The Case for White Lists


list_smallADOTAS – Is there such a thing as responsible tracking? Yes – unequivocally.

Some members of the privacy advocacy community will have you believe that no tracking is good – ever. In their view, a “white” or Allow List is simply a guise – a way for companies to highlight a little bit of the good while covering up their true, less honorable intentions.

TRUSTe – and I – categorically disagree. Responsible tracking not only exists but also can provide significant value when implemented in a transparent manner and at the choice of the consumer. And white lists are the key to achieving this goal.

White lists have actually been used for years in the fight against spam. Email service providers know that white lists are essential to filtering. If they can identify ‘good’ email – authenticated, expected, and sound – they can block spam more effectively with fewer false positives and higher deliverability of desired email.

You are probably aware that Microsoft has launched IE9 with Tracking Protection Lists (TPLs). By doing so, Microsoft responds to Federal Trade Commission’s call for “Do Not Track” and gives consumers the opt-in choice to block online tracking from advertisers. Along with other privacy organizations, TRUSTe also provided an IE9 compatible TPL – with a big difference.

TRUSTe took things a step further. In addition to a “Block” list, TRUSTe is also providing an “Allow” list – essentially a white list of responsible tracking domains.

Why did we make this choice?

Trustmarks, such as our own privacy seal and others, represent a form of white lists. The presence of the TRUSTe seal on a site indicates that the site adheres to an accurate privacy policy that meets the highest industry standards. With the TRUSTe seal, companies can elevate their privacy programs and improve their online reputation.

Like trustmarks, white lists can help consumers – who are bombarded with information on all sides – decide which companies to trust.

So what makes a good white list?

A good white list holds its members accountable to the very highest standards possible. Critical attributes include:

  • Robustness – Are the standards meaningful? Is the bar set high enough?
  • Transparency – Are the standards accessible, appropriate, and clear? Can consumers satisfy themselves that the criteria are appropriate?
  • Objectivity – Are the standards applied without bias and based on the facts?
  • Effectiveness – Does the white list help? Does it adequately differentiate between the players?
  • Agility – Do the standards and associated white lists have the capability to evolve?

Email service providers have long used both black and white lists; however, until now – in the world of online tracking – browsers and toolbars have essentially taken only one approach – block all. For some individuals, this is an appropriate choice, but for others this choice may be an overly draconian response that leads to a much poorer Internet experience. Faced with this limited choice, most consumers skip the block choices altogether. (TRUSTe’s ‘educated’ guess is that only 10 million consumers have actually downloaded an advertising or tracking blocking program.) A lot of data exists that shows the majority of consumers do not want to opt-out of all tracking, a choice where a white list can help.

That said, I don’t think anyone would argue that 100% of consumers would only accept tracking from companies that respect their privacy.

White lists provide a useful balance to the black lists. Based on an accessible standard, they provide an additional and useful filter. In the case of IE9 and TPLs, white lists give consumers another option – the choice to accept some amount of responsible tracking.

TRUSTe’s “Third Party Collection” criteria are comprehensive and stringent, requiring, for example, that trackers provide consumers with protection against their Personally Identifiable Information (PII) being tied to the tracking mechanism. Our program also mandates that trackers collect behavioral information from legitimate sources – no scraping from social networks – and that consumers have easy opt-out choices.

Consumers who subscribe to the TPL Allow list get the benefit of relevant advertising and personalized content – at minimal risk of their PII being out in the wild. We also think there could be a role for white lists in other technological approaches like the Do-Not-Track header, as more granular control will be needed to handle exceptions and lists can help consumers get set up quickly and easily. We will see how the technology evolves but TRUSTe will be ready with its balanced data of good trackers, websites and applications – even as the issue migrates to mobile.

We expect this list to change over time with evolving technology, consumer expectations, regulation and best practices which is at a peak of transition in 2011 and beyond. Companies and domains may fall on and off the list. Most will not be on either a “Block” or an “Allow” list. However, the incentive to be on an Allow list alone may raise the overall bar for all of the third party trackers – an important benefit to everyone, not just to those who subscribe to the white list.

TRUSTe has long been about elevating responsible privacy players based on the principles of transparency, choice, and accountability. We strongly believe that our Allow approach brings an important choice to consumers and elevates privacy practices for all third-party tracking.


Please enter your comment!
Please enter your name here