TRUSTe Pays Up $200k To Settle Charges Of 'Deceiving Consumers' Over Its Certification Of Sites

from the not-so-truste dept

TRUSTe, the organization whose seals of approval are used by many sites to prove that they’re trustworthy, especially with regards to privacy practices, has just agreed to pay the FTC $200,000 and change its representations about how it goes about certifying various sites. In particular, the FTC claims that TRUSTe did not review sites frequently enough. Separately, there were some shenanigans over the fact that TRUSTe switched from being a non-profit to a for-profit operation in 2008, but let users of the seal still tell people that TRUSTe was some sort of non-profit (as many in the public have believed).

The FTC?s complaint alleges that from 2006 until January 2013, TRUSTe failed to conduct annual recertifications of companies holding TRUSTe privacy seals in over 1,000 incidences, despite providing information on its website that companies holding TRUSTe Certified Privacy Seals receive recertification every year.

In addition, the FTC?s complaint alleges that since TRUSTe became a for-profit corporation in 2008, the company has failed to require companies using TRUSTe seals to update references to the organization?s non-profit status. Before converting from a non-profit to a for-profit, TRUSTe provided clients model language describing TRUSTe as a non-profit for use in their privacy policies.

The proposed order announced today will help ensure that TRUSTe maintains a high standard of consumer protection going forward.  Under the terms of its settlement with the FTC, TRUSTe will be prohibited from making misrepresentations about its certification process or timeline, as well as being barred from misrepresenting its corporate status or whether an entity participates in its program. In addition, TRUSTe must not provide other companies or entities the means to make misrepresentations about these facts, such as through incorrect or inaccurate model language.

There is an interesting partial dissent from FTC Commissioner Maureen Ohlhausen, effectively challenging the issue with other websites still saying TRUSTe is a non-profit. While the issue is that TRUSTe was recertifying these websites, and thus should have said that they had to make the certification clear, Ohlhausen points out that it’s wrong to blame TRUSTe for statements made by other sites and not by TRUSTe itself.

Unlike Shell and Magui Publishers, the statement that TRUSTe provided to its clients was indisputably truthful at the time. During the period in which TRUSTe required client privacy policies to state that TRUSTe was a non-profit, TRUSTe was, in fact, a non-profit. Once TRUSTe changed to for-profit status, it no longer required clients to state its non-profit status and actively encouraged clients to correct their privacy policies. TRUSTe did not pass to clients any false or misleading representations regarding its for-profit status. Nor was TRUSTe?s recertification of websites a misrepresentation of TRUSTe?s non-profit status to its clients; during recertification TRUSTe again clearly communicated its for-profit status to clients by requesting that its clients update their privacy policies. Because TRUSTe accurately represented its non-profit status to its clients, TRUSTe cannot be primarily liable for deceiving consumers under a means and instrumentalities theory.

This argument makes a lot of sense, and as someone concerned about secondary liability in a variety of places, it does seem wrong for the FTC to hold TRUSTe responsible for the conduct of third party sites, even as it was recertifying them. Either way, this settlement is a good reminder that just because there’s a “trusted” certification on a site, it doesn’t always mean the site is trustworthy…

Filed Under: , , ,
Companies: truste

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “TRUSTe Pays Up $200k To Settle Charges Of 'Deceiving Consumers' Over Its Certification Of Sites”

Subscribe: RSS Leave a comment
Anonymous Coward says:

A TrustE seal is useless

Those of us who work in the anti-spam sphere have known this for a very long time. One-off and obscure email addresses which are known only to their creators and to TrustE-certified entities turn up in spammers’ possession on a routine basis. That means either (a) there’s a security hole and the spammers used it to grab them or (b) someone at that entity sold them to spammers. There’s no other way for it to happen.

Yet those same entities still claim to be “secure” and to ensure “privacy” — and proudly sport their TrustE seal.

It’s such a joke that even some professional spammers have TrustE seals on their sites.

So this tiny slap on the wrist, long after the fact, means nothing — except that the assholes running TrustE have successfully gamed the system, made obscene profits, lined their own pockets, and screwed over anybody naive enough to think their seal means anything.

Coyne Tibbets (profile) says:

Not second liability

TRUSTe provided the boilerplate to be used that specified TRUSTe was non-profit. TRUSTe then neglected to provide new boilerplate for its change to profit status. As a consequence of this negligence its status is misrepresented to customers.

What TRUSTe said; what TRUSTe failed to do: Those are first liability issues, not second.

It would be second liability if TRUSTe directed a site to change the boilerplate and the company did not do so, then the FTC sued TRUSTe for what the other site failed to do.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...