Kevin Trilli, VP of Product at TRUSTe, discussed recent developments in consumer data privacy technology and regulations. TRUSTe converted to a private company in 2008 and has grown significantly since. The Do Not Track standard is moving forward at the W3C and allows users to opt out of tracking, but its implementation raises technical challenges. Mobile apps are also an area of increasing concern as they collect more personal data from children. The EU's new consent model for data collection and use will require opt-in permission from users, and several EU countries have already enacted relevant laws. TRUSTe provides resources on these topics to help understand the changing privacy landscape.
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
0830 omma data sponsored breakfast trus te
1. Consumer Data Privacy Technology:
What’s next in 2012
Kevin Trilli
VP Product
TRUSTe
CONFIDENTIAL 1
2. Welcome to TRUSTe's Breakfast
Just like coffee and donuts, what goes better
with OBA than privacy?
CONFIDENTIAL 2
3. What’s new at TRUSTe?
• Converted to private company in 2008;
Recently closed Series C $15M
• 115+ employees: 40+ engineers and
product
• New San Francisco HQ and global
organization
Websites Advertising Mobile apps Cloud
CONFIDENTIAL 3
13. Issues for Targeted Advertising
• Cross-App Tracking Identifier supported by User Preferences
• Transparency (without reading glasses?)
On first use
In-ad In-app
(best practice)
CONFIDENTIAL 13
14. Apps require new form factor for privacy
disclosure
CONFIDENTIAL 14
15. TRUSTe Mobile Resources
• Mobile Targeting: How it works and why it’s different
– http://www.truste.com/developer/?=86
• Privacy Issues in Mobile
– http://www.truste.com/developer/?=96
CONFIDENTIAL 15
16. The new Consent Model in the EU
<name> <address> <referring URL> < phone number> <page
views> <email> <zip code> <birth date> <IP address> <income
bracket> <race> <shopping cart activity> <gender>
<clickstream data> <VIN numbers> <social security numbers>
<call history> <emailIf: open rate> <credit card number>
<birthplace> <criminalYou use cookies or other history> <social
record> <employment
tracking technology to store
connections> <job position> <city of residence> <debit car
or access information from
number> <bank account number> <message history> <credit
score> <relationshipEU citizens on their
history> <purchasing behavior>
<purchasing history> <operating or devices < browser version>
computers system>
<mobile OS> <GPS location>, <political affiliation> <donation
Then:
record> <social networking accounts> <Facebook ID> marital
status> <sexual preference> comply and get
You must <offline purchasing history>
<personal interests> <phone ID> <name> <address> <referring
permission before they are
URL> < phone number> <page views> <email> <zip code>
placed or used
<referring URL> < phone number> <page views> <email>
CONFIDENTIAL 16
17. 8 EU member countries have enacted the 2009
directive
Have enacted a law Covered by existing law
Denmark Germany
Estonia
Finland
UK
France
Malta
Ireland
Sweden
18 other EU member countries on the old model…
CONFIDENTIAL 17
20. Privacy Technology Resources
• Technology Blog
– http://www.truste.com/developer/
• TRUSTe Blog
– http://www.truste.com/blog/
• W3C DNT Tracking Protection Group
Kevin Trilli – http://www.w3.org/2011/tracking-protection/
VP Product • EU Article 29 Working Party Opinion
Kevin@truste.com – http://ec.europa.eu/justice/policies/privacy/docs/wpdo
cs/2010/wp171_en.pdf
@squawkt22 • UK ICO
– http://www.ico.gov.uk/for_organisations/privacy_and_
electronic_communications/the_guide/cookies.aspx
CONFIDENTIAL 20
Notes de l'éditeur
Open issues:Compliance definitionResponse headers and/or machine readable privacy policiesException handling (program definition)External issues:User agent UX; mobile appsInteractions with jurisdictional programsMechanisms for complianceStatus3 global meetings held in last 9 months; fourth one in DC in April; targeting June for first release of specLots of hard work to go
Country-by-country deltas User IP vs. citizenry vs. destination website (co.uk)User disruption (show three models – header/pop-up and button on side of screen) Unknown third partiesManagement of first party cookie states (strictly necessary)