TRUSTe Pays Up $200k To Settle Charges Of 'Deceiving Consumers' Over Its Certification Of Sites

from the not-so-truste dept

TRUSTe, the organization whose seals of approval are used by many sites to prove that they're trustworthy, especially with regards to privacy practices, has just agreed to pay the FTC $200,000 and change its representations about how it goes about certifying various sites. In particular, the FTC claims that TRUSTe did not review sites frequently enough. Separately, there were some shenanigans over the fact that TRUSTe switched from being a non-profit to a for-profit operation in 2008, but let users of the seal still tell people that TRUSTe was some sort of non-profit (as many in the public have believed).
The FTC’s complaint alleges that from 2006 until January 2013, TRUSTe failed to conduct annual recertifications of companies holding TRUSTe privacy seals in over 1,000 incidences, despite providing information on its website that companies holding TRUSTe Certified Privacy Seals receive recertification every year.

In addition, the FTC’s complaint alleges that since TRUSTe became a for-profit corporation in 2008, the company has failed to require companies using TRUSTe seals to update references to the organization’s non-profit status. Before converting from a non-profit to a for-profit, TRUSTe provided clients model language describing TRUSTe as a non-profit for use in their privacy policies.

The proposed order announced today will help ensure that TRUSTe maintains a high standard of consumer protection going forward.  Under the terms of its settlement with the FTC, TRUSTe will be prohibited from making misrepresentations about its certification process or timeline, as well as being barred from misrepresenting its corporate status or whether an entity participates in its program. In addition, TRUSTe must not provide other companies or entities the means to make misrepresentations about these facts, such as through incorrect or inaccurate model language.
There is an interesting partial dissent from FTC Commissioner Maureen Ohlhausen, effectively challenging the issue with other websites still saying TRUSTe is a non-profit. While the issue is that TRUSTe was recertifying these websites, and thus should have said that they had to make the certification clear, Ohlhausen points out that it's wrong to blame TRUSTe for statements made by other sites and not by TRUSTe itself.
Unlike Shell and Magui Publishers, the statement that TRUSTe provided to its clients was indisputably truthful at the time. During the period in which TRUSTe required client privacy policies to state that TRUSTe was a non-profit, TRUSTe was, in fact, a non-profit. Once TRUSTe changed to for-profit status, it no longer required clients to state its non-profit status and actively encouraged clients to correct their privacy policies. TRUSTe did not pass to clients any false or misleading representations regarding its for-profit status. Nor was TRUSTe’s recertification of websites a misrepresentation of TRUSTe’s non-profit status to its clients; during recertification TRUSTe again clearly communicated its for-profit status to clients by requesting that its clients update their privacy policies. Because TRUSTe accurately represented its non-profit status to its clients, TRUSTe cannot be primarily liable for deceiving consumers under a means and instrumentalities theory.
This argument makes a lot of sense, and as someone concerned about secondary liability in a variety of places, it does seem wrong for the FTC to hold TRUSTe responsible for the conduct of third party sites, even as it was recertifying them. Either way, this settlement is a good reminder that just because there's a "trusted" certification on a site, it doesn't always mean the site is trustworthy...








Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: certification, ftc, privacy policy, secondary liability
Companies: truste


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 17 Nov 2014 @ 1:55pm

    A TrustE seal is useless

    Those of us who work in the anti-spam sphere have known this for a very long time. One-off and obscure email addresses which are known only to their creators and to TrustE-certified entities turn up in spammers' possession on a routine basis. That means either (a) there's a security hole and the spammers used it to grab them or (b) someone at that entity sold them to spammers. There's no other way for it to happen.

    Yet those same entities still claim to be "secure" and to ensure "privacy" -- and proudly sport their TrustE seal.

    It's such a joke that even some professional spammers have TrustE seals on their sites.

    So this tiny slap on the wrist, long after the fact, means nothing -- except that the assholes running TrustE have successfully gamed the system, made obscene profits, lined their own pockets, and screwed over anybody naive enough to think their seal means anything.

    link to this | view in thread ]

  2. icon
    Coyne Tibbets (profile), 17 Nov 2014 @ 3:15pm

    Not second liability

    TRUSTe provided the boilerplate to be used that specified TRUSTe was non-profit. TRUSTe then neglected to provide new boilerplate for its change to profit status. As a consequence of this negligence its status is misrepresented to customers.

    What TRUSTe said; what TRUSTe failed to do: Those are first liability issues, not second.

    It would be second liability if TRUSTe directed a site to change the boilerplate and the company did not do so, then the FTC sued TRUSTe for what the other site failed to do.

    link to this | view in thread ]

  3. icon
    orbitalinsertion (profile), 17 Nov 2014 @ 3:18pm

    Well, did it ever clarify its corporate status to anyone? I don't see that particular nugget mentioned. Not that this is an argument for holding them liable, but paints a slightly different picture where Truste and other parties were lax (or just hoping to carry that non-profit logo as far as they could, which is unlikely provable).

    link to this | view in thread ]

  4. icon
    orbitalinsertion (profile), 17 Nov 2014 @ 3:21pm

    Re: A TrustE seal is useless

    Wow, and to think there is probably an industry to be made in policing their mark via litigation. Not that anyone would do that when it actually makes sense.

    link to this | view in thread ]

  5. icon
    Ninja (profile), 18 Nov 2014 @ 5:29am

    Aaaand... They just destroyed their most valuable asset: trust. Good luck remaining in the market after that.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 18 Nov 2014 @ 5:40am

    200k I'm sure that will hurt their bottom line /s

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.