May 17 2016

Privacy Risk Summit Preview: Cross Device Tracking

Privacy Risk Summit 2016

A topic on the tips of advertisers’ and marketers’ tongues these days is “cross-device tracking,” a unique method of digital advertising that is viewed within the data, analytics and marketing spaces as a game-changer. TRUSTe’s Privacy Risk Summit (Wednesday, June 8th in San Francisco) will feature a panel of industry-leaders devoted to the latest on this subject. In advance of the Summit, Darren Abernethy, Privacy Solutions Manager at TRUSTe offers a brief introduction to cross-device tracking methodologies and some of the cutting edge privacy issues upon which they touch.

What Is Cross-Device Tracking?

 Cross-device tracking is the umbrella term for different techniques used to serve target ads to an individual user on a user’s multiple devices so that messages can be better tailored to the right individual at the right moment. The ads and promotions served to the user across devices, channels and platforms are more effective (i.e., more likely to be engaged with or lead to conversions) because they are informed by that user’s previous interactions on all of the devices, not merely the device or browser currently in use. Cross-device tracking also allows for better “attribution” or the ability to understand purchases, behavior and intent.

How does this work in practice?

As one oversimplified example, a unique user could browse for a particular book on her mobile phone during breakfast, later at the office on her work laptop put a copy of the book into an online retailer’s shopping cart but not purchase it, and then back at home that evening she may receive an advertisement on her personal desktop computer’s browser for other books by that author or even a discount promo code at the retailer’s site where she almost made the afternoon purchase.

This type of connecting the dots to identify and reach a single user across devices is accomplished through two primary methods.

Deterministic and Probabilistic Linking

The first method is deterministic linking (DL), whereby a user self-identifies to a service, such as by logging in, which directly confirms that the multiple devices in use belongs to the same user. Accordingly, if a user logs onto a particular social media site on a smart watch, tablet, mobile app or computer web browser, then any user data collected (clicks, likes, visits, 1st party cookie data, and data from 3rd party websites on which the social media service has widgets/portals) becomes part of that user’s broader “profile,” and can be used to target ads to that user on any device or platform.

The second method is probabilistic linking (PL), whereby statistical modeling, algorithms and/or predictive pattern recognition is applied to a variety of digital technical parameters to infer links between devices. Firms in the PL space often partner with online publishers or ad exchanges and monitor ad request traits such as IP address, device type, geolocation, time of day usage patterns, and installed browser fonts, then correlate that information with other data sources and use proprietary processing to build device graphs that, over time and in the aggregate, can link multiple device, cookie, and mobile IDs to a common user, who is assigned an anonymous identifier.

Privacy Considerations with Cross-Device Tracking

The use of cross-device tracking is a response to consumers’ more fragmented options for accessing the Internet now compared to two decades ago, as well as the inherent limitations of delicate, mobile-deficient and browser-specific cookies traditionally utilized in online behavioral advertising. But does this new means of crossing data streams to gain a holistic view of a consumer along the entire path to purchase give rise to issues for privacy-conscious consumers and businesses?

For instance, can these techniques lead to the collection of unnecessary or superfluous data, at odds with the generally recognized privacy principle of data minimization? Can they lead to the possible triggering of unintended legal regimes, or erroneous inferences that lead to bad ad spend? Should different privacy approaches be utilized for DL versus PL? Is it technically feasible for the industries involved to build an omnibus opt-out mechanism that can be honored across all devices and platforms?

For insights and analyses of these issues and more, including benefits for businesses and consumers and current self-regulatory approaches, be sure to check out our exciting panel at next month’s TRUSTe Privacy Risk Summit. The panel will include perspectives from the brand/advertiser, technology development and product design, go-to-market strategy and of course, privacy and legal challenges. The panel will be moderated by Andy Dale, Senior Counsel at DataXu an advertising technology company engaging in cross-device campaigns. In Andy’s words: “cross-device technology is really about understanding the customer journey and this technology is powerful but needs to be harnessed and utilized within a privacy framework which allows users an ability to understand the practice and make meaningful, choices”.




May 12 2016

TRUSTe Assessment Manager Wins 2016 Legaltech News Innovation Award

Screenshot 2016-06-26 08.55.59

Dave Deasy, SVP Marketing (center) accepting the award on behalf of TRUSTe  (Photo credit: Jason Doiy)

We’re excited to announce that TRUSTe Assessment Manager has been named a 2016 Legaltech Innovation Award Winner for Risk Management. The annual Innovation Award program now in its 15th year, recognizes the best in legal technology leaders, products, and projects across the legal community.

TRUSTe Assessment Manager transforms how legal departments assess, analyze, and remediate global data privacy management risks. It was purpose built for privacy teams and developed with the input of global businesses and legal professionals spanning a range of industries. The first dedicated SaaS privacy assessment solution in the market. Assessment Manager brings the benefits of automation to the privacy industry. Previously legal teams relied on manual tools such as spreadsheets, email or retrofitted GRC systems to address the unique nuances of privacy risk management.

TRUSTe Assessment Manager comes pre-loaded with over a dozen templates to address popular use cases, including the EU General Data Protection Regulation, Vendor Risk Management, Breach Notification, and Privacy Impact Assessments.  The Platform is used by hundreds of companies either directly or with assistance from TRUSTe Global Privacy Services team across all industries including pharma, healthcare, technology, and consumer products organizations

Nominations for the Legaltech News Innovation Awards, were made by the publication’s more than 40,000 readers; and a panel of judges comprised of Legaltech News and The Recorder editors selected the winners from hundreds of candidates.




May 11 2016

TRUSTe-EDAA Ads Research Shortlisted for IAB Europe Research Award

Screenshot 2016-05-08 09.35.59

The European Advertising Consumer Research Index 2015 provides a comprehensive picture of attitudes and awareness of the European Self-Regulatory Programme for Online Behavioural Advertising (OBA) across 13 European countries surveyed. The study was conducted by Ipsos MORI, on behalf of TRUSTe and the EDAA from 21 October – 13 November 2015 with over 13,000 online adults.

We’re delighted that this joint TRUSTe-EDAA research has been shortlisted for the best use of Research Budget. The IAB Europe Research Awards are now in their sixth year and represent industry recognition for innovative research projects and the contribution they have made to the development of the digital advertising industry.

Winners of the eight categories will be announced at the gala dinner during IAB Europe’s Interact conference tomorrow (12th May) in Lisbon, Portugal. The winning projects will form part of IAB Europe’s expanding libraries of best practice for industry professionals to use in their strategies and daily work.

The finalists were selected from over 130 entries by a Jury consisting of Nick Hiddleston, Research Director Worldwide at ZenithOptimedia and Chairman of the Jury, Paul Hardcastle, Research Director, EMEA at Yahoo!, Ariane Längsfeld, Client Manager – Media & Digital at Millward Brown, Pawel Kolenda, Research Director at IAB Poland and Tuncay Yavuz, IAB Turkey Board Member, Head of Technical Committee on Measurement and Digital Director at OMD Turkey.

Read the full research report here.


May 10 2016

Xiaomi Partners with TRUSTe for Privacy Assessment Technology and Certification Services


Xiaomi, the Beijing-based leader in smartphone, electronics and services, is the latest global company to choose the TRUSTe Assessment Manager platform to bring increased efficiencies and scale to their privacy program. Xiaomi will use the platform to perform ongoing Privacy Assessments and PIAs for the MUIU operating system and other services in the quest to bring Privacy by Design into the mobile architecture and product set.

Under the partnership TRUSTe has also assessed and certified that Xiaomi’s mobile operating system MIUI (and its native apps), cloud services and e-commerce websites all abide by TRUSTe’s privacy standards. The company has had a full review of its privacy practices and worked to ensure all mobile applications that collect sensitive information are encrypted, that all payment pages have the proper encryption to protect users’ sensitive information and application permissions are limited to only what was needed to operate on a user’s device.

The certification process helps to ensure Xiaomi is transparent and accountable to the practices outlined in the company’s privacy statement. TRUSTe Assessment Manager enables Xiaomi to maintain these privacy commitments, demonstrate compliance and assess the privacy impact of new product releases. This will simplify the process of maintaining the certification going forward and help Xiaomi achieve various global compliance targets efficiently.

“With this privacy certification, Xiaomi is demonstrating our deep concern for user privacy,” said Baoqiu Cui, Chief Architect at Xiaomi. “User privacy is always our top priority, and the Privacy by Design approach has been incorporated into our product design process. As of today MIUI has over 200 million users, and our e-commerce website has even more. Getting both MIUI and the e-commerce website certified is a huge milestone, not only for the company, but also for our users. With the TRUSTe certification, our users have even greater peace-of-mind knowing their data is well protected.”

“TRUSTe Assessment Manager and Privacy Impact Assessment process can help us meet our privacy compliance requirements much more efficiently. Efficiency is very important for a fast growing product like MIUI, whose developer’s build is released every week and stable build is released every month.” said Baoqiu.

Read further details in our press release here

May 10 2016

IAPP GDPR Assessment Reaches 500 Users in First Month

Screenshot 2016-03-30 21.15.02

Since IAPP and TRUSTe launched the IAPP GDPR Readiness Assessment at the Global Privacy Summit in DC last month over 500 users have registered for an assessment account showing the extent of the demand for online tools to help companies prepare to meet the requirements of the new European General Data Protection Regulation (GDPR).

The IAPP GDPR Readiness Assessment is available via a special single user version of TRUSTe Assessment Manager created for IAPP members. The assessment consists of more than 60 questions mapped to key requirements of the GDPR and has been updated to reflect the final text published on April 6. On completion of the assessment, users are provided with a gap analysis report summarizing their responses along with recommended remediation steps for any areas that are not consistent with the GDPR requirements.

The GDPR Readiness Assessment is easy to implement, with no software to download and IAPP members can activate their free account at

To find out more about TRUSTe Assessment Manager click here.



May 09 2016

Awareness of DAA AdChoices Icon Rises to 42%

DAA AdChoices IconNew research findings published today, show consumer concern over online tracking for targeted ads has fallen from 65% to 61% over the last year and awareness of the DAA AdChoices icon, has risen to 42% – five points higher than last year (37%). These latest stats show the sustained growth and success of the DAA program but also what’s at stake for the digital publishing industry as 28% report they had used adblocking software in the month prior to the survey.

As consumers become more aware of how they can control the types of ads they see, they are more likely to feel positive about online behavioral advertising in general. Almost 2 in 5 (39%) said the information available through the AdChoices Icon, along with the option of opting out of OBA, would make them feel more positive about the concept of targeted ads. These findings are based on data from an online survey conducted by Ipsos, commissioned by TRUSTe, with 1,000 adults aged 18-75 in the US from December 17-22, 2015. Tracking data is available for the previous four years.

According to the survey, the business impact of consumers’ privacy concerns remains high with 89 percent avoiding doing business with companies they don’t believe protect their privacy and 74 percent of those who worry about their privacy online limiting their online activity in the last 12 months due to their concerns. Of those who worried about their privacy online, 51% did not click on an online ad in the last 12 months – the most common action taken due to privacy concerns.

The DAA program covers online, mobile and video ads and was developed in conjunction with the advertising industry to provide users with more control over their online ad experience and the option to opt-out of personal targeting without blocking ads altogether. Later this week, TRUSTe CEO Chris Babel will be speaking on a Publishers’ Roundtable titled “The Increasingly ‘Relevant’ Ad-Financed Business Model” at the Digital Advertising Alliance 2016 Summit from May 12-13.

Find out more about TRUSTe’s Ad Compliance Manager technology solution here.

May 02 2016

May Spotlight: TRUSTe Speaking at Events in Toronto, LA and London

Screenshot 2016-04-30 09.57.18IAPP Canada Privacy Symposium 2016

May 11 – May 12


The privacy landscape is changing at breakneck speed, and your job is becoming more complex by the day. Boasting exceptional education, unmatched networking and a strong community of privacy professionals, the Symposium returns to help you step up your game.

TRUSTe’s Eleanor Treharne-Jones will be speaking on Wednesday, May 11th, 11:45am-1pm on “Are You Ready for the GDPR? Let’s Find Out.”

> Register here


Digital Advertising Alliance Summit 2016

May 12 – May 13

Los Angeles

The Digital Advertising Alliance Summit 2016 is a full-day event and provides a unique opportunity for DAA Program participants to learn about the latest developments in industry self-regulation.

TRUSTe’s Chris Babel will take part in the panel, “Publishers’ Roundtable 2016: Congratulations to the Increasingly ‘Relevant’ Ad-Financed Business Model” alongside industry experts at Viacom Media Networks, Netflix, Daily Actor, and the American Advertising Federation (AAF).

> Register here


IRMS Conference

May 15 – May 17


The Information & Records Management Society (IRMS) Conference brings together information professionals to provide an independent perspective on key challenges surrounding this years’ theme, “Information Superheroes – Enabling Business Excellence”.

TRUSTe’s Ralph O’Brien will be speaking on Tuesday, May 17th, 09.00 – 09.45 on “Hero or Villain? The Evolution of Business Information Management”.

> Register here


Global Privacy Enforcement Priorities

May 19 – 9.00am – 10.00am PT

Online Webinar

As the scope of EU law reaches around the world we are also seeing greater international regulatory co-operation. So whether it’s the FTC, the FCC or European DPAs, what are the top priorities on the agenda of global privacy regulators? How is this impacted by the rise of activism and the role of individuals like Max Schrems who have forced legal changes?

In this webinar, experts will review the latest case law and enforcement actions from the last 12 months and share their assessment on what this could mean for the future and how to keep your company out of the regulatory spotlight

> Register here




Apr 28 2016

Preparing for New Breach Notification Requirements in Canada

Screenshot 2016-04-27 16.45.36

In these times of uncertainty regarding privacy must-dos (read GDPR and Privacy Shield), Canada offers us another set of rules to prepare for in the Digital Privacy Act. Passed in June 2015, much of the Digital Privacy Act is already defined and in place. One main component though, the breach notification rule, is under consultation and still somewhat of an unknown. Despite some level of uncertainty, it is still possible to prepare for compliance.

The April TRUSTe Client Advisory Note was prepared by Margaret Alston CIPP/G/C/M from the TRUSTe Privacy Consulting Group and reviews the key changes in the Act which include:

  • Definition of “valid consent.”
  • Compliance Agreements as an enforcement option for Commissioners
  • Broadening of allowable public disclosures by the Commissioner
  • Scope of PIPEDA – including but not limited to the exclusion of business contact information
  • Exceptions to consent requirements, such as for fraud prevention purposes
  • Extension of time limits for court applications from 45 days to 1 year
  • Breach notification, reporting, and record keeping (not yet in effect)

The Advisory then covers in more detail how companies can prepare now for the new data breach notification changes.

If you would like to review this latest Client Advisory Note then look out for your copy on e-mail today or contact TRUSTe on 1-888-878-7830.


Older posts «

» Newer posts