Can’t be TRUSTe-d? Online privacy firm coughs $200k to settle 'deception' charges

FTC acts after regulation oopsie


TRUSTe, which issues the privacy seals displayed on thousands of websites, has paid a settlement over charges it deceived consumers through its Privacy Seal Program.

As part of an agreed settlement with US consumer watchdogs at the Federal Trade Commission, it also promised it would ensure all certified websites removed a reference to TRUSTe as a non-profit entity. It became a regular corporation in 2008.

TRUSTe provides seals to businesses that meet specific requirements for consumer privacy programmes which it administers, involving compliance with privacy standards such as the Children’s Online Privacy Protection Act and the US-EU Safe Harbor Framework.

The FTC’s complaint alleges that from 2006 until January 2013, TRUSTe failed to conduct annual re-certifications of companies holding TRUSTe privacy seals more than 1,000 times, contrary to assurances audits allowing continued use of its seals to take place every year.

“TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,” said FTC chairwoman Edith Ramirez. “Self-regulation plays an important role in helping to protect consumers. But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action."

The provider of privacy certifications for online businesses agreed to pay $200,000 to settle the case as well as agreeing to submit annual reports back to the FTC every year.

In a statement, TRUSTe said that the omission of re-certification occurred in one in 10 cases. It promised to improve its business process as well as be more careful not to misrepresent its status in future.

The agreement with the FTC covers two items: first, that TRUSTe did not ensure all certified websites removed a reference to TRUSTe as a non-profit entity after it transitioned to a for-profit enterprise in 2008; second, that TRUSTe did not complete the annual review step of certification from 2006 until January 2013 for clients who had signed up for multi-year agreements. This represents less than 10 per cent of the total number of annual reviews the company was scheduled to conduct during that time. The company has addressed both items.

TRUSTe added that it had "identified and fixed the process for annual reviews" adding extra controls to ensure that every client receives the annual review from now on. ®

Narrower topics


Other stories you might like

  • Brave roasts DuckDuckGo over Bing privacy exception
    Search biz hits back at 'misleading' claims, saga lifts lid on Microsoft's web tracking advice

    Brave CEO Brendan Eich took aim at rival DuckDuckGo on Wednesday by challenging the web search engine's efforts to brush off revelations that its Android, iOS, and macOS browsers gave, to a degree, Microsoft Bing and LinkedIn trackers a pass versus other trackers.

    Eich drew attention to one of DuckDuckGo's defenses for exempting Microsoft's Bing and LinkedIn domains, a condition of its search contract with Microsoft: that its browsers blocked third-party cookies anyway.

    "For non-search tracker blocking (e.g. in our browser), we block most third-party trackers," explained DuckDuckGo CEO Gabriel Weinberg last month. "Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon."

    Continue reading
  • Xi Jinping himself weighs in on how Big Tech should deploy FinTech
    Beijing also outlines its GovTech vision and gets very excited about data

    China's government has outlined its vision for digital services, expected behavior standards at China's big tech companies, and how China will put data to work everywhere – with president Xi Jinping putting his imprimatur to some of the policies.

    Xi's remarks were made in his role as director of China’s Central Comprehensively Deepening Reforms Commission, which met earlier this week. The subsequent communiqué states that at the meeting Xi called for "financial technology platform enterprises to return to their core business" and "support platform enterprises in playing a bigger role in serving the real economy and smoothing positive interplay between domestic and international economic flows."

    The remarks outline an attempt to balance Big Tech's desire to create disruptive financial products that challenge monopolies, against efforts to ensure that only licensed and regulated entities offer financial services.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading
  • If Twitter forgets your timeline preference, and you're using Safari, this is why
    Privacy through amnesia not ideal for remembering user choice

    Apple's Intelligent Tracking Protection (ITP) in Safari has implemented privacy through forgetfulness, and the result is that users of Twitter may have to remind Safari of their preferences.

    Apple's privacy technology has been designed to block third-party cookies in its Safari browser. But according to software developer Jeff Johnson, it keeps such a tight lid on browser-based storage that if the user hasn't visited Twitter for a week, ITP will delete user set preferences.

    So instead of seeing "Latest Tweets" – a chronological timeline – Safari users returning to Twitter after seven days can expect to see Twitter's algorithmically curated tweets under its "Home" setting.

    Continue reading

Biting the hand that feeds IT © 1998–2022