For charges of failing to adequately evaluate whether sites operated by its customers complied with the Children's Online Privacy Protection Act (COPPA), True Ultimate Standards Everywhere Inc. (TRUSTe) will pay $100,000 to the New York Attorney General's (AG) Office and change its policies.
The action began with AG Eric Schneiderman's investigation into the COPPA practices of customers who made use of TRUSTe's certification program to signify compliance with the statute. After discovering that several TRUSTe customers permitted third-party tracking technologies on their child-directed websites that were not in compliance with COPPA the AG turned its sights on TRUSTe.
As the operator of a Federal Trade Commission-approved safe harbor program, the company was required to conduct a comprehensive review of its Web site policies, practices and representations at least once per year to assess compliance with COPPA, the AG explained. But according to the AG, the reviews were lacking in several regards.
Despite conducting electronic scans of customers' Web sites for third-party tracking technology, TRUSTe omitted most or all of the children's websites from its scans "in many cases," Schneiderman alleged, which left TRUSTe unable to determine whether unexpected third-party tracking technologies were present on these websites.
In addition, since TRUSTe failed to provide customers with relevant results from its electronic scans, they did not have the opportunity to analyze the results, the AG said, and instead of making an independent determination, they simply accepted customers' representations that third-party tracking technologies found on their children's websites did not violate COPPA.
As a result, COPPA violations were allowed to continue on the children's websites of TRUSTe's customers, the AG alleged.
TRUSTe agreed to pay $100,000 to the AG's Office and implement a more rigorous privacy assessment process for its COPPA safe-harbor program. Specifically, the company will conduct electronic scans of "a substantial portion" of each of its customers' children's websites for tracking technologies prohibited by COPPA. Such scans can only be conducted by "dedicated employees with expertise and experience", who must also verify that each scan was conducted properly.
Every third-party tracking technology must be identified through TRUSTe's scans to its customers, while customers must provide information about the third parties operating on their children's websites (including the types of information collected and how such information is used by each third party). TRUSTe promised to review the information provided by customers to determine if it violates COPPA and to maintain a database of third-party tracking technologies to help it determine whether they violate the statute.
To read the New York AG Office press release about the decision, click here.
Why it matters: AG Schneiderman noted that the case against TRUSTe was the second in connection with "Operation Child Tracker," the Office's ongoing investigation into the illegal tracking of children's online activity by marketers and advertising companies, among others. The first case targeted popular children's websites that contained third-party tracking technology in violation of COPPA, in which four companies paid a total of $835,000 and adopted reforms on dozens of websites.