Privacy Self-Regulation in Crisis? – TRUSTe's ‘Deceptive’ Practices

TRUSTe Inc. is the largest global provider of privacy certifications - ‘privacy seals’ - to businesses, with the ostensible purpose of assuring consumers that they can have confidence in the privacy practices of those businesses. Its operations in two of the most important (and government-endorsed) privacy self-regulatory schemes in the world (those affecting the USA (COPPA, the Children’s Online Privacy Protection Act) and Europe (the EU-US Safe Harbor Framework)) have been held by the US Federal Trade Commission (FTC) to involve systemic practices which are liable to deceive or mislead consumers concerning the real practices of the companies concerned. This enforcement action was the result of a long campaign by privacy advocates. Privacy advocates have also been campaigning against TRUSTe’s status as the only Accountability Agent (AA) for the USA under the APEC CBPRs (Cross-border Privacy Rules scheme), arguing that its practices there have also been deceptive.

This article explains the FTC's COPPA and Safe Harbor findings, which resulted in a US$200,000 ‘disgorgement’, and the arguments why APEC's CBPRs should change its practices, and why TRUSTe's practices should disqualify it as an AA, and should be referred to the FTC.

The article concludes that TRUSTe is a key part of the self-regulation approach to privacy across the world, in self-regulation schemes endorsed by governments. However, it has been shown to be a weak link in each scheme. Regulators and government participants in these self-regulatory schemes have been slow to respond to warnings about TRUSTe, and have allowed the schemes to be undermined by deceptive conduct, conflicts of interest, false claims of certification, fine print exclusions and general non-compliance with the core requirements of each scheme. The FTC enforcement action against TRUSTe is a wake-up call for the sector, but much more needs to be done before integrity is restored.

Keywords: APEC, Asia-Pacific, TRUSTe, privacy, data protection, trustmarks, privacy seals, self-regulation, cross border privacy rules, CBPR

Suggested Citation: Suggested Citation

Connolly, Chris and Greenleaf, Graham and Waters, Nigel, Privacy Self-Regulation in Crisis? – TRUSTe's ‘Deceptive’ Practices (December 1, 2014). (2014) 132 Privacy Laws & Business International Report, 13-17, UNSW Law Research Paper No. 2015-08, Available at SSRN: https://ssrn.com/abstract=2567090