The FTC and True Ultimate Standards Everywhere (d/b/a TRUSTe) recently settled allegations that the privacy seal provider had deceived customers into thinking that TRUSTe did annual re-certifications when – the FTC alleged – it did not. Programs provided by TRUSTe include US-EU Safe Harbor (which assists companies that participate in the US-EU Safe Harbor program), COPPA Safe Harbor (certifying compliance to the FTC’s COPPA Rule), and others. According to the complaint, TRUSTe represented on its website that it annually verifies whether participants comply with the TRUSTe criteria, including checking to see if there have been material changes to the company’s privacy policy, checking seal placement, and verifying compliance with any relevant third party requirements like COPPA or US-EU Safe Harbor. The FTC asserted that in at least 1,000 cases between 2006 and 2013, TRUSTe failed to conduct annual re-certifications. TRUSTe has indicated that this represents less than 10% of the total number of re-certifications conducted during that time. Additionally, the FTC claimed that TRUSTe also misleadingly represented that the company is a non-profit corporation. In addition to paying $200,000, TRUSTe agreed not to misrepresent (i) its means to evaluate participant’s compliance, (ii) the frequency with which the company evaluates participants, (iii) its corporate status, and (iv) the extent to which a participant complies with TRUSTe’s privacy program. TRUSTe further agreed not to use a mechanism or require third parties to use a mechanism—in this case, model language—to make misrepresentations.

TIP: Those entities that receive certification services from TRUSTe may find themselves subject to heightened review during their next re-certification process.