SlideShare ist ein Scribd-Unternehmen logo

TRUSTe whitepaper- A Checklist of Practices that Impact Consumer Trust

TRUSTe
TRUSTe

Learn about the online behavioral advertising environment and how to make sure your company is executing best practices.

TechnologieBusiness
1 von 16
Downloaden Sie, um offline zu lesen
T RUSTe WHITEPAPER ONLINE BEHAVIORAL ADVERTISING: A C H E C K L I ST O F P R AC T I C E S TH AT I M PAC T CO N S U M E R T R U ST FEBRUARY 2009 ©2009 TRUSTe. All rights reserved.
Table of Contents Page Introduction 3 Online Behavioral Advertising Environment 4 Activities and Business Models 5 Practices that Impact Consumer Trust 7 Checklist for Businesses 8 Glossary of Terms 12 2 ©2009. TRUSTe. All rights reserved.
TRUSTe’s Commitment to Protecting Privacy and Promoting Online Trust Introduction For over a decade, TRUSTe’s mission has been to advance online trust.1 We have been active in policy discussions with government, businesses and consumers groups concerning new and evolving online business models and the development “Businesses can assert leadership of best practices for managing attendant privacy and online trust risks. These policy roles in defining self-regulatory discussions include the current focus on behavioral advertising and responsible standards around behavioral information management practices. advertising data practices that promote transparency.” In a time of uncertainty in the marketplace, we believe that businesses operating online have an opportunity to step forward to demonstrate responsibility. Businesses can assert leadership roles in defining self-regulatory standards around behavioral advertising data practices that promote transparency, meet consumer expectations for fairness and assist them in making informed choices when deciding whether to share information.2 The collection of data through behavioral advertising allows trusted companies to market to the actual interests of their customers and website visitors, benefitting consumers, enhancing their online experience, and increasing advertising revenue. Surveys have shown both that many consumers appreciate targeted advertising to their interests and that many have privacy concerns about such advertising. Revenues from advertising also are chiefly responsible for permitting free internet services to consumers and an open, innovative internet environment. However, these benefits to consumers and businesses are bounded by the need for online trust in information management processes, business accountability, and respect for consumer privacy. As business models for Internet advertising change and roles between publishers and advertisers and first and third party collection and use blur, the behavioral advertising environment can be confusing for both consumers and businesses. TRUSTe is providing a general update on the evolving behavioral advertising environment. It is meant 1 TRUSTe has been active in developing privacy best practices for businesses and by setting rigorous standards for our seal programs, certifying website privacy, online children’s privacy, e-mail practices, compliance with the U.S.-EU Safe Harbor framework, and in building a white list of companies and monitoring their delivery of safe, downloadable software to consumers. We assist businesses in meeting TRUSTe seal program requirements and also use appropriate compliance and enforcement tools, as needed, including suspensions, terminations, and referrals to the Federal Trade Commission and other law enforcement agencies. TRUSTe also protects consumer privacy by providing timely, efficient, and free dispute resolution services to consumers for privacy complaints concerning TRUSTe sealholder companies. 2 TRUSTe has been surveying consumers, providing model disclosures for businesses, hosting public webinars, and sharing emerging best practices and promoting transparency, consumer control and choice mechanisms with relation to behavioral advertising since 2007. See http://www.truste.com/about/ bt_study.php. 3 ©2009. TRUSTe. All rights reserved.
to be helpful particularly to non-technical individuals with responsibility for policy development, information management, and corporate privacy practices. With this paper, we also are providing a practical assessment tool, an information checklist for businesses to use to understand their own practices and to flag issues of concern. The information checklist can be used by privacy officers and privacy professionals, in collaboration with business and marketing program representatives, information and security officers, and privacy counsel. Online Behavioral Advertising Environment At a time when many have blamed the financial system crisis, in part, on a failure of self-regulation and a lack of transparency, it is appropriate for businesses to review their accountability processes. Businesses can begin by first scrutinizing their online practices and ensuring that they fully understand the increasingly complex data practices involved at their sites. The online advertising eco-system is evolving to include a wide range of vendors, intermediaries, networks, affiliates, exchanges and many others who may interact with user data. Ensuring that businesses understand the practices involved is essential for privacy compliance planning and to ensure consumer trust. It is also critical to recognize that consumers expect the brands and the policies of the sites they are intending to interact with to be responsible for the data exchanged, even in cases where advertisers, publishers, ad networks and affiliates may have business relationships that complicate legal and technical responsibility. Consumers, the Federal Trade Commission (“FTC”) and Congress are expressing concerns about consumer privacy and information security issues that may be raised by broad collection and sharing of PII, as well as by use of non-personally identifying data relating to individual consumers through the tracking of consumers’ online web browsing activities. Such online collections occur at many company websites that consumers visit and may be used not only by those websites but shared with a variety of third parties, such as content providers and advertisers, ad networks, and data analytics firms.3 Businesses and consumers are often confused by or are unaware of information processes at the site or sites to which data is transferred. TRUSTe believes that companies should be familiar with the advertising and data models that we outline below. Companies will benefit by understanding how they or their vendors and partners may engage in behavioral advertising activities. Furthermore, companies that conduct a review of issues flagged in this document will be better informed and well positioned to understand and react to potential guidance or changes that may be coming in 2009 from the FTC or legislators. 3 References to ‘sharing’ include data sharing directly by a first party with a vendor or other parties, as well as data collected about a user (site visitor) at a website by vendors and other parties. 4 ©2009. TRUSTe. All rights reserved.
Self-regulation is a process often preceded by leading companies beginning to strengthen practices and chart advances that are then more widely adopted. In particular, companies should be aware of evolving industry practices in the following areas: 4 • Application of certain privacy principles to some types of non-personal data, for example, behavioral profiles, cookie IDs or IP addresses. • Notices about ad-serving and behavioral targeting being provided in banner “Ensuring that businesses understand ads or on home pages, in addition to within a privacy policy. the practices involved is essential for privacy compliance planning and to • Choice being provided not only for the sharing of ad-serving data, but with ensure consumer trust.” regard to data use by a single company to tailor ads on its own sites. • The establishment of specific data retention policies and anonymization techniques for log-file data. Activities and Business Models The following is intended to provide a non-technical, high level description of the technologies and business models involved with a range of online data uses for advertising, tracking and analysis. Since the business models and policies that may be considered behavioral advertising range widely, this document seeks to describe the underlying basics and the tools used. As data is used by different models in increasingly robust ways to tailor the user experience, those businesses should pursue opportunities to provide increased levels of transparency and use control to consumers. ____________________ 4 Also note at least two companies that we are aware of provide user access to either behavioral profile data or cookie analytics data. 5 ©2009. TRUSTe. All rights reserved.
A range of online data exchanges with vendors or with third parties are often relied upon in order to tailor advertising for users or to understand and improve Web site usage and performance. For example, analytics companies provide services to Web sites for analyzing information about their users, including site usage on a unique visitor (or browser) basis. Data generally is used only on behalf of the primary site. Vendors may offer services that are “white label”, in that they use the domain of the primary site, allowing the vendor 1st party treatment by the browser. Data generally is used only on behalf of the primary site, and vendors may offer services that are “white label” in that they use the domain of the primary site. Vendors may also use a common platform which uses a common cookie or domain which could technically be used to correlate data across many unrelated sites, but is usually restricted by agreement. A number of companies assist Web sites in learning more about the types of users that visit their own or other Web sites. Some of these companies will also append their research data to enhance the data profiles a Web site may build about their own users. Owners of websites are often categorized as advertisers or publishers. Ad-servers are companies that provide a hosted service which enables the delivery, tracking and management of advertising inventory. An ad-server may deliver ads under a contract with a publisher, an advertiser or an ad network and the relevant data ownership issues must be addressed with each to ensure the privacy commitments made to users will be respected. Quite commonly, ads will be contextually targeted, that is delivered on pages that may be relevant to the content of the ad. At times, an ad will be shown a limited number of times to a unique browser, or in a specified sequence – on one site, across many sites that are similarly branded, across unrelated brands owned by one company or across unrelated sites. This practice known as ‘sequencing’ or ‘frequency capping’ is most often not considered behavioral advertising. A web site or group of sites owned by one company may work with an ad-server or analytics company to mine its respective log files of user activity to target ads for advertisers. A number of leading companies now provide users with the opportunity to opt-out of advertising targeted to activity on their site or related sites. Ad networks sell ads on behalf of groups of publishers. As a result, their services must recognize a user’s browser across many Web sites. Some companies focus on assisting advertisers with the practice of placing pixel tags on key areas of their Web site to enable the advertiser to show an ad specifically to previous site visitors when they are on other unrelated Web sites. For example, if users purchase a product from Company X, Company X may pay an ad network to show ads only to those users. Although data is provided to the ad-server by an advertiser for use elsewhere, the ad-server or ad network generally may not use the data for any other party other than the advertiser. Ad networks may or may not have permission to create behavioral profiles of users from the data they have in their ad-serving log files. That is generally a matter defined by contract. Network advertising behavioral profiles are created when an ad network mines its log files of user activity across unrelated sites over time and assembles user 6 ©2009. TRUSTe. All rights reserved.
profiles and interest categories that advertisers can target ads against. This is the core activity subject to the Network Advertising Initiative (NAI) Self-Regulatory Guidelines. Under these guidelines, sites participating in such behavioral advertising are required to provide a link in their privacy policy that provides users with the ability to opt-out of behavioral advertising. When personal data or certain sensitive data is used, an opt-in may be required. Data from a user’s purchases online or off-line, or other demographic data, may be linked to a user’s cookie to enable targeting of the user on a site where the user has registered or transacted or across an ad network. “As data is used by different models in increasingly robust Behavioral profiles may also be created by advertisers working with an ad-server ways to tailor the user experience, to collect data about the Web sites their ads are served on or by purchasers of ad those businesses should pursue inventory via ad exchanges. At times, the data ownership and consumer privacy opportunities to provide increased issues are addressed with contractual or other requirements in place. But of concern levels of transparency and use is the lack of industry consensus over the ownership of data gathered by advertiser control to consumers.” controlled ad delivery and the resulting effect on accountability to users when publishers are not aware or where a privacy policy is in conflict with the advertiser or ad network’s practices. In an emerging business model, ISPs are collaborating with Web sites or ad networks to target users based on clickstream data collected at the ISP. Leading ISPs have committed to conduct behavioral advertising only with user consent. Ad sales marketplaces, known as ad exchanges, have been created to match purchasers of advertising with available ad inventory. Sometimes purchasers may select ad inventory based on data about users. Practices that Impact Consumer Trust TRUSTe has previously conducted research and provided general guidance to our sealholder companies involved with behavioral advertising. In addition, model privacy policy guidance provided by TRUSTe specifies disclosures and choices related to ad delivery, analytics and other components of data use that may be related to behavioral advertising. 5 With this document, we intend to help identify the areas that can assist companies in understanding the elements involved with behavioral advertising and their information management and, in doing so, lay out a roadmap for increasing consumer trust. The following information practices inventory tool is intended to assist advertisers and publishers engaging in behavioral advertising who wish to ensure they are doing so in a manner that provides transparency and consumer control. Businesses need to ensure they are fully informed about the way data related to site visitors is being used or shared. Web sites should review additional steps to ensure users are comfortable ____________________ 5 See http://www.truste.com/about/bt_study.php 7 ©2009. TRUSTe. All rights reserved.
with the way data is being used at sites and consider mechanisms for additional transparency and consumer control that may be feasible for the particular business model involved. Disclosure of tracking and targeting as part of your product or service value proposition is good business. You may want to provide a “what is this” button to explain how your customization works, or other means for promoting user enhanced awareness of tracking or targeting on your site. The best examples of notice and choice are seamlessly integrated into Web site services and functionality. Following are detailed points to review at your site and with current and potential partners who provide services at your site or with whom you may share data. Although these points are of most significant concern when personal information is involved, increasingly robust tailoring occurs with a wide range of non-personal data and such activity should similarly be reviewed. Many of the points we raise will be relevant to a wide range of data collection or use regardless of technology. Companies should recognize that the more robust the type of data collection, use or sharing, the greater the need for consumer transparency and control. Checklist for Businesses TRUSTe welcomes feedback on this Checklist. We intend for this tool to be a living document that will continue to be revised and expanded in 2009. Our aim is to assist businesses in asking the right questions that will help them understand their own business operations and build privacy compliance and risk mitigation measures into their design as they relate to behavioral advertising activities. Data use: Transparency & Control • If you are tailoring advertising on your Web site using only information related to the user’s activity at your site, is it possible to explain the activity to the user in an obvious manner at the point data is collected or the point it is used? (For example: ‘These links have been selected for you based on your past browsing at this site’) • If not, can a link at the point of collection or use be provided? (For example: ‘Why this ad? Or “How data about your activity here will tailor the ads you see.”) • If advertising is being tailored across sites owned by one company, is there any common branding such that the user would expect the data to be available at other commonly owned sites? Data Sharing and User Choice • If data is being shared with an ad network for use on unrelated sites, at a minimum, does the privacy policy explain the sharing of data with an ad 8 ©2009. TRUSTe. All rights reserved.
network? Does the privacy policy provide a link to allow the user to exercise choice about this sharing or the use of behavioral targeting? • Is the type of targeting and data appending done by the network, its partners and advertisers accurately explained? • If a link is provided to a third party’s choice mechanism, is that mechanism working? • If the user is promised that exercising choice will end any tracking, does the user continue to be assigned a unique Cookie ID that may indicate continued tracking? • Does the ad network resell your ad inventory and user data to other networks? • Does it allow advertisers to pixel the ads delivered to correlate additional data from third parties? • Does it allow advertisers to personally recognize their registered users who view banners at your site? • Are advertisers permitted to create profiles of users based on the locations on your site where ads on their behalf were delivered? • Is this sharing consistent with your site’s privacy policy? • If the data is not being provided to an ad network for behavioral advertising, is data being provided to an ad-server so that you can re-target a user after they have visited your site? Are you aware of or allowing advertisers to use web beacons or other code in the ads they deliver on your site and thus allowing tracking and/or retargeting of your users elsewhere? Does your policy reflect this and provide any choice? Personal Information If the policy represents that personal information is not being shared: • Is an account ID being provided? • Have steps been taken to ensure this ID isn’t linked to identified users? • Are efforts being made to link the anonymous ID to third party data which identifies the user? • Is data being linked to purchase information, online or offline which identifies users? • Are anonymization processes in place to support this activity? Is encryption used or simple base 64 encoding? 9 ©2009. TRUSTe. All rights reserved
• Is later off-line purchase activity by a user being tied back to the ad impressions a user viewed at your site? • If your policy doesn’t allow the sharing of personal data, is there adequate anonymization in place to support this process? • Does your P3P policy or your vendors or partners’ policy allow for the type of information being used or shared? • What categories of user profiles are being created? Is any potentially sensitive, specific health, sexuality, race, religion, ethnicity, children’s data involved? Data Retention/ Security • How long is user level clickstream data kept by you or your vendors? Is it segregated or mixed with other client log-files? • Are IP addresses logged? • If so, can only a portion of the IP address be logged? • Does the logged IP address have a shorter retention period than other data? • Can they be obscured or deleted after the period they are needed? (Note that some vendors provide such capabilities without any impact to their services.) Cookies • Is the expiration date of cookies that are used set at many years in the future? Is this necessary for the purposes of the data use? • Can the expiration be set much shorter for the period needed for the expressed use? • Is data stored in the cookie? • If personal data is stored in the cookie is it encrypted? • Are flash cookies being used? Do you provide specific guidance about how users can control flash cookies? Note that since standard browser controls do not relate to flash cookies, using flash cookies for robust purposes, such as behavioral advertising, will raise concerns about consumer control and choice. 10 ©2009. TRUSTe. All rights reserved
• Can a cookie and domain unique to your site be used instead of one which potentially links to user activity across sites served by your vendor? Is a “white label” version of the service feasible for your needs? • Can the profile be made available to the user by you or by the vendor? Can the user edit or delete the profile? • Can a user who looks up the name of a particular cookie and identify the company that set it and find the privacy policy and practices related to use of the cookie? • Can the list of profile categories that are created generally be made available to provide some transparency? • Do you assist users with information on how to manage/delete cookies? • If an ad network is selling your inventory to other ad networks or via an ad exchange, what steps is it taking to ensure the purchaser respects the commitments made in your privacy policy? Additional Risk Issues • If you are purchasing ads on an ad network, does your contract address whether your banners may be delivered into adware programs? • Does your ad network employ any measures to screen and reject adware that is installed deceptively? (For example, requiring that any downloadable programs in their network are certified by the TRUSTe Trusted Download program, or by using scanning and spidering techniques to bar rogue programs that put you at legal risk in joining the network?) • If you accept advertising directly or allow ads uploaded by third parties, what policy or technical steps are taken to screen out banners placed by criminal “malvertising”companies? • Do you participate in an affiliate marketing program, offering commissions to affiliates that generate sales? • What steps does your affiliate manager take to ensure your offers do not appear in adware that is installed deceptively? (For example, requiring that any downloadable programs in their network are certified by the TRUSTe Trusted Download, or by using scanning and spidering techniques to bar rogue programs from joining the network?) • Are you paying commissions to rogue affiliates who are “cookie stuffing” or triggering invisible pop-ups at your site to illegitimately claim commissions they are not entitled to? 11 ©2009. TRUSTe. All rights reserved
Glossary of Terms6 Technical Basics User IP Address: The numerical address assigned by an Internet Access Provider to a computer connected to the internet. The IP address assigned by an ISP to a user is often used by advertising and analytics companies for a number of secondary data purposes including; geo-targeting ads, reporting on the geographic distribution of users, some analysis or targeting of the business or business type if the IP is one assigned to a recognized company, and auditing to prove ad delivery and to eliminate false or fraudulent activity. IP addresses are generally not used for keeping track of unique users by these companies. IP addresses continue to be described as non- personal in U.S. privacy policies by businesses that do not have the ability to identify users by IP address. However, businesses should recognize that since it may be possible for some parties identify users based on IP address with the cooperation of an ISP and with legal intervention, a User IP address should be treated with more sensitivity than other non-personal data they may log. Cookie ID: A unique number assigned by a Web site or an advertising/analytics provider to recognize the user’s browser over time. Third party cookies are typically set by companies or Web servers other than the Web site the user has typed into their web browser. These cookies are set and read by companies providing services across many Web sites and therefore provide a record of a user’s activity across the sites they serve. These companies may or may not have contractual rights to correlate this data or use it other than for an individual partner. Some companies may store data about a user on the user’s computer in the cookie file, to enable quick retrieval for targeting ____________________ 6 The illustrations here do not attempt to map the specific data flows involved with behavioral advertising, as in practice they are technically complex, but rather are intended to give a consumer sense of the nature of the practice involved. 12 ©2009. TRUSTe. All rights reserved
or tracking. Others will use the cookie number to reference data stored in a data base. While in practice cookies rarely actually last on a user’s computer for a long term, expiration dates associated with a cookies can extend for as much as 30 years. Opt-out cookie: A non-unique cookie set to zero or null so that a user will not be targeted or tracked. Ad networks involved in behavioral advertising may be subject to requirements to require the Web sites they serve to provide a link to a page allowing users to set an op-out cookie as a way of providing users a choice to opt-out of behavioral advertising. Ad tag: Code on a Web page that directs a user’s browser to present itself to servers used for ad delivery. This code may also dynamically pull information the site has about the user and insert it in the information the user’s browser provides to the ad-server. Pixel tag or Web beacon: Code on a page intended to direct a user’s browser to visit a server so that data about the user’s visit can be used. Ad Call: The request for an ad made by an advertisement, which is used to provide information about the Web site, the ad campaign, data about the user the site may have and the technical data the ad-server will log. Data the ad-server may log can include, among other items, a cookie ID, the site the user is visiting, an IP address, the referring url, or a search query that may have been entered. The ad call may also re- route the user’s browser to a third or fourth server which will also log or add data to the process. Key Value: A piece of information about a registered user that a Web site may pass to an ad-server. In some cases, account IDs corresponding to identified or registered users may be passed to an ad-server or analytics company. The ad-server or analytics company may or may not have the ability to decode the user ID. Log File: The data record stored on a web server when a user’s browser visits a Web site. Some data may be used instantly by an ad-server to deliver an ad. Other data may be mined from the stored log file in order to create reports or to create a user profile by using the consistent cookie ID to pull together information about a user across time and sites. 13 ©2009. TRUSTe. All rights reserved
Sample Business Models and Related Services Analytics: Services that analyze information about users, including metrics such as unique visitors and site usage. Data generally is used only on behalf of the primary site, and vendors may offer services that are “white label” in that they use the domain of the primary site. Vendors may also use a common platform which uses a common cookie or domain which could technically be used to correlate data across many unrelated sites, but is usually restricted by agreement. Research: Services that describe types of users that visit Web sites. Some of these companies will also append their research data to enhance the data profiles a Web site may build about their own users. Ad-Server: Provides a hosted service which enables the delivery, tracking and management of advertising inventory. An ad-server may deliver ads under a contract with a publisher, an advertiser or an ad network and the relevant data ownership issues must be addressed with each to ensure the privacy commitments made to users will be respected. Ad Network: Sells ads on behalf of groups of publishers and as a result must recognize user’s browser across many Web sites. Ad network’s may or may not have permission to create behavioral profiles of users from the data they have in their ad-serving log files. Behavioral Ad Network: Requires publishers to allow the network to re-target users for advertisers and/or to created behavioral profiles of users. Re-Targeting Network: Places pixel tags or other code on key areas of client Web sites to enable the advertiser to show an ad specifically to previous site visitors when they are on other unrelated Web sites. For example, if users purchase a product from Company X, Company X may pay an ad network to show ads only to those users. Data Append: Advertisers, Publisher or Ad networks may add data to a user profile by overlaying behavioral profile data, purchase or demographic data or other third party data. Ad Exchange: Marketplaces that match purchasers of advertising with available ad inventory. Sometimes purchasers may select ad inventory based on data about users. 14 ©2009. TRUSTe. All rights reserved
Behavioral Targeting Activities Sequencing, frequency capping: An ad will be shown a limited number of times to a unique browser, or in a specified sequence – on one site, across many sites that are similarly branded, across unrelated brands owned by one company or across unrelated sites. This practice is most often not considered behavioral advertising. Data Appending: Data from a user’s purchases, online or offline, or other demographic data may be linked to a user’s cookie to enable targeting of the user on a site where the user has registered or transacted or across an ad network. Re-targeting: A pixel tag or other code or web beacon on an advertiser’s site enables their ad-server or an ad network to recognize particular users visiting that advertiser’s site and to show an ad on behalf of the advertiser when those users are on other unrelated sites. Data ownership is usually not shared with a third party Cookie Matching: Clickstream data (i.e. web sites visited) linked to one company’s cookie may be matched and added to data from another company’s cookie linked data. For example, a research company which has cookie linked user profiles may overlay the data an ad network has linked to its cookies. Behavioral profile development Single company: A web site or group of sites owned by one company may mine its log files of user activity to assemble user profiles. A number of leading companies now provide users with the opportunity to opt-out of advertising targeted to activity on their sites or sites. 15 ©2009. TRUSTe. All rights reserved
Multiple company: Network advertising behavioral profiles are created when an ad network mines its log files of user activity across unrelated sites over time and assembles user profiles and interest categories that advertisers can target ads against. This is the core activity subject to the Network Advertising Initiative (NAI) Self- Regulatory Guidelines. Sites participating in such behavioral advertising are required to provide a link that provides users with the ability to opt-out of behavioral advertising. When personal data or certain sensitive data is used, an opt-in may be required. Such profiles may also be created by advertisers working with an ad-server to collect data about the Web sites their ads are served on or by purchasers of ad inventory via ad exchanges. ISP behavioral advertising: In an emerging business model, ISPs are collaborating with Web sites or ad networks to target users based on clickstream data collected at the ISP. 16 ©2009. TRUSTe. All rights reserved

Empfohlen

Targeted Online Advertising
Targeted Online AdvertisingTargeted Online Advertising
Targeted Online AdvertisingGautam Verma
 
Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceOnline Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceAdler Law Group
 
Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make...
Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make...Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make...
Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make...TRUSTe
 
Presentation Yun Li
Presentation Yun LiPresentation Yun Li
Presentation Yun LiYunLi
 
The State of Online Privacy
The State of Online PrivacyThe State of Online Privacy
The State of Online PrivacyColin Hogan
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingTokusoudeka
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
Managing Privacy Maximizing Data In Affiliate Marketing Gary Kibel
Managing Privacy Maximizing Data In Affiliate Marketing Gary KibelManaging Privacy Maximizing Data In Affiliate Marketing Gary Kibel
Managing Privacy Maximizing Data In Affiliate Marketing Gary KibelAffiliate Summit
 

Empfohlen

Targeted Online Advertising
Targeted Online AdvertisingTargeted Online Advertising
Targeted Online AdvertisingGautam Verma
 
Online Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceOnline Behavioral Advertising (OBA) Legal & Regulatory Compliance
Online Behavioral Advertising (OBA) Legal & Regulatory ComplianceAdler Law Group
 
Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make...
Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make...Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make...
Trusted Download Program: A Year in the Trenches - How Trusted Downloads Make...TRUSTe
 
Presentation Yun Li
Presentation Yun LiPresentation Yun Li
Presentation Yun LiYunLi
 
The State of Online Privacy
The State of Online PrivacyThe State of Online Privacy
The State of Online PrivacyColin Hogan
 
Avoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingAvoiding Privacy Pitfalls When Using Big Data in Marketing
Avoiding Privacy Pitfalls When Using Big Data in MarketingTokusoudeka
 
How to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareHow to Integrate Privacy into Your Customer Care
How to Integrate Privacy into Your Customer CareTRUSTe
 
Managing Privacy Maximizing Data In Affiliate Marketing Gary Kibel
Managing Privacy Maximizing Data In Affiliate Marketing Gary KibelManaging Privacy Maximizing Data In Affiliate Marketing Gary Kibel
Managing Privacy Maximizing Data In Affiliate Marketing Gary KibelAffiliate Summit
 
Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
How to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase salesHow to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase salesTRUSTe
 
Emerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your CompanyEmerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your CompanyIAB Canada
 
Session B: Handout 1
Session B: Handout 1Session B: Handout 1
Session B: Handout 1feitwincities
 
Data – the Lifeblood of the Affiliate Marketing industry
Data – the Lifeblood of the Affiliate Marketing industryData – the Lifeblood of the Affiliate Marketing industry
Data – the Lifeblood of the Affiliate Marketing industryAffiliate Summit
 
Ethics in emarketing
Ethics in emarketingEthics in emarketing
Ethics in emarketingRaveena Kaushal
 
Content, Control and Socially Networked Media
Content, Control and Socially Networked MediaContent, Control and Socially Networked Media
Content, Control and Socially Networked MediaJon Garon
 
Your Best Practice Guide to Social Media and the Law
Your Best Practice Guide to Social Media and the LawYour Best Practice Guide to Social Media and the Law
Your Best Practice Guide to Social Media and the LawNexus Publishing
 
E Marketing Ethical and Legal Issues
E Marketing Ethical and Legal IssuesE Marketing Ethical and Legal Issues
E Marketing Ethical and Legal Issueskarthik indrajit
 
E Marketing Ch5 Ethical Legal
E Marketing Ch5 Ethical LegalE Marketing Ch5 Ethical Legal
E Marketing Ch5 Ethical LegalLargest Catholic University
 
Online Privacy and Your Company
Online Privacy and Your CompanyOnline Privacy and Your Company
Online Privacy and Your CompanyZach Evans
 
Social Media and Mortgage Regulation: What's Next?
Social Media and Mortgage Regulation: What's Next?Social Media and Mortgage Regulation: What's Next?
Social Media and Mortgage Regulation: What's Next?Smarsh
 
Maximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....LegallyMaximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....LegallyMediaPost
 
Behavioraltargeting
BehavioraltargetingBehavioraltargeting
Behavioraltargetingjegayer
 
Com 558_Internet Privacy Concerns
Com 558_Internet Privacy ConcernsCom 558_Internet Privacy Concerns
Com 558_Internet Privacy Concernsmbuitrago13
 
FTC Releases Recommendations on Mobile Privacy Disclosures
FTC Releases Recommendations on Mobile Privacy DisclosuresFTC Releases Recommendations on Mobile Privacy Disclosures
FTC Releases Recommendations on Mobile Privacy DisclosuresPatton Boggs LLP
 
Social media and the law 8-22-11
Social media and the law 8-22-11Social media and the law 8-22-11
Social media and the law 8-22-11DeWayne Pope
 
com 548 presentation 2
com 548 presentation 2com 548 presentation 2
com 548 presentation 2YunLi
 
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID DocumentsTNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID DocumentsTRUSTe
 
Rebuilding Consumer Trust In Your Bank
Rebuilding Consumer Trust In Your BankRebuilding Consumer Trust In Your Bank
Rebuilding Consumer Trust In Your BankKevin McIntosh
 
Branding, Trust and the Empowered Consumer: Mumbai Edition
Branding, Trust and the Empowered Consumer: Mumbai EditionBranding, Trust and the Empowered Consumer: Mumbai Edition
Branding, Trust and the Empowered Consumer: Mumbai EditionEric Weaver
 
New Media, Trust, PR
New Media, Trust, PRNew Media, Trust, PR
New Media, Trust, PRArseniy Rastorguev
 

Weitere ähnliche Inhalte

Was ist angesagt?

Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Greg Sterling
 
How to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase salesHow to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase salesTRUSTe
 
Emerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your CompanyEmerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your CompanyIAB Canada
 
Session B: Handout 1
Session B: Handout 1Session B: Handout 1
Session B: Handout 1feitwincities
 
Data – the Lifeblood of the Affiliate Marketing industry
Data – the Lifeblood of the Affiliate Marketing industryData – the Lifeblood of the Affiliate Marketing industry
Data – the Lifeblood of the Affiliate Marketing industryAffiliate Summit
 
Content, Control and Socially Networked Media
Content, Control and Socially Networked MediaContent, Control and Socially Networked Media
Content, Control and Socially Networked MediaJon Garon
 
Your Best Practice Guide to Social Media and the Law
Your Best Practice Guide to Social Media and the LawYour Best Practice Guide to Social Media and the Law
Your Best Practice Guide to Social Media and the LawNexus Publishing
 
E Marketing Ethical and Legal Issues
E Marketing Ethical and Legal IssuesE Marketing Ethical and Legal Issues
E Marketing Ethical and Legal Issueskarthik indrajit
 
Online Privacy and Your Company
Online Privacy and Your CompanyOnline Privacy and Your Company
Online Privacy and Your CompanyZach Evans
 
Social Media and Mortgage Regulation: What's Next?
Social Media and Mortgage Regulation: What's Next?Social Media and Mortgage Regulation: What's Next?
Social Media and Mortgage Regulation: What's Next?Smarsh
 
Maximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....LegallyMaximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....LegallyMediaPost
 
Behavioraltargeting
BehavioraltargetingBehavioraltargeting
Behavioraltargetingjegayer
 
Com 558_Internet Privacy Concerns
Com 558_Internet Privacy ConcernsCom 558_Internet Privacy Concerns
Com 558_Internet Privacy Concernsmbuitrago13
 
FTC Releases Recommendations on Mobile Privacy Disclosures
FTC Releases Recommendations on Mobile Privacy DisclosuresFTC Releases Recommendations on Mobile Privacy Disclosures
FTC Releases Recommendations on Mobile Privacy DisclosuresPatton Boggs LLP
 
Social media and the law 8-22-11
Social media and the law 8-22-11Social media and the law 8-22-11
Social media and the law 8-22-11DeWayne Pope
 

Was ist angesagt? (17)

Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019Joint ad trade letter to ag becerra re ccpa 1.31.2019
Joint ad trade letter to ag becerra re ccpa 1.31.2019
 
How to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase salesHow to use privacy seals to improve privacy practices and increase sales
How to use privacy seals to improve privacy practices and increase sales
 
Emerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your CompanyEmerging Privacy Themes That Will Impact Your Company
Emerging Privacy Themes That Will Impact Your Company
 
Session B: Handout 1
Session B: Handout 1Session B: Handout 1
Session B: Handout 1
 
Data – the Lifeblood of the Affiliate Marketing industry
Data – the Lifeblood of the Affiliate Marketing industryData – the Lifeblood of the Affiliate Marketing industry
Data – the Lifeblood of the Affiliate Marketing industry
 
Ethics in emarketing
Ethics in emarketingEthics in emarketing
Ethics in emarketing
 
Content, Control and Socially Networked Media
Content, Control and Socially Networked MediaContent, Control and Socially Networked Media
Content, Control and Socially Networked Media
 
Your Best Practice Guide to Social Media and the Law
Your Best Practice Guide to Social Media and the LawYour Best Practice Guide to Social Media and the Law
Your Best Practice Guide to Social Media and the Law
 
E Marketing Ethical and Legal Issues
E Marketing Ethical and Legal IssuesE Marketing Ethical and Legal Issues
E Marketing Ethical and Legal Issues
 
E Marketing Ch5 Ethical Legal
E Marketing Ch5 Ethical LegalE Marketing Ch5 Ethical Legal
E Marketing Ch5 Ethical Legal
 
Online Privacy and Your Company
Online Privacy and Your CompanyOnline Privacy and Your Company
Online Privacy and Your Company
 
Social Media and Mortgage Regulation: What's Next?
Social Media and Mortgage Regulation: What's Next?Social Media and Mortgage Regulation: What's Next?
Social Media and Mortgage Regulation: What's Next?
 
Maximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....LegallyMaximizing & Exploiting Big Data in Digital Media....Legally
Maximizing & Exploiting Big Data in Digital Media....Legally
 
Behavioraltargeting
BehavioraltargetingBehavioraltargeting
Behavioraltargeting
 
Com 558_Internet Privacy Concerns
Com 558_Internet Privacy ConcernsCom 558_Internet Privacy Concerns
Com 558_Internet Privacy Concerns
 
FTC Releases Recommendations on Mobile Privacy Disclosures
FTC Releases Recommendations on Mobile Privacy DisclosuresFTC Releases Recommendations on Mobile Privacy Disclosures
FTC Releases Recommendations on Mobile Privacy Disclosures
 
Social media and the law 8-22-11
Social media and the law 8-22-11Social media and the law 8-22-11
Social media and the law 8-22-11
 

Andere mochten auch

com 548 presentation 2
com 548 presentation 2com 548 presentation 2
com 548 presentation 2YunLi
 
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID DocumentsTNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID DocumentsTRUSTe
 
Rebuilding Consumer Trust In Your Bank
Rebuilding Consumer Trust In Your BankRebuilding Consumer Trust In Your Bank
Rebuilding Consumer Trust In Your BankKevin McIntosh
 
Branding, Trust and the Empowered Consumer: Mumbai Edition
Branding, Trust and the Empowered Consumer: Mumbai EditionBranding, Trust and the Empowered Consumer: Mumbai Edition
Branding, Trust and the Empowered Consumer: Mumbai EditionEric Weaver
 
Beyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 PlatformsBeyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 PlatformsTRUSTe
 
BUILDING CONSUMER TRUST IN AN ONLINE WORLD
BUILDING CONSUMER TRUST IN AN ONLINE WORLDBUILDING CONSUMER TRUST IN AN ONLINE WORLD
BUILDING CONSUMER TRUST IN AN ONLINE WORLDConso-Résolution
 
Reputation & Trust -- Impact on the Bottom Line
Reputation & Trust -- Impact on the Bottom LineReputation & Trust -- Impact on the Bottom Line
Reputation & Trust -- Impact on the Bottom LineMichael Cherenson
 
Do reputation and trust define the future of communications? An IABC the Neth...
Do reputation and trust define the future of communications? An IABC the Neth...Do reputation and trust define the future of communications? An IABC the Neth...
Do reputation and trust define the future of communications? An IABC the Neth...Natascha de Waal
 
The Role of Trust & Content in the Consumer Decision-Making Process
The Role of Trust & Content in the Consumer Decision-Making ProcessThe Role of Trust & Content in the Consumer Decision-Making Process
The Role of Trust & Content in the Consumer Decision-Making ProcessWishpond
 
J.J. Jones - Consumer Insights on Trust-Building Transparency
J.J. Jones - Consumer Insights on Trust-Building TransparencyJ.J. Jones - Consumer Insights on Trust-Building Transparency
J.J. Jones - Consumer Insights on Trust-Building TransparencyJohn Blue
 
Consumer Trust and Perceived Risk in B2C E Commerce
Consumer Trust and Perceived Risk in B2C E CommerceConsumer Trust and Perceived Risk in B2C E Commerce
Consumer Trust and Perceived Risk in B2C E CommerceTanzir Islam
 
Quick Ways to Humanize Your Brand and Build Consumer Trust
Quick Ways to Humanize Your Brand and Build Consumer TrustQuick Ways to Humanize Your Brand and Build Consumer Trust
Quick Ways to Humanize Your Brand and Build Consumer TrustGlassdoor
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedSlideShare
 

Andere mochten auch (14)

com 548 presentation 2
com 548 presentation 2com 548 presentation 2
com 548 presentation 2
 
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID DocumentsTNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
TNS-TRUSTe Study: Consumer Attitudes about Biometrics in ID Documents
 
Rebuilding Consumer Trust In Your Bank
Rebuilding Consumer Trust In Your BankRebuilding Consumer Trust In Your Bank
Rebuilding Consumer Trust In Your Bank
 
Branding, Trust and the Empowered Consumer: Mumbai Edition
Branding, Trust and the Empowered Consumer: Mumbai EditionBranding, Trust and the Empowered Consumer: Mumbai Edition
Branding, Trust and the Empowered Consumer: Mumbai Edition
 
New Media, Trust, PR
New Media, Trust, PRNew Media, Trust, PR
New Media, Trust, PR
 
Beyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 PlatformsBeyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 Platforms
 
BUILDING CONSUMER TRUST IN AN ONLINE WORLD
BUILDING CONSUMER TRUST IN AN ONLINE WORLDBUILDING CONSUMER TRUST IN AN ONLINE WORLD
BUILDING CONSUMER TRUST IN AN ONLINE WORLD
 
Reputation & Trust -- Impact on the Bottom Line
Reputation & Trust -- Impact on the Bottom LineReputation & Trust -- Impact on the Bottom Line
Reputation & Trust -- Impact on the Bottom Line
 
Do reputation and trust define the future of communications? An IABC the Neth...
Do reputation and trust define the future of communications? An IABC the Neth...Do reputation and trust define the future of communications? An IABC the Neth...
Do reputation and trust define the future of communications? An IABC the Neth...
 
The Role of Trust & Content in the Consumer Decision-Making Process
The Role of Trust & Content in the Consumer Decision-Making ProcessThe Role of Trust & Content in the Consumer Decision-Making Process
The Role of Trust & Content in the Consumer Decision-Making Process
 
J.J. Jones - Consumer Insights on Trust-Building Transparency
J.J. Jones - Consumer Insights on Trust-Building TransparencyJ.J. Jones - Consumer Insights on Trust-Building Transparency
J.J. Jones - Consumer Insights on Trust-Building Transparency
 
Consumer Trust and Perceived Risk in B2C E Commerce
Consumer Trust and Perceived Risk in B2C E CommerceConsumer Trust and Perceived Risk in B2C E Commerce
Consumer Trust and Perceived Risk in B2C E Commerce
 
Quick Ways to Humanize Your Brand and Build Consumer Trust
Quick Ways to Humanize Your Brand and Build Consumer TrustQuick Ways to Humanize Your Brand and Build Consumer Trust
Quick Ways to Humanize Your Brand and Build Consumer Trust
 
LinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-PresentedLinkedIn SlideShare: Knowledge, Well-Presented
LinkedIn SlideShare: Knowledge, Well-Presented
 

Ähnlich wie TRUSTe whitepaper- A Checklist of Practices that Impact Consumer Trust

ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATIONETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATIONBeliev-In Technologies
 
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...NextVision Media
 
Data-Privacy-and-Ethics-in-Digital-Marketing
Data-Privacy-and-Ethics-in-Digital-MarketingData-Privacy-and-Ethics-in-Digital-Marketing
Data-Privacy-and-Ethics-in-Digital-MarketingBiswadeep Das
 
Mobile advertisiing addressing privacy concerns
Mobile advertisiing addressing privacy concernsMobile advertisiing addressing privacy concerns
Mobile advertisiing addressing privacy concernsxmendel
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCloudIDSummit
 
What Boards Should Know About Social Media
What Boards Should Know About Social MediaWhat Boards Should Know About Social Media
What Boards Should Know About Social MediaDorri McWhorter
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalRobertPike
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersBroadridge
 
2013 business principles en
2013 business principles en2013 business principles en
2013 business principles enDr Lendy Spires
 
Guarding and Growing Personal Data Value
Guarding and Growing Personal Data ValueGuarding and Growing Personal Data Value
Guarding and Growing Personal Data Valueaccenture
 
Accenture four keys digital trust
Accenture four keys digital trustAccenture four keys digital trust
Accenture four keys digital trustOptimediaSpain
 
Multichannel Retail: More than clicks and bricks
Multichannel Retail: More than clicks and bricksMultichannel Retail: More than clicks and bricks
Multichannel Retail: More than clicks and bricksGrant Thornton
 
Social Media And The Workplace February 2012
Social Media And The Workplace February 2012Social Media And The Workplace February 2012
Social Media And The Workplace February 2012PBeisty
 
The One To One Advantage, Best's Review, September 1998
The One To One Advantage, Best's Review, September 1998 The One To One Advantage, Best's Review, September 1998
The One To One Advantage, Best's Review, September 1998 Gates Ouimette
 
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by DesignSay Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Designbradley_g
 
Benefits of tighter Automotive Dealer-Manufacturer Data Collaboration
Benefits of tighter Automotive Dealer-Manufacturer Data CollaborationBenefits of tighter Automotive Dealer-Manufacturer Data Collaboration
Benefits of tighter Automotive Dealer-Manufacturer Data CollaborationInfosys
 

Ähnlich wie TRUSTe whitepaper- A Checklist of Practices that Impact Consumer Trust (20)

ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATIONETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
 
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
 
Data-Privacy-and-Ethics-in-Digital-Marketing
Data-Privacy-and-Ethics-in-Digital-MarketingData-Privacy-and-Ethics-in-Digital-Marketing
Data-Privacy-and-Ethics-in-Digital-Marketing
 
OLa Moema
OLa MoemaOLa Moema
OLa Moema
 
Ola Moema
Ola MoemaOla Moema
Ola Moema
 
Ola Moema
Ola MoemaOla Moema
Ola Moema
 
Mobile advertisiing addressing privacy concerns
Mobile advertisiing addressing privacy concernsMobile advertisiing addressing privacy concerns
Mobile advertisiing addressing privacy concerns
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
 
Ali
AliAli
Ali
 
What Boards Should Know About Social Media
What Boards Should Know About Social MediaWhat Boards Should Know About Social Media
What Boards Should Know About Social Media
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) final
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker Dealers
 
2013 business principles en
2013 business principles en2013 business principles en
2013 business principles en
 
Guarding and Growing Personal Data Value
Guarding and Growing Personal Data ValueGuarding and Growing Personal Data Value
Guarding and Growing Personal Data Value
 
Accenture four keys digital trust
Accenture four keys digital trustAccenture four keys digital trust
Accenture four keys digital trust
 
Multichannel Retail: More than clicks and bricks
Multichannel Retail: More than clicks and bricksMultichannel Retail: More than clicks and bricks
Multichannel Retail: More than clicks and bricks
 
Social Media And The Workplace February 2012
Social Media And The Workplace February 2012Social Media And The Workplace February 2012
Social Media And The Workplace February 2012
 
The One To One Advantage, Best's Review, September 1998
The One To One Advantage, Best's Review, September 1998 The One To One Advantage, Best's Review, September 1998
The One To One Advantage, Best's Review, September 1998
 
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by DesignSay Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
 
Benefits of tighter Automotive Dealer-Manufacturer Data Collaboration
Benefits of tighter Automotive Dealer-Manufacturer Data CollaborationBenefits of tighter Automotive Dealer-Manufacturer Data Collaboration
Benefits of tighter Automotive Dealer-Manufacturer Data Collaboration
 

Kürzlich hochgeladen

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Kürzlich hochgeladen (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

TRUSTe whitepaper- A Checklist of Practices that Impact Consumer Trust

  • 1. T RUSTe WHITEPAPER ONLINE BEHAVIORAL ADVERTISING: A C H E C K L I ST O F P R AC T I C E S TH AT I M PAC T CO N S U M E R T R U ST FEBRUARY 2009 ©2009 TRUSTe. All rights reserved.
  • 2. Table of Contents Page Introduction 3 Online Behavioral Advertising Environment 4 Activities and Business Models 5 Practices that Impact Consumer Trust 7 Checklist for Businesses 8 Glossary of Terms 12 2 ©2009. TRUSTe. All rights reserved.
  • 3. TRUSTe’s Commitment to Protecting Privacy and Promoting Online Trust Introduction For over a decade, TRUSTe’s mission has been to advance online trust.1 We have been active in policy discussions with government, businesses and consumers groups concerning new and evolving online business models and the development “Businesses can assert leadership of best practices for managing attendant privacy and online trust risks. These policy roles in defining self-regulatory discussions include the current focus on behavioral advertising and responsible standards around behavioral information management practices. advertising data practices that promote transparency.” In a time of uncertainty in the marketplace, we believe that businesses operating online have an opportunity to step forward to demonstrate responsibility. Businesses can assert leadership roles in defining self-regulatory standards around behavioral advertising data practices that promote transparency, meet consumer expectations for fairness and assist them in making informed choices when deciding whether to share information.2 The collection of data through behavioral advertising allows trusted companies to market to the actual interests of their customers and website visitors, benefitting consumers, enhancing their online experience, and increasing advertising revenue. Surveys have shown both that many consumers appreciate targeted advertising to their interests and that many have privacy concerns about such advertising. Revenues from advertising also are chiefly responsible for permitting free internet services to consumers and an open, innovative internet environment. However, these benefits to consumers and businesses are bounded by the need for online trust in information management processes, business accountability, and respect for consumer privacy. As business models for Internet advertising change and roles between publishers and advertisers and first and third party collection and use blur, the behavioral advertising environment can be confusing for both consumers and businesses. TRUSTe is providing a general update on the evolving behavioral advertising environment. It is meant 1 TRUSTe has been active in developing privacy best practices for businesses and by setting rigorous standards for our seal programs, certifying website privacy, online children’s privacy, e-mail practices, compliance with the U.S.-EU Safe Harbor framework, and in building a white list of companies and monitoring their delivery of safe, downloadable software to consumers. We assist businesses in meeting TRUSTe seal program requirements and also use appropriate compliance and enforcement tools, as needed, including suspensions, terminations, and referrals to the Federal Trade Commission and other law enforcement agencies. TRUSTe also protects consumer privacy by providing timely, efficient, and free dispute resolution services to consumers for privacy complaints concerning TRUSTe sealholder companies. 2 TRUSTe has been surveying consumers, providing model disclosures for businesses, hosting public webinars, and sharing emerging best practices and promoting transparency, consumer control and choice mechanisms with relation to behavioral advertising since 2007. See http://www.truste.com/about/ bt_study.php. 3 ©2009. TRUSTe. All rights reserved.
  • 4. to be helpful particularly to non-technical individuals with responsibility for policy development, information management, and corporate privacy practices. With this paper, we also are providing a practical assessment tool, an information checklist for businesses to use to understand their own practices and to flag issues of concern. The information checklist can be used by privacy officers and privacy professionals, in collaboration with business and marketing program representatives, information and security officers, and privacy counsel. Online Behavioral Advertising Environment At a time when many have blamed the financial system crisis, in part, on a failure of self-regulation and a lack of transparency, it is appropriate for businesses to review their accountability processes. Businesses can begin by first scrutinizing their online practices and ensuring that they fully understand the increasingly complex data practices involved at their sites. The online advertising eco-system is evolving to include a wide range of vendors, intermediaries, networks, affiliates, exchanges and many others who may interact with user data. Ensuring that businesses understand the practices involved is essential for privacy compliance planning and to ensure consumer trust. It is also critical to recognize that consumers expect the brands and the policies of the sites they are intending to interact with to be responsible for the data exchanged, even in cases where advertisers, publishers, ad networks and affiliates may have business relationships that complicate legal and technical responsibility. Consumers, the Federal Trade Commission (“FTC”) and Congress are expressing concerns about consumer privacy and information security issues that may be raised by broad collection and sharing of PII, as well as by use of non-personally identifying data relating to individual consumers through the tracking of consumers’ online web browsing activities. Such online collections occur at many company websites that consumers visit and may be used not only by those websites but shared with a variety of third parties, such as content providers and advertisers, ad networks, and data analytics firms.3 Businesses and consumers are often confused by or are unaware of information processes at the site or sites to which data is transferred. TRUSTe believes that companies should be familiar with the advertising and data models that we outline below. Companies will benefit by understanding how they or their vendors and partners may engage in behavioral advertising activities. Furthermore, companies that conduct a review of issues flagged in this document will be better informed and well positioned to understand and react to potential guidance or changes that may be coming in 2009 from the FTC or legislators. 3 References to ‘sharing’ include data sharing directly by a first party with a vendor or other parties, as well as data collected about a user (site visitor) at a website by vendors and other parties. 4 ©2009. TRUSTe. All rights reserved.
  • 5. Self-regulation is a process often preceded by leading companies beginning to strengthen practices and chart advances that are then more widely adopted. In particular, companies should be aware of evolving industry practices in the following areas: 4 • Application of certain privacy principles to some types of non-personal data, for example, behavioral profiles, cookie IDs or IP addresses. • Notices about ad-serving and behavioral targeting being provided in banner “Ensuring that businesses understand ads or on home pages, in addition to within a privacy policy. the practices involved is essential for privacy compliance planning and to • Choice being provided not only for the sharing of ad-serving data, but with ensure consumer trust.” regard to data use by a single company to tailor ads on its own sites. • The establishment of specific data retention policies and anonymization techniques for log-file data. Activities and Business Models The following is intended to provide a non-technical, high level description of the technologies and business models involved with a range of online data uses for advertising, tracking and analysis. Since the business models and policies that may be considered behavioral advertising range widely, this document seeks to describe the underlying basics and the tools used. As data is used by different models in increasingly robust ways to tailor the user experience, those businesses should pursue opportunities to provide increased levels of transparency and use control to consumers. ____________________ 4 Also note at least two companies that we are aware of provide user access to either behavioral profile data or cookie analytics data. 5 ©2009. TRUSTe. All rights reserved.
  • 6. A range of online data exchanges with vendors or with third parties are often relied upon in order to tailor advertising for users or to understand and improve Web site usage and performance. For example, analytics companies provide services to Web sites for analyzing information about their users, including site usage on a unique visitor (or browser) basis. Data generally is used only on behalf of the primary site. Vendors may offer services that are “white label”, in that they use the domain of the primary site, allowing the vendor 1st party treatment by the browser. Data generally is used only on behalf of the primary site, and vendors may offer services that are “white label” in that they use the domain of the primary site. Vendors may also use a common platform which uses a common cookie or domain which could technically be used to correlate data across many unrelated sites, but is usually restricted by agreement. A number of companies assist Web sites in learning more about the types of users that visit their own or other Web sites. Some of these companies will also append their research data to enhance the data profiles a Web site may build about their own users. Owners of websites are often categorized as advertisers or publishers. Ad-servers are companies that provide a hosted service which enables the delivery, tracking and management of advertising inventory. An ad-server may deliver ads under a contract with a publisher, an advertiser or an ad network and the relevant data ownership issues must be addressed with each to ensure the privacy commitments made to users will be respected. Quite commonly, ads will be contextually targeted, that is delivered on pages that may be relevant to the content of the ad. At times, an ad will be shown a limited number of times to a unique browser, or in a specified sequence – on one site, across many sites that are similarly branded, across unrelated brands owned by one company or across unrelated sites. This practice known as ‘sequencing’ or ‘frequency capping’ is most often not considered behavioral advertising. A web site or group of sites owned by one company may work with an ad-server or analytics company to mine its respective log files of user activity to target ads for advertisers. A number of leading companies now provide users with the opportunity to opt-out of advertising targeted to activity on their site or related sites. Ad networks sell ads on behalf of groups of publishers. As a result, their services must recognize a user’s browser across many Web sites. Some companies focus on assisting advertisers with the practice of placing pixel tags on key areas of their Web site to enable the advertiser to show an ad specifically to previous site visitors when they are on other unrelated Web sites. For example, if users purchase a product from Company X, Company X may pay an ad network to show ads only to those users. Although data is provided to the ad-server by an advertiser for use elsewhere, the ad-server or ad network generally may not use the data for any other party other than the advertiser. Ad networks may or may not have permission to create behavioral profiles of users from the data they have in their ad-serving log files. That is generally a matter defined by contract. Network advertising behavioral profiles are created when an ad network mines its log files of user activity across unrelated sites over time and assembles user 6 ©2009. TRUSTe. All rights reserved.
  • 7. profiles and interest categories that advertisers can target ads against. This is the core activity subject to the Network Advertising Initiative (NAI) Self-Regulatory Guidelines. Under these guidelines, sites participating in such behavioral advertising are required to provide a link in their privacy policy that provides users with the ability to opt-out of behavioral advertising. When personal data or certain sensitive data is used, an opt-in may be required. Data from a user’s purchases online or off-line, or other demographic data, may be linked to a user’s cookie to enable targeting of the user on a site where the user has registered or transacted or across an ad network. “As data is used by different models in increasingly robust Behavioral profiles may also be created by advertisers working with an ad-server ways to tailor the user experience, to collect data about the Web sites their ads are served on or by purchasers of ad those businesses should pursue inventory via ad exchanges. At times, the data ownership and consumer privacy opportunities to provide increased issues are addressed with contractual or other requirements in place. But of concern levels of transparency and use is the lack of industry consensus over the ownership of data gathered by advertiser control to consumers.” controlled ad delivery and the resulting effect on accountability to users when publishers are not aware or where a privacy policy is in conflict with the advertiser or ad network’s practices. In an emerging business model, ISPs are collaborating with Web sites or ad networks to target users based on clickstream data collected at the ISP. Leading ISPs have committed to conduct behavioral advertising only with user consent. Ad sales marketplaces, known as ad exchanges, have been created to match purchasers of advertising with available ad inventory. Sometimes purchasers may select ad inventory based on data about users. Practices that Impact Consumer Trust TRUSTe has previously conducted research and provided general guidance to our sealholder companies involved with behavioral advertising. In addition, model privacy policy guidance provided by TRUSTe specifies disclosures and choices related to ad delivery, analytics and other components of data use that may be related to behavioral advertising. 5 With this document, we intend to help identify the areas that can assist companies in understanding the elements involved with behavioral advertising and their information management and, in doing so, lay out a roadmap for increasing consumer trust. The following information practices inventory tool is intended to assist advertisers and publishers engaging in behavioral advertising who wish to ensure they are doing so in a manner that provides transparency and consumer control. Businesses need to ensure they are fully informed about the way data related to site visitors is being used or shared. Web sites should review additional steps to ensure users are comfortable ____________________ 5 See http://www.truste.com/about/bt_study.php 7 ©2009. TRUSTe. All rights reserved.
  • 8. with the way data is being used at sites and consider mechanisms for additional transparency and consumer control that may be feasible for the particular business model involved. Disclosure of tracking and targeting as part of your product or service value proposition is good business. You may want to provide a “what is this” button to explain how your customization works, or other means for promoting user enhanced awareness of tracking or targeting on your site. The best examples of notice and choice are seamlessly integrated into Web site services and functionality. Following are detailed points to review at your site and with current and potential partners who provide services at your site or with whom you may share data. Although these points are of most significant concern when personal information is involved, increasingly robust tailoring occurs with a wide range of non-personal data and such activity should similarly be reviewed. Many of the points we raise will be relevant to a wide range of data collection or use regardless of technology. Companies should recognize that the more robust the type of data collection, use or sharing, the greater the need for consumer transparency and control. Checklist for Businesses TRUSTe welcomes feedback on this Checklist. We intend for this tool to be a living document that will continue to be revised and expanded in 2009. Our aim is to assist businesses in asking the right questions that will help them understand their own business operations and build privacy compliance and risk mitigation measures into their design as they relate to behavioral advertising activities. Data use: Transparency & Control • If you are tailoring advertising on your Web site using only information related to the user’s activity at your site, is it possible to explain the activity to the user in an obvious manner at the point data is collected or the point it is used? (For example: ‘These links have been selected for you based on your past browsing at this site’) • If not, can a link at the point of collection or use be provided? (For example: ‘Why this ad? Or “How data about your activity here will tailor the ads you see.”) • If advertising is being tailored across sites owned by one company, is there any common branding such that the user would expect the data to be available at other commonly owned sites? Data Sharing and User Choice • If data is being shared with an ad network for use on unrelated sites, at a minimum, does the privacy policy explain the sharing of data with an ad 8 ©2009. TRUSTe. All rights reserved.
  • 9. network? Does the privacy policy provide a link to allow the user to exercise choice about this sharing or the use of behavioral targeting? • Is the type of targeting and data appending done by the network, its partners and advertisers accurately explained? • If a link is provided to a third party’s choice mechanism, is that mechanism working? • If the user is promised that exercising choice will end any tracking, does the user continue to be assigned a unique Cookie ID that may indicate continued tracking? • Does the ad network resell your ad inventory and user data to other networks? • Does it allow advertisers to pixel the ads delivered to correlate additional data from third parties? • Does it allow advertisers to personally recognize their registered users who view banners at your site? • Are advertisers permitted to create profiles of users based on the locations on your site where ads on their behalf were delivered? • Is this sharing consistent with your site’s privacy policy? • If the data is not being provided to an ad network for behavioral advertising, is data being provided to an ad-server so that you can re-target a user after they have visited your site? Are you aware of or allowing advertisers to use web beacons or other code in the ads they deliver on your site and thus allowing tracking and/or retargeting of your users elsewhere? Does your policy reflect this and provide any choice? Personal Information If the policy represents that personal information is not being shared: • Is an account ID being provided? • Have steps been taken to ensure this ID isn’t linked to identified users? • Are efforts being made to link the anonymous ID to third party data which identifies the user? • Is data being linked to purchase information, online or offline which identifies users? • Are anonymization processes in place to support this activity? Is encryption used or simple base 64 encoding? 9 ©2009. TRUSTe. All rights reserved
  • 10. Is later off-line purchase activity by a user being tied back to the ad impressions a user viewed at your site? • If your policy doesn’t allow the sharing of personal data, is there adequate anonymization in place to support this process? • Does your P3P policy or your vendors or partners’ policy allow for the type of information being used or shared? • What categories of user profiles are being created? Is any potentially sensitive, specific health, sexuality, race, religion, ethnicity, children’s data involved? Data Retention/ Security • How long is user level clickstream data kept by you or your vendors? Is it segregated or mixed with other client log-files? • Are IP addresses logged? • If so, can only a portion of the IP address be logged? • Does the logged IP address have a shorter retention period than other data? • Can they be obscured or deleted after the period they are needed? (Note that some vendors provide such capabilities without any impact to their services.) Cookies • Is the expiration date of cookies that are used set at many years in the future? Is this necessary for the purposes of the data use? • Can the expiration be set much shorter for the period needed for the expressed use? • Is data stored in the cookie? • If personal data is stored in the cookie is it encrypted? • Are flash cookies being used? Do you provide specific guidance about how users can control flash cookies? Note that since standard browser controls do not relate to flash cookies, using flash cookies for robust purposes, such as behavioral advertising, will raise concerns about consumer control and choice. 10 ©2009. TRUSTe. All rights reserved
  • 11. Can a cookie and domain unique to your site be used instead of one which potentially links to user activity across sites served by your vendor? Is a “white label” version of the service feasible for your needs? • Can the profile be made available to the user by you or by the vendor? Can the user edit or delete the profile? • Can a user who looks up the name of a particular cookie and identify the company that set it and find the privacy policy and practices related to use of the cookie? • Can the list of profile categories that are created generally be made available to provide some transparency? • Do you assist users with information on how to manage/delete cookies? • If an ad network is selling your inventory to other ad networks or via an ad exchange, what steps is it taking to ensure the purchaser respects the commitments made in your privacy policy? Additional Risk Issues • If you are purchasing ads on an ad network, does your contract address whether your banners may be delivered into adware programs? • Does your ad network employ any measures to screen and reject adware that is installed deceptively? (For example, requiring that any downloadable programs in their network are certified by the TRUSTe Trusted Download program, or by using scanning and spidering techniques to bar rogue programs that put you at legal risk in joining the network?) • If you accept advertising directly or allow ads uploaded by third parties, what policy or technical steps are taken to screen out banners placed by criminal “malvertising”companies? • Do you participate in an affiliate marketing program, offering commissions to affiliates that generate sales? • What steps does your affiliate manager take to ensure your offers do not appear in adware that is installed deceptively? (For example, requiring that any downloadable programs in their network are certified by the TRUSTe Trusted Download, or by using scanning and spidering techniques to bar rogue programs from joining the network?) • Are you paying commissions to rogue affiliates who are “cookie stuffing” or triggering invisible pop-ups at your site to illegitimately claim commissions they are not entitled to? 11 ©2009. TRUSTe. All rights reserved
  • 12. Glossary of Terms6 Technical Basics User IP Address: The numerical address assigned by an Internet Access Provider to a computer connected to the internet. The IP address assigned by an ISP to a user is often used by advertising and analytics companies for a number of secondary data purposes including; geo-targeting ads, reporting on the geographic distribution of users, some analysis or targeting of the business or business type if the IP is one assigned to a recognized company, and auditing to prove ad delivery and to eliminate false or fraudulent activity. IP addresses are generally not used for keeping track of unique users by these companies. IP addresses continue to be described as non- personal in U.S. privacy policies by businesses that do not have the ability to identify users by IP address. However, businesses should recognize that since it may be possible for some parties identify users based on IP address with the cooperation of an ISP and with legal intervention, a User IP address should be treated with more sensitivity than other non-personal data they may log. Cookie ID: A unique number assigned by a Web site or an advertising/analytics provider to recognize the user’s browser over time. Third party cookies are typically set by companies or Web servers other than the Web site the user has typed into their web browser. These cookies are set and read by companies providing services across many Web sites and therefore provide a record of a user’s activity across the sites they serve. These companies may or may not have contractual rights to correlate this data or use it other than for an individual partner. Some companies may store data about a user on the user’s computer in the cookie file, to enable quick retrieval for targeting ____________________ 6 The illustrations here do not attempt to map the specific data flows involved with behavioral advertising, as in practice they are technically complex, but rather are intended to give a consumer sense of the nature of the practice involved. 12 ©2009. TRUSTe. All rights reserved
  • 13. or tracking. Others will use the cookie number to reference data stored in a data base. While in practice cookies rarely actually last on a user’s computer for a long term, expiration dates associated with a cookies can extend for as much as 30 years. Opt-out cookie: A non-unique cookie set to zero or null so that a user will not be targeted or tracked. Ad networks involved in behavioral advertising may be subject to requirements to require the Web sites they serve to provide a link to a page allowing users to set an op-out cookie as a way of providing users a choice to opt-out of behavioral advertising. Ad tag: Code on a Web page that directs a user’s browser to present itself to servers used for ad delivery. This code may also dynamically pull information the site has about the user and insert it in the information the user’s browser provides to the ad-server. Pixel tag or Web beacon: Code on a page intended to direct a user’s browser to visit a server so that data about the user’s visit can be used. Ad Call: The request for an ad made by an advertisement, which is used to provide information about the Web site, the ad campaign, data about the user the site may have and the technical data the ad-server will log. Data the ad-server may log can include, among other items, a cookie ID, the site the user is visiting, an IP address, the referring url, or a search query that may have been entered. The ad call may also re- route the user’s browser to a third or fourth server which will also log or add data to the process. Key Value: A piece of information about a registered user that a Web site may pass to an ad-server. In some cases, account IDs corresponding to identified or registered users may be passed to an ad-server or analytics company. The ad-server or analytics company may or may not have the ability to decode the user ID. Log File: The data record stored on a web server when a user’s browser visits a Web site. Some data may be used instantly by an ad-server to deliver an ad. Other data may be mined from the stored log file in order to create reports or to create a user profile by using the consistent cookie ID to pull together information about a user across time and sites. 13 ©2009. TRUSTe. All rights reserved
  • 14. Sample Business Models and Related Services Analytics: Services that analyze information about users, including metrics such as unique visitors and site usage. Data generally is used only on behalf of the primary site, and vendors may offer services that are “white label” in that they use the domain of the primary site. Vendors may also use a common platform which uses a common cookie or domain which could technically be used to correlate data across many unrelated sites, but is usually restricted by agreement. Research: Services that describe types of users that visit Web sites. Some of these companies will also append their research data to enhance the data profiles a Web site may build about their own users. Ad-Server: Provides a hosted service which enables the delivery, tracking and management of advertising inventory. An ad-server may deliver ads under a contract with a publisher, an advertiser or an ad network and the relevant data ownership issues must be addressed with each to ensure the privacy commitments made to users will be respected. Ad Network: Sells ads on behalf of groups of publishers and as a result must recognize user’s browser across many Web sites. Ad network’s may or may not have permission to create behavioral profiles of users from the data they have in their ad-serving log files. Behavioral Ad Network: Requires publishers to allow the network to re-target users for advertisers and/or to created behavioral profiles of users. Re-Targeting Network: Places pixel tags or other code on key areas of client Web sites to enable the advertiser to show an ad specifically to previous site visitors when they are on other unrelated Web sites. For example, if users purchase a product from Company X, Company X may pay an ad network to show ads only to those users. Data Append: Advertisers, Publisher or Ad networks may add data to a user profile by overlaying behavioral profile data, purchase or demographic data or other third party data. Ad Exchange: Marketplaces that match purchasers of advertising with available ad inventory. Sometimes purchasers may select ad inventory based on data about users. 14 ©2009. TRUSTe. All rights reserved
  • 15. Behavioral Targeting Activities Sequencing, frequency capping: An ad will be shown a limited number of times to a unique browser, or in a specified sequence – on one site, across many sites that are similarly branded, across unrelated brands owned by one company or across unrelated sites. This practice is most often not considered behavioral advertising. Data Appending: Data from a user’s purchases, online or offline, or other demographic data may be linked to a user’s cookie to enable targeting of the user on a site where the user has registered or transacted or across an ad network. Re-targeting: A pixel tag or other code or web beacon on an advertiser’s site enables their ad-server or an ad network to recognize particular users visiting that advertiser’s site and to show an ad on behalf of the advertiser when those users are on other unrelated sites. Data ownership is usually not shared with a third party Cookie Matching: Clickstream data (i.e. web sites visited) linked to one company’s cookie may be matched and added to data from another company’s cookie linked data. For example, a research company which has cookie linked user profiles may overlay the data an ad network has linked to its cookies. Behavioral profile development Single company: A web site or group of sites owned by one company may mine its log files of user activity to assemble user profiles. A number of leading companies now provide users with the opportunity to opt-out of advertising targeted to activity on their sites or sites. 15 ©2009. TRUSTe. All rights reserved
  • 16. Multiple company: Network advertising behavioral profiles are created when an ad network mines its log files of user activity across unrelated sites over time and assembles user profiles and interest categories that advertisers can target ads against. This is the core activity subject to the Network Advertising Initiative (NAI) Self- Regulatory Guidelines. Sites participating in such behavioral advertising are required to provide a link that provides users with the ability to opt-out of behavioral advertising. When personal data or certain sensitive data is used, an opt-in may be required. Such profiles may also be created by advertisers working with an ad-server to collect data about the Web sites their ads are served on or by purchasers of ad inventory via ad exchanges. ISP behavioral advertising: In an emerging business model, ISPs are collaborating with Web sites or ad networks to target users based on clickstream data collected at the ISP. 16 ©2009. TRUSTe. All rights reserved