TRUSTe Settles Allegations of Deceptive Privacy Seal Compliance Representations

TRUSTe, Inc. has settled with the Federal Trade Commission (FTC) allegations that it misrepresented its recertification procedures for reviewing company privacy practices and allowed its customers to misrepresent TRUSTe as a non-profit.

TRUSTe offers a variety of privacy “seal” programs.  TRUSTe provides certificates to companies that meet specified transparency and privacy requirements under the Children’s Online Privacy Protection Act (COPPA) and the U.S.-EU Safe Harbor Framework, and also offers TRUSTed Websites, TRUSTed Cloud, TRUSTed App and TRUSTed Data seals.  According to the FTC complaint, TRUSTe claimed that its customers were recertified “annually,” but the FTC investigation revealed that more than 1,000 customers from 2006 to January 2013 were not required to go through the annual recertification process. 

The complaint also alleges that TRUSTe recertified customers that continued to list TRUSTe as a non-profit.  TRUSTe was founded as a non-profit in 1997, but changed its corporate status in 2008 to a for-profit organization.  TRUSTe notified its customers of the change, but did not require companies to update their websites.

The proposed settlement prohibits TRUSTe from making misleading claims about its privacy certification and recertification process, the frequency of its evaluations, its corporate status, and the extent to which members comply with its programs.  The settlement also imposes a $200,000 fine and requires additional reporting to the FTC regarding TRUSTe’s COPPA safe harbor program, which the FTC approved in 2001.  The special focus on TRUSTe’s COPPA program illustrates the ongoing importance of children’s privacy compliance to the FTC.

Self-regulation is a critical component of the privacy and advertising ecosystem. The FTC’s enforcement action against TRUSTe serves as a reminder that seal programs, regardless of the nature of the certification involved, must be real, and representations about the program parameters must be truthful.  Regulators, the public and industry must have confidence in self-regulatory programs.  It is therefore especially important that privacy and advertising seal programs operate using high standards. Seal programs that make claims about the effectiveness and nature of their self-regulatory programs, the frequency of their reviews, and other material facets of their operations must adhere to established principles of truthful and non-deceptive advertising.  The lapses by TRUSTe that the FTC identified are disappointing, but this settlement agreement should not detract from the overall value and importance of privacy and advertising self-regulatory programs.  Fortunately, the vast majority of self-regulatory programs exhibit the same commitment to sound consumer protection principles that they expect adherents to maintain.