TRUSTe Settles N.Y. Child Privacy Enforcement Action

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

TRUSTe Inc. has settled allegations that it failed to properly verify that customer websites aimed at children didn’t run third party software to track users, New York Attorney General Eric T. Schneiderman (D) announced April 6.

The enforcement action—the first to target a privacy compliance company over children’s privacy, according to Schneiderman—demonstrates that companies must make sure their privacy compliance partners are up-to-code. It may also undercut arguments that privacy self-regulation by companies catering to children is a legitimate alternative to government oversight and enforcement of the Children’s Online Privacy Protection Act (COPPA), which prohibits unauthorized collection of personal data of children under age 13.

Privacy compliance is an important concern for businesses that must adhere to a growing patchwork of laws and regulations designed to protect consumers’ personal information from unauthorized access. Companies like TRUSTe fill the need by ensuring their clients abide by required privacy and data security measures.

Under the no-fault consent settlement, TRUSTe agreed to pay $100,000 and “adopt new measures to strengthen its privacy assessments,” Schneiderman said

Self-Regulation in Spotlight

In September 2016, the N.Y. Attorney General’s Office settled directly with websites that improperly tracked children, including Mattel Corp., Viacom Inc., Hasbro Inc. and JumpStart Games Inc. Hasbro escaped a financial penalty because it had relied on TRUSTe to ensure its compliance with federal law. TRUSTe was certified by the Federal Trade Commission as a self-regulatory safe harbor, meaning companies could use its COPPA services to demonstrate compliance and limit liability.

Gary A. Kibel, privacy and data security partner at David & Gilbert LLP in New York, told Bloomberg BNA April 6 that the enforcement action against a “privacy certification organization raises the significance of the action because industry is supportive of self-regulation and it relies on effective enforcement.” The New York AG enforcement action “seems to imply that TRUSTe wasn’t meeting the standards of its own program,” he said.

A TRUSTe spokesman told Bloomberg BNA April 6 that the New York AG enforcement action was based on concerns “from a few years ago,” and that the company has worked with the FTC and state regulators to address those concerns and update their “Children’s Privacy Certification program.” The company stands by the “quality and integrity” of their certification programs, including its European Union-U.S. Privacy Shield data transfer compliance verification program, the spokesman said.

A Hasbro spokeswoman told Bloomberg BNA April 6 that the company “ended its relationship with TRUSTe in 2014" and that it applauds the enforcement action. Hasbro is “deeply committed to protecting the privacy” of its users and aims to “promote responsible practices to ensure consumers'—and especially children’s—privacy comes first,” the spokeswoman said.

‘Failed Obligations.’

TRUSTe “failed to meet its obligations to keep children safe from the prying eyes of online trackers and its customers,” Schneiderman said. Specifically, TRUSTe didn’t run scans for third-party tracking technology on some of its “customers’ children webpages,” the settlement announcement said. The actions of TRUSTe “allowed COPPA violations to continue on children’s websites,” it said.

This isn’t TRUSTe’s first privacy-related run in with regulators. It previously settled with the FTC in November 2014 over allegations that it deceived consumers about its privacy seal program by claiming that it conducts annual re-certifications, when it failed to do so, and misrepresenting its status as a nonprofit entity. It paid $200,000 under that settlement.

The FTC didn’t respond to Bloomberg BNA’s email seeking comment on the New York settlement.

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Text of the settlement order is available at http://src.bna.com/nIT.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security