1 The End Of The Privacy Policy As We Know It Fran Maier President TRUSTe

2 About TRUSTe Founded in 1997 as a non-profit Incorporated in 2008 and venture-funded Headquartered in San Francisco, CA, USA 4,000+ clients We offer privacy certifications and compliance solutions: Websites Advertising Mobile apps Cloud

3 Standard Privacy Notices Need to Be Fixed words Dense Not accessible Not contextual

4 Word Count of Facebook’s Privacy Policy Source: New York Times. “Facebook Privacy: A Bewildering Tangle of Options”. May 12 th, 2010

5 Privacy Policy Word Counts Around The Web Data collected by TRUSTe May, 2011

6 Documents With Comparable Word Counts U.S. Constitution 4,440 words Magna Carta 4,539 words

7 Some Numbers To Consider 10 Minutes average time it takes to read an online privacy policy $781 Billion national opportunity cost if consumers consistently read online privacy policies Source: “The Cost of Reading Privacy Policies” Aleecia M. McDonald and Lorrie Faith Cranor

8 What Do Privacy Policies Contain?

9 Do Consumers Read Privacy Policies? "Only 12 percent of people read privacy policies, and I think it was kind of a clever way to make a disturbing point, which is that privacy policies don't generally protect consumers and consumers don't generally read them, and that's part of the reason why we're doing this rethink of privacy." - FTC Commissioner Jon Leibowitz

10 Commission staff proposes that companies provide choices to consumers about their data practices in a simpler, more streamlined way than has been used in the past (pg. vi) Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices. (pg. 41) Excerpt From The FTC’s December 2010 Privacy Report

11 How do we provide notice offline?

12 Like This

13 Not Like This

14 We need to rethink privacy notices

15 Today: TRUSTe Announcing Truth In Privacy Transparency Accountability Choice

16 Think Simplified

17 Think Visual

18 Think Timely And Contextual

19 Accurate and comprehensive disclosures about personal information collection/use in readily accessible and understandable forms Accessible choices and tools to proactively set personal information boundaries Ability to have direct, meaningful contact with company or TRUSTe to resolve privacy concerns What Does Truth in Privacy Mean? For Consumers Privacy practices align with leading industry standards and governing laws Providing & honoring consumer choices on personal information collection & use Delivering best of breed privacy notices Held accountable to their privacy promises For Businesses

20 What Does Truth In Privacy Notice Look Like?

21 Truth In Privacy Notice Dissected Full privacy policy is accessible behind short notice Seal reflects TRUSTe’s certification of short notice and full privacy policy Consumer OBA opt-out mechanism Access to free privacy dispute resolution services by TRUSTe Company contact information Short, high-level notice summarizes key data collection & use activities that occur on the site/app/ad/platform Notice, with a focus on what’s “not expected” Choices

22 BASE: Total Qualified Smartphone Users (n=1000) Q1021 How much more likely would you be to read a company's privacy policy (on your mobile phone) if it was easier to navigate and read? Q1025 Which privacy policy would you prefer to read? Likelihood To Read Privacy Policy That Is Easier to Navigate and Read 7% Prefer 90% Prefer 3% Prefer More Likely (Net) 68% Consumers Prefer Short Mobile Format

23 Truth In Privacy Applied To Ads Consumers can engage a privacy icon When clicked the icon launches privacy notice inside the ad The privacy notice directs consumers to opt-out mechanisms if they wish

24 Truth In Privacy Applied To Website Tracking Ad Choices

25 Additional Slides

26 Are We Moving Beyond Privacy Policies?

27 Do Consumers Read Privacy Policies? 71 Percent of consumers do not read or understand privacy policies 1 31 Percent of consumers spend little or no time looking at privacy policies 2 1. UK Information Commissioner’s Office Harris Interactive. December 2001.

28 BASE: Total Qualified Smartphone Users (n=1000) Q946How important is it know what type of information is being collected and to have visibility to that information? Q951How important is your privacy when using a mobile device? Q1031How important is it to have easy access to controls regarding the sharing of your personal information inside a mobile app? Importance of… 99 Percent of Smartphone Users What Transparency

29 BASE: Total Qualified Smartphone Users (n=1000) Q1010 Have you ever read the privacy policy of a mobile app? BASE: Those who have checked the privacy policy of a mobile app (n=523) Q1015 Where have you checked the privacy policy of a mobile app? Where have you checked the privacy policy of a mobile app? Differences By Type of Smartphone Used (% Yes) FF Over Half Have Read A Mobile App Privacy Policy

30 BASE: Total Qualified Smartphone Users (n=1000) Q820 Which, if any, of the following privacy precautions do you take with regards to your online accounts? Differences By Length of Smartphone Use I create a strong password that contains numbers, letters and characters I read and understand disclosures regarding use of my personal information before installing an app I don't use apps or go to sites that ask/use my personal information I don't access my account(s) via mobile device Other I haven't taken any of these privacy precautions Differences By TRUSTe Awareness Differences By Application Downloads G L N 42 Percent Of Smartphone Users Read Notices

31 BASE: Total Qualified Smartphone Users (n=1000) Q1055 If you saw this trust mark or seal on a mobile app or mobile web site or store would you feel more comfortable about your privacy on that site? Differences By Who Pays Smartphone Bill Differences By # of Apps Downloaded N Differences By TRUSTe Awareness L K TRUSTe’s Privacy Seal Reassures Mobile Users