Skip to Main Content
Main Menu
Search Opener
Search Close
Contact us
Assurance & Certification

TRUSTe Data Collection Certification

Designed for advertising companies to provide a direct relationship with end users and their preferences, while demonstrating compliant data collection from websites, mobile applications, and online channels.

Digital advertising compliance globally

  • Robust multi-framework standard

    Based on self-regulatory principles for Online Behavioral Advertising and applicable to mobile devices, cross-app data, and mult-site data, this framework ensures organizations in the ad tech industry proactively adhere to industry standards.

  • Industry recognized credibility

    Our established, industry-standard TRUSTe seal is one of the most recognized ways of demonstrating privacy compliance. Once certified, implement the seal easily on your digital properties (e.g., your website). Our seal has had 10s of billions of impressions and our team has completed over 10,000 certifications for global organizations.

  • Expert guidance and assistance

    Our privacy experts work with you to uncover privacy compliance to find the operational solutions that fit your organization.

Assurance process

Demonstrate privacy compliance, reduce risk, and build trust with an independent review powered by technology and delivered by privacy experts.
  • Discovery and evaluation

    An experienced Global Privacy Solutions team member guides you through the assessment process, utilizing our proven methodology and powerful technology.

  • Remediation insights

    We leverage our years of experience to provide you with remediation insights to complement the gap analysis provided. Complementary access to relevant and curated operational templates can simplify your certification process. We then validate your company’s privacy notices to ensure accurate reflection of your updated privacy practices and meet required standards.

  • Ongoing guidance and dispute resolution services

    TRUSTe will conduct ongoing compliance monitoring during the certification period, including an annual review. Utilize our third party dispute resolution service to mediate privacy issues.

  • Gap analysis

    Get a report with gap analysis and actionable recommendations for compliance. Enhance your privacy posture with essential steps.

  • Accessible audit trail

    Use TrustArc’s platform to access a complete audit trail, combining assessment tasks and supporting documentation. Streamline inquiry responses and maintain audit compliance.

What you get

Icon for detailed view of privacy standards and compliance details

Letter of Attestation

Leverage an official letter of Attestation for transparent regulatory compliance, bolstered stakeholder communication, and impactful third-party assurance, enhancing your organization’s competitive edge.

Global protection icon for ensuring privacy compliance worldwide

TRUSTe certified privacy seal

Authorized use of the TRUSTe Certified Privacy seal of display on approved privacy notices and digital properties. The seal is hosted and linked to a TRUSTe Validation Page to provide real-time verification along with an easily understood consumer notice on your certification.

Organization or business entity icon

Dispute Resolution

Use our Dispute Resolution Service to resolve privacy issues with your users. Our TRUSTe program manages thousands of requests globally each year. Embed the TRUSTe Privacy Feedback Button to enable instant consumer interaction.

Certification Pillars

 

Assessment Pillar Description
Data Necessity Optimize data value by collecting and retaining only the data necessary for strategic goals. Leverage anonymization, de-identification, pseudonymization, and coding to mitigate data storage-related risks.
Use, Retention, and Disposal Ensure data is used only as legally permissible and solely for purposes that are relevant to and compatible with the purposes for which it was collected.
Disclosure to Third Parties and Onward Transfer Preserve the standards and protections for data when it is transferred to third-party organizations and/or across country borders.
Choice and Consent Enable individuals to choose whether personal data about them is processed. Obtain and document prior permission where necessary and appropriate, and enable individuals to opt out of ongoing processing.
Access and Individual Rights Enable individuals to access information about themselves, to amend, correct, and as appropriate, delete information that is inaccurate, incomplete, or outdated.
Data Integrity and Quality Assure that data is kept sufficiently accurate, complete, relevant, and current consistent with its intended use.
Security Protect data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
Transparency Inform individuals about the ways in which data about them are processed and how to exercise their data-related rights.
Reporting and Certification Demonstrate the effectiveness of the program and controls to management, the Board of Directors, employees, customers, regulators, and the public.
Resource Allocation Establish budgets, define roles and responsibilities, and assign personnel sufficient to operate the privacy program on an ongoing basis.
Processes Establish, manage, measure, and continually improve processes, including a privacy complaint-handling process with alternative dispute resolution where needed.

TRUSTe Data Collection Certification FAQs

  • What is interest based digital advertising, also known as target advertising?

    Interest-based advertising (IBA) — is the practice of collecting data about a user’s online activity over time and across websites, apps, or devices to build an interest profile and serve targeted ads. OBA is governed by self-regulatory programs such as the DAA in the United States and the EDAA in Europe, and by privacy laws including GDPR alongside the ePrivacy Directive, and CCPA and other U.S. State consumer privacy laws.

  • What is Data Collection Certification?

    A data collection certification is an independent third-party attestation that an organization’s data collection practices — typically related to advertising, analytics, or measurement — meet a defined set of privacy and transparency standards. Certifications generally cover what data is collected, how it is used and retained, what choices are offered to consumers, how data is shared, and how security and accountability are maintained. They are a recognized trust signal in the ad-tech ecosystem.

    The TRUSTe Data Collection Certification program applies to companies that help optimize or serve online advertisements. It provides ad companies who lack a direct relationship with an individual a way to demonstrate they use personal data collected from websites, mobile app, or other sources in a manner that respects an individual’s preference.

  • Who should consider Data Collection Certification?

    Ad tech vendors, measurement providers, data management platforms, SSPs, DSPs, and publishers whose business models rely on the collection of personal or device data for advertising-related purposes.

  • Does the TRUSTe Data Collection Certification include a privacy notice review?

    Yes. The certification includes a review of consumer-facing privacy and data collection disclosures against TRUSTe’s certification criteria.

  • How does it compare to DAA AMI validation and EDAA Privacy Certification?

    DAA AMI Validation is mapped to the DAA’s Policy Framework for Addressable Media Identifiers and EDAA Privacy Certification is mapped to EDAA (Europe). Data Collection Certification is designed for third party data collectors that have no direct relationship around transparency and choice, not just about data collection.

  • What data collection practices does the certification evaluate?

    The assessment reviews eleven operational pillars: data necessity (collect only what’s needed), use/retention/disposal, disclosure to third parties and onward transfer, choice and consent (including opt-out mechanisms for online behavioral advertising), access and individual rights, data integrity and quality, security, transparency, reporting and certification, resource allocation, and processes. Each pillar maps to specific requirements drawn from GDPR, OECD, APEC, ISO 27001, FTC OBA guidelines, DAA/EDAA principles, and the 2018 NAI Code.

Related resources

View all resources

Stand out as an advertiser or publisher

Get certified
Back to Top