections in part II of the webinar series titled EU Cookie Inspections: Are You Ready? Register for this webinar here. 

If you missed part I of the series, EU Cookie Directive: Key Steps to Compliance, view the recording here.

Read the rest of this entry »


Why Are Social Media Experiments Considered An Invasion of Privacy?

Social media experiments and privacy – TRUSTe

By Dave Deasy, VP of Marketing, TRUSTe

This article was first published in MediaPost on 8/20/14

Social media is very personal. We all use it differently—which reflects the real world…we all socialize in different ways. But when news broke of social media experiments by popular channels, users were outraged.

But why is our expectation of privacy so high on the very channels where we share the most?

Facebook’s 2012 experiment tested nearly 700,000 users’ emotional responses to their news feeds, to vet a theory on the transferability of mood. Facebook manipulated users’ news feeds to show them content that was either predominately negative or positive, analyzing users’ emotional responses by examining verbiage and frequency in their own status updates. Soon after, OKCupid admitted it had also experimented on users. To test users’ response to its match algorithm, OKCupid falsified its “match” data—pairs who were a low match (30%) were shown as a strong match (90%), and vice versa.

Read the rest of this entry »


TRUSTe Attends APEC Privacy Meeting in Beijing

TRUSTe attends the APEC privacy event at Beijing.

Earlier this month, TRUSTe CEO Chris Babel participated in the APEC Data Privacy Subgroup (DPS) and Electronic Committee Steering Group (ECSG) meeting in Beijing to discuss the implementation of the APEC Cross-Border Privacy Rules (CBPR) system and cross-border interoperability and ways to speed up uptake among APEC Member Economies and businesses.

TRUSTe continues to remain involved in the discussions around the compatibility of frameworks which address cross border data flows between the APEC Member Economies and the United States.  Currently three APEC Member Economies participate in the CBPR system, the United States, Mexico and Japan, with Canada having formally submitted its notice of intent to participate in the system. As an Accountability Agent, TRUSTe reviews, certifies, monitors and enforces the privacy practices of participating companies to ensure compliance with the CBPR system.  Within the past year, TRUSTe has certified six companies under its APEC Privacy certification program that is based on the CBPR system with 14 additional companies in the process of being certified.

A few highlights from the meeting include:

  • Cross-Border Privacy Rules for Processors – currently the CBPR system applies only to data controllers and APEC is developing a set of standards for data processors that would complement the CBPR system.
  • APEC CBPR System and EU Binding Corporate Rules Next Steps – earlier this year, APEC and Article 29 Working Party released the Referential to map APEC CBPRs to EU BCRs and the discussion in Beijing focused on next steps towards interoperability based on case studies which address real issues companies are faced with as they pursue approval under both systems. It was determined that additional documentation and checklists would prove as a valuable resource as companies apply for approval and certification under both systems.
  • 10-Year Stocktake of APEC Privacy Framework – the DPS agreed that a working group led by Australia would consider proposals for updates to the APEC Privacy Framework to ensure that it remains relevant as the market evolves with innovations in technology.
  • ECSG Workshop – topics of discussion during the one-day workshop included: advancements in technology and business models that drive economic growth and the regulatory frameworks that can support them, organizational accountability and implementing an organizational compliance framework.

For more information about the TRUSTe APEC Privacy program, please visit


Webinar on Key Steps to EU Cookie Directive Compliance

Webinar from TRUSTe on overview of EU Cookie Directive.

With the EU “Cookie Sweep” quickly approaching, TRUSTe is helping businesses ensure compliance with the EU Cookie Directive with a 2-part webinar series titled EU Cookie Sweep: Are You Compliant?

Earlier this week, TRUSTe and Promontory hosted part I of the series, EU Cookie Directive: Key Steps to Compliance. This session provided attendees with an overview of the EU Cookie Directive and outlined steps businesses need to take to stay cookie compliant and win the trust of European customers. Watch the recording of this webinar below:

Part II of the series, EU Cookie Inspections: Are You Ready? will feature speakers from TRUSTe, Fieldfisher and the CNIL and will provide an in-depth look at how businesses should plan for CNIL’s Cookie Inspections. Register now for this session on Thursday, September 4th.


Mobile Shopping Apps Lack Transparency in Data Collection Practices

Federal Trade Commission (FTC) report on consumer privacy of mobile shopping apps.

In today’s digital age, consumers have access to a whole new shopping experience at their finger tips via mobile apps. These apps provide obvious benefits to consumers, such as real-time price comparisons, alerts for deals from their favorite retailers, as well as easy checkout methods straight from swiping their phone at the counter. With 58% of U.S. adults owning a smartphone (as of January 2014), the possibilities are endless for retailers looking to take advantage. However, there are still precautions businesses must take to make sure they demonstrate transparency with the user data being collected from these apps.

According to a recent Federal Trade Commission (FTC) report, these apps often failed to provide information that is important to consumers concerning privacy of data collected, liabilities, and payment disputes. Although nearly all apps linked to privacy policies, these policies used vague language which stated the company’s rights to collect, use and share consumer data –making it difficult for consumers to understand how their data was actually being used.

To address this concern, the report provides various recommendations for companies to enhance consumer privacy practices with their mobile apps, including:

  • Clarity & Transparency: Apps should more clearly describe how they collect, use, and share consumer data – this gives consumers the choice to evaluate and compare apps based on how their data is handled.
  • Safe & Secure Payments: companies need to disclose consumers’ rights and liability limits for unauthorized or fraudulent transactions.  
  • Honor & Implement Data Security Practices: App developers should implement strong protections for the data being collected, and companies should honors those commitments to stated security practices.

The report also urges consumers to be more proactive and aware by seeking out this information themselves before downloading an app.

Since nearly 8/10 consumers won’t download an app they don’t trust, businesses need to show customers that they are committed to mobile app privacy best practices. Earn your customer’s trust and stay compliant through our TRUSTed Apps Privacy Certification program.


TRUSTe Named to 2014 OTA Email Integrity Honor Roll

Today, the Online Trust Alliance (OTA) announced the results of its 2014 Email Integrity Audit report and TRUSTe was identified as one of the select few companies that provides adequate email security measures to help businesses protect their brands and consumers from receiving fraudulent email.

Being named to the 2014 Honor Roll is a significant achievement as the report revealed 91.7 percent of businesses and government agencies fail to follow adequate steps and adopt email authentication protocols to help consumers identify if emails are genuine or fraudulent.

“TRUSTe continues to show leadership in privacy practices which helps to enhance online trust and promote market innovation,” said Crag Spiezle, Executive Director and President Online Trust Alliance.

The 2014 Report also includes the OTA Email Trust Scorecard, which measures the adoption of the three email authentication protocols: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC). The Scorecard provided interesting insight on the organizations adopting email security best practices – of the companies passing the OTA Email Trust Scorecard:

  • 28 percent of the top 50 social media companies
  • 17 percent of the top 100 financial services companies
  • 14 percent of the top 100 Internet retail companies
  • 6 percent of the top 50 news companies
  • 6 percent of the top 500 Internet retailers
  • 4 percent of the top 50 U.S. government agencies

Visit here to learn more about the in-depth review of email security best practices and 2014 Email Integrity Honor Roll.


EU Regulatory Update: Dutch Cookie Rules Enforced

By Saira Nayak, Director of Policy, TRUSTe

The last few weeks have seen a renewed focus on the EU’s Cookie Laws with news that European Data Protection Authorities are introducing a “Cookies Sweep Day” initiative in September to review compliance with the EU Cookie Directive.  And in October, France’s CNIL will conduct cookie and website audits (more details in this Hogan Lovells blog post).

We also continue to see stepped up enforcement of cookie laws by EU regulators.

Last week, the ACM or Dutch Authority for Consumers and Markets (formerly the OPTA), concluded that the Dutch Foundation for Public Broadcasting violated the requirements of notice and “prior express consent” under the Dutch cookie law.   Also – and importantly – the ACM‘s decision found that implied consent could not be presumed from use of a website.  The ACM ruling interpreting Dutch law is in sharp contrast to other countries such as France, where the CNIL’s guidance specifically provides for implied consent in cases where the user continues to use the site.

Read the rest of this entry »

Older posts «

» Newer posts