TRUSTe Pays Up $200k To Settle Charges Of 'Deceiving Consumers' Over Its Certification Of Sites
from the not-so-truste dept
TRUSTe, the organization whose seals of approval are used by many sites to prove that they're trustworthy, especially with regards to privacy practices, has just agreed to pay the FTC $200,000 and change its representations about how it goes about certifying various sites. In particular, the FTC claims that TRUSTe did not review sites frequently enough. Separately, there were some shenanigans over the fact that TRUSTe switched from being a non-profit to a for-profit operation in 2008, but let users of the seal still tell people that TRUSTe was some sort of non-profit (as many in the public have believed).The FTC’s complaint alleges that from 2006 until January 2013, TRUSTe failed to conduct annual recertifications of companies holding TRUSTe privacy seals in over 1,000 incidences, despite providing information on its website that companies holding TRUSTe Certified Privacy Seals receive recertification every year.There is an interesting partial dissent from FTC Commissioner Maureen Ohlhausen, effectively challenging the issue with other websites still saying TRUSTe is a non-profit. While the issue is that TRUSTe was recertifying these websites, and thus should have said that they had to make the certification clear, Ohlhausen points out that it's wrong to blame TRUSTe for statements made by other sites and not by TRUSTe itself.
In addition, the FTC’s complaint alleges that since TRUSTe became a for-profit corporation in 2008, the company has failed to require companies using TRUSTe seals to update references to the organization’s non-profit status. Before converting from a non-profit to a for-profit, TRUSTe provided clients model language describing TRUSTe as a non-profit for use in their privacy policies.
The proposed order announced today will help ensure that TRUSTe maintains a high standard of consumer protection going forward. Under the terms of its settlement with the FTC, TRUSTe will be prohibited from making misrepresentations about its certification process or timeline, as well as being barred from misrepresenting its corporate status or whether an entity participates in its program. In addition, TRUSTe must not provide other companies or entities the means to make misrepresentations about these facts, such as through incorrect or inaccurate model language.
Unlike Shell and Magui Publishers, the statement that TRUSTe provided to its clients was indisputably truthful at the time. During the period in which TRUSTe required client privacy policies to state that TRUSTe was a non-profit, TRUSTe was, in fact, a non-profit. Once TRUSTe changed to for-profit status, it no longer required clients to state its non-profit status and actively encouraged clients to correct their privacy policies. TRUSTe did not pass to clients any false or misleading representations regarding its for-profit status. Nor was TRUSTe’s recertification of websites a misrepresentation of TRUSTe’s non-profit status to its clients; during recertification TRUSTe again clearly communicated its for-profit status to clients by requesting that its clients update their privacy policies. Because TRUSTe accurately represented its non-profit status to its clients, TRUSTe cannot be primarily liable for deceiving consumers under a means and instrumentalities theory.This argument makes a lot of sense, and as someone concerned about secondary liability in a variety of places, it does seem wrong for the FTC to hold TRUSTe responsible for the conduct of third party sites, even as it was recertifying them. Either way, this settlement is a good reminder that just because there's a "trusted" certification on a site, it doesn't always mean the site is trustworthy...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: certification, ftc, privacy policy, secondary liability
Companies: truste
Reader Comments
Subscribe: RSS
View by: Time | Thread
A TrustE seal is useless
Yet those same entities still claim to be "secure" and to ensure "privacy" -- and proudly sport their TrustE seal.
It's such a joke that even some professional spammers have TrustE seals on their sites.
So this tiny slap on the wrist, long after the fact, means nothing -- except that the assholes running TrustE have successfully gamed the system, made obscene profits, lined their own pockets, and screwed over anybody naive enough to think their seal means anything.
[ link to this | view in chronology ]
Re: A TrustE seal is useless
[ link to this | view in chronology ]
Not second liability
What TRUSTe said; what TRUSTe failed to do: Those are first liability issues, not second.
It would be second liability if TRUSTe directed a site to change the boilerplate and the company did not do so, then the FTC sued TRUSTe for what the other site failed to do.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]