VPN Articles and News

TRUSTe Fined by FTC For Not Ensuring Compliance Of Privacy Certificates

By
Tuesday, February 3rd, 2015


TRUSTe (True Ultimate Standards Everywhere Inc.), the leading authority behind online privacy seals, was recently fined by the Federal Trade Commission (FTC) for deceiving consumers and misrepresenting its business. FTC accused the San Francisco based company of not ensuring compliance of privacy certificates during recertification and allowing businesses to refer to it as a nonprofit organization even after it turned into a for-profit business. The entire episode marks yet another instance where organizations entrusted with protecting online privacy of ordinary internet users have failed to do their job.

TRUSTe was founded as a non-profit organization by the renowned internet activist and former director of Electronic Frontier Foundation (EFF), Lori Fena, in 1997. At the time of its launch, the mission of the company was to enable online businesses meet the privacy challenges of the internet and allow them to collect and handle consumer data in a safe and meaningful way. To facilitate this process, the company stated issuing privacy seals to participating websites and businesses that followed a certain set of privacy practices and met the regulatory requirements like COPPA (Children’s Online Privacy Protection Act) and US-EU Safe Harbor framework. Nowadays, the company even certifies mobile apps, cloud services and advertising channels in addition to assessing and monitoring ecommerce websites. Over the last decade, the TRUSTe seal has become a symbol of trust and it reassures people that the website or app that they are using meets all regulatory requirements and takes the privacy of users seriously.

To ensure continued compliance with the privacy standards and regulations, TRUSTe is supposed to conduct annual audits of its existing customers and recertify their privacy practices. However, FTC discovered that between 2006 and 2013, the company recertified 1000 businesses without conducting adequate reviews or verifying their privacy practices. In addition, TRUSTe is also accused of not asking its customers to remove references to its non-profit status even though the company turned into a venture backed organization way back in 2008.

After the matter came to light, TRUSTe agreed to pay a fine of $200,000 as a part of legal settlement with the FTC. The company is also required to file detailed reports about its certification practices in the future. While announcing the settlement, FTC stressed on its blog that privacy seals and certifications are important to customers so it is imperative that representations conveyed by them remain truthful. FTC also added that future violations by TRUSTe could attract stiff penalties.

TRUSTe, on its part, did not admit any wrongdoing and termed the problems as isolated. The company claimed that the issue of non-compliance affected less than 10% of reviews that it conducted annually and also added that the problem was restricted to the clients who had signed multi-year contracts with the organization. While admitting that the organization failed to live upto its own standards, TRUSTe’s CEO Chris Babel clarified that companies signing multi-year contracts are reviewed every other year. He also promised swift action to address the issues raised by the FTC and ensure better compliance in the future.


February 3, 2015
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


8 + 4 =