CDD

Consumer, Privacy, Child Health Groups Challenge Federal Trade Commission’s Proposed Settlement with TRUSTe

Consumer, Children’s, and Privacy Groups Challenge Federal Trade Commission’s Proposed Settlement

with TRUSTe (True Ultimate Standards Everywhere, Inc.) As Too Lenient

Stronger Sanctions Needed for TRUSTe’s Violation of the Public Trust

Consumers—Especially Parents—Materially Harmed by Years of Deception

Washington, DC: The Center for Digital Democracy (CDD), through its counsel the Institute for Public Representation and on behalf of the American Academy of Child and Adolescent Psychiatry, Campaign for Commercial Free Childhood, Consumer Action, Consumer Federation of America, Consumer Watchdog, and The Rudd Center for Food Policy and Obesity, filed comments today at the Federal Trade Commission (FTC) in response to that agency’s proposed Agreement and Consent Order with True Ultimate Standards Everywhere, Inc. (“TRUSTe”). In November, after conducting an investigation, the FTC filed a complaint against TRUSTe, a company that has been issuing various “privacy seals” since 1997. The display of such seals indicate that a website has been reviewed annually by TRUSTe to ensure it is compliance with TRUSTe’s program requirements designed to protect consumer privacy. In fact, according to the FTC TRUSTe deceived consumers in two important respects. First, TRUSTe failed in over one thousand instances between 2006 and 2013 to conduct the annual re-certifications that it told consumers and the FTC it was conducting. Second, the company failed to require the companies using its privacy seals to change references to TRUSTe’s nonprofit status after it became a for-profit operation in 2008.

As CDD’s filing makes clear, these violations are especially significant coming from a company that is entrusted with verifying the self-regulatory privacy-protection efforts of thousands of companies—including some of the biggest in the world—and covering such important areas of concern as the Children’s Online Privacy Protection Act (COPPA) and the EU-US Safe Harbor framework for transatlantic data transfers. Thus while the filing applauds the FTC’s enforcement action against TRUSTe, it finds the proposed sanctions—a $200,000 fine and additional recordkeeping and reporting requirements concerning the COPPA safe harbor program—to be far too lenient. “Safe harbors such as TRUSTe,” the filing points out, “play a pivotal role protecting children’s privacy by prohibiting the collection, use or disclosure of personal information without meaningful notice to parents and advance, verifiable parental consent, limiting the amount of data collected from children and protecting the security of data that is collected.” Unfortunately, because the FTC neither revealed the websites and services that were not properly re-certified, nor estimated the number of consumers who were affected by these violations, consumers—including parents concerned for their children’s privacy—are left wondering just how much meaningful privacy protection they have online.

In addition to calling for a significant increase in the size of TRUSTe’s payment (citing individual companies that have paid as much as $1 million for their COPPA violations in the past), CDD’s filing called for all COPPA safe harbor reports (including those filed by TRUSTe) be made available to the public on the FTC’s website in a timely manner.

Angela Campbell, co-director of the Institute for Public Representation, emphasized that “Parents rely on seal programs such as TRUSTe when deciding whether a particular website is appropriate for their children. Misrepresentations such as these have the potential to put millions of children at risk across potentially hundreds or thousands of child-directed websites. The FTC must do more to restore public trust in the COPPA safe harbor programs.”

“The commission needs to stand up for children and their parents,” explained Jeff Chester, executive director of CDD. “If the FTC had adequately engaged in oversight of these programs, such problems would have been identified earlier,” he noted. “Those companies such as TRUSTe that have pledged to truly protect the privacy of American children should be required to make public how they actually determine whether online companies targeting kids engage in fair and responsible practices.”

A copy of CDD’s FTC filing is available at www.democraticmedia.org.

—30—