True Ultimate Standards Everywhere, Inc. (TRUSTe) recently agreed to a $100,000 settlement stemming from allegations by the New York AG that its Children’s Privacy Program, a Children’s Online Privacy and Protection (COPPA) safe harbor program, failed to adequately review program members’ websites to ensure compliance with COPPA. This is not the first time TRUSTe has run into issues with one of its programs. The NY settlement was announced in connection with the AG’s “Operation Child Tracker” investigation. As part of the settlement, TRUSTe has also agreed to strengthen its privacy assessments.
The NY AG noted that this is the first time a state or federal law enforcement agency has taken action against an operator of a certification program in connection with COPPA. TRUSTe operates a recognized safe harbor program through which website operators can obtain safe harbor from enforcement actions for COPPA violations, provided the website operator adheres to the program’s rules. However, the NY AG alleged that the TRUSTe program fell short, leaving underage website visitors vulnerable to online tracking in violation of COPPA. As part of the program, TRUSTe is supposed to conduct yearly, comprehensive reviews of member company’s privacy policies, practices and representations to ensure compliance with COPPA. Specifically, the AG found that yearly electronic scans for third party tracking technology often omitted children’s webpages, TRUSTe failed to provide relevant results of the scans to its customers to allow them an opportunity to review the results to address COPPA violations, and accepted customer assertions that their tracking technologies did not violate COPPA instead of independently verifying such assertions. As part of the settlement, TRUSTe must remedy these shortcomings.
Following the settlement, the FTC announced that it was seeking comment on changes TRUSTe wishes to make to its COPPA Safe Harbor program. TRUSTe is reported to be seeking these changes to address issues that arose during the NY settlement. Some of the proposed changes for which the FTC is requesting comment include a new requirement that participants in the TRUSTe program conduct assessments of third parties’ practices with respect to children’s information collection. These assessments would be conducted annually. The comment period ends May 24.
TIP: For those companies that participate in the TRUSTe safe harbor program, changes appear to be on the horizon. Those interested can submit comments about TRUSTe’s proposed changes here.