27 November 2014


EPIC reports that the US Federal Trade Commission has settled a consent agreement with privacy certification provider TRUSTe after alleging that deception of consumers with the company's privacy seal program.

EPIC states that
TRUSTe performs privacy compliance assessments for websites, and provides a set of icons for websites to display. By displaying TRUSTe icons, websites convey to users that they comply with various privacy requirements. The FTC brought the charges under Section 5 of the FTC Act, which allows the Commission to prohibit "unfair or deceptive" trade practices.
The FTC charged TRUSTe with failure to conduct re-certifications for companies that displayed privacy seals, although TRUSTe's website states that it conducts annual re-certifications. "TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge," stated FTC Chairwoman Edith Ramirez. Under the consent agreement, TRUSTe is prohibited from misrepresenting business practices to consumers, must pay a $200,000 fine, and must submit a detailed filing to the FTC every year describing its COPPA recertification process.
The Federal Trade Commission has also investigated a number of companies displaying Safe Harbor or other privacy seals without renewing their certifications. The Safe Harbor Framework, coordinated by the Department of Commerce, is an industry-developed, self- regulatory approach to privacy compliance that allows firms to self- certify privacy policies. In February 2014, the FTC settled charges with 12 companies for failure to renew their Safe Harbor privacy certifications while continuing to post the Safe Harbor icon on their websites.
EPIC subsequently submitted comments to the FTC regarding the proposed settlement agreements. The comments highlighted the weaknesses in Safe Harbor oversight, and urged the FTC to prioritize Safe Harbor enforcement and to broaden the scope of the consent orders by requiring the companies to comply with the Consumer Privacy Bill of Rights. EPIC also requested that the FTC to make public the companies' annual compliance reports.