Privacy Self-Regulation in Crisis? – TRUSTe's ‘Deceptive’ Practices

(2014) 132 Privacy Laws & Business International Report, 13-17

UNSW Law Research Paper No. 2015-08

10 Pages Posted: 20 Feb 2015 Last revised: 18 Jul 2015

Chris Connolly

University of New South Wales (UNSW) - Centre for Cyberspace Law & Policy

Graham Greenleaf

University of New South Wales, Faculty of Law

Nigel Waters

University of New South Wales (UNSW) - Faculty of Law

Date Written: December 1, 2014

Abstract

TRUSTe Inc. is the largest global provider of privacy certifications - ‘privacy seals’ - to businesses, with the ostensible purpose of assuring consumers that they can have confidence in the privacy practices of those businesses. Its operations in two of the most important (and government-endorsed) privacy self-regulatory schemes in the world (those affecting the USA (COPPA, the Children’s Online Privacy Protection Act) and Europe (the EU-US Safe Harbor Framework)) have been held by the US Federal Trade Commission (FTC) to involve systemic practices which are liable to deceive or mislead consumers concerning the real practices of the companies concerned. This enforcement action was the result of a long campaign by privacy advocates. Privacy advocates have also been campaigning against TRUSTe’s status as the only Accountability Agent (AA) for the USA under the APEC CBPRs (Cross-border Privacy Rules scheme), arguing that its practices there have also been deceptive.

This article explains the FTC's COPPA and Safe Harbor findings, which resulted in a US$200,000 ‘disgorgement’, and the arguments why APEC's CBPRs should change its practices, and why TRUSTe's practices should disqualify it as an AA, and should be referred to the FTC.

The article concludes that TRUSTe is a key part of the self-regulation approach to privacy across the world, in self-regulation schemes endorsed by governments. However, it has been shown to be a weak link in each scheme. Regulators and government participants in these self-regulatory schemes have been slow to respond to warnings about TRUSTe, and have allowed the schemes to be undermined by deceptive conduct, conflicts of interest, false claims of certification, fine print exclusions and general non-compliance with the core requirements of each scheme. The FTC enforcement action against TRUSTe is a wake-up call for the sector, but much more needs to be done before integrity is restored.

Keywords: APEC, Asia-Pacific, TRUSTe, privacy, data protection, trustmarks, privacy seals, self-regulation, cross border privacy rules, CBPR

Suggested Citation

Connolly, Chris and Greenleaf, Graham and Waters, Nigel, Privacy Self-Regulation in Crisis? – TRUSTe's ‘Deceptive’ Practices (December 1, 2014). (2014) 132 Privacy Laws & Business International Report, 13-17; UNSW Law Research Paper No. 2015-08. Available at SSRN: https://ssrn.com/abstract=2567090

Chris Connolly

University of New South Wales (UNSW) - Centre for Cyberspace Law & Policy ( email )

Sydney, NSW 2052
Australia

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Nigel Waters

University of New South Wales (UNSW) - Faculty of Law ( email )

Kensington, New South Wales 2052
Australia

Register to save articles to
your library

Register

Paper statistics

Downloads
142
rank
186,865
Abstract Views
682
PlumX