FTC Approves TRUSTArc Online Privacy Program Fixes


Many products have certification programs to assure consumers that they meet certain standards, such as food labeled as USDA Organic, Kosher, or halal.  Even websites that cater to children under the age of 13 can be certified to protect children’s privacy.

The Federal Trade Commission recently approved changes to one of those child privacy certification plans. Consulting and trust mark company TRUSTArc--formerly TRUSTe—asked the FTC approve modifications to  its Children’s Online Privacy Protection Act (COPPA) safe harbor program, which certifies companies’ commitment to protecting children’s privacy. Under the rule implementing COPPA, the FTC can authorize companies or groups to operate self-regulatory compliance programs. Those that comply with the law can be granted safe harbor from COPPA rule enforcement.

The TrustArc move came after New York Attorney General Eric Schneiderman (D) announced a settlement with the company for allegedly failing to adequately assess companies’ websites for compliance with COPPA. These flaws left “visitors to popular children’s websites vulnerable to illegal tracking technologies prohibited by COPPA,” Rachel Shippee, a spokeswoman for Schneiderman, told Bloomberg BNA. Settling the allegations, TRUSTArc agreed to pay a $100,000 penalty and strengthen privacy assessments.

TRUSTArc’s safe harbor program modifications include a comprehensive internal test to identify all third parties and service providers collecting children’s personal information. 

Cameron Russell, executive director of the Center on Law and Information Policy at Fordham Law School, told Bloomberg BNA that the updated modifications will better protect children’s privacy.

“The requirement of the internal audit, will clear up third-party data collection practices and it would certainly help the third-party collection issue,” he said. “It gives developers and app stores a better understanding of what’s happening in the apps that target children under 13.”

TRUSTArc didn’t immediately respond to Bloomberg BNA’s request for comments.

“The TRUSTArc approval shows that TRUSTArc requires these sites and apps to do these important and necessary scans,” Allison Fitzpatrick, an advertising, marketing, and promotions attorney at Davis & Gilbert LLP in New York, told Bloomberg BNA. 

The FTC sought comment on TRUSTArc’s proposed changes and received six comments in support of the changes. The Toy Association, a trade group that represents thousands of toy manufacturers, said  TRUSTArc’s implementations “could be incorporated into other safe harbor agreements as well.”

The FTC approved a TRUSTArc safe harbor modification in 2013, which added annual re-certification, and stricter rules on collection of children’s personal information, and obtaining verifiable parental consent to collect data.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.