From the FTC:
TRUSTe, Inc., a major provider of privacy certifications for online businesses, has agreed to settle Federal Trade Commission charges that it deceived consumers about its recertification program for company’s privacy practices, as well as perpetuated its misrepresentation as a non-profit entity.
TRUSTe provides seals to businesses that meet specific requirements for consumer privacy programs that it administers. TRUSTe seals assure consumers that businesses’ privacy practices are in compliance with specific privacy standards like the Children’s Online Privacy Protection Act (COPPA) and the U.S.-EU Safe Harbor Framework.
“TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,” said FTC Chairwoman Edith Ramirez. “Self-regulation plays an important role in helping to protect consumers. But when companies fail to live up to their promises to consumers, the FTC will not hesitate to take action.”
The FTC’s complaint alleges that from 2006 until January 2013, TRUSTe failed to conduct annual recertifications of companies holding TRUSTe privacy seals in over 1,000 incidences, despite providing information on its website that companies holding TRUSTe Certified Privacy Seals receive recertification every year.
In addition, the FTC’s complaint alleges that since TRUSTe became a for-profit corporation in 2008, the company has failed to require companies using TRUSTe seals to update references to the organization’s non-profit status. Before converting from a non-profit to a for-profit, TRUSTe provided clients model language describing TRUSTe as a non-profit for use in their privacy policies.
The proposed order announced today will help ensure that TRUSTe maintains a high standard of consumer protection going forward. Under the terms of its settlement with the FTC, TRUSTe will be prohibited from making misrepresentations about its certification process or timeline, as well as being barred from misrepresenting its corporate status or whether an entity participates in its program. In addition, TRUSTe must not provide other companies or entities the means to make misrepresentations about these facts, such as through incorrect or inaccurate model language.
The settlement also requires the company in its role as a COPPA safe harbor to provide detailed information about its COPPA-related activities in its annual filing to the FTC, as well as maintaining comprehensive records about its COPPA safe harbor activities for ten years. Each of these provisions represents an increase in the reporting requirements laid out under the COPPA rule for safe harbor programs. The company must also pay $200,000 as part of the settlement.
The Commission vote to accept the proposed consent agreement for public comment was 5-0. Chairwoman Ramirez, Commissioner Brill, and Commissioner McSweeny issued a joint supporting statement and Commissioner Ohlhausen issued a statement partially dissenting. The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through Dec. 17, 2014, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section.