The US Federal Trade Commission announced yesterday that it had agreed to settle its investigation into TRUSTe; a significant US provider of privacy certifications. TRUSTe offered seals which tried to reassure consumers that a business’s privacy practices were in order. They are used particularly by multi-national businesses to assist them in complying with the US-EU Safe Harbor program.
The FTC allege that from 2006-2013 TRUSTe did not conduct annual re-certifications of companies holding TRUSTe privacy seals in more than 1,000 cases despite providing information on its website that these re-certifications were happening. TRUSTe also issued documentation representing that it was a not-for-profit corporation even though it had ceased to become a not-for-profit corporation in 2008. TRUSTe provided clients with model language describing TRUSTe as a not-for-profit in their privacy policies which may have led to their clients misleading their consumers.
As part of the proposed settlement TRUSTe will give various undertakings to the FTC to improve its ways. It will also pay the US Treasury $200,000 as part of the settlement.
The proposed settlement is currently open to public comment. Given the interest from some consumer groups in Safe Harbor it is likely that the FTC will receive comment before approving the Order.
It is also likely that the spotlight will turn to the Safe Harbor program generally. Businesses should check their Safe Harbor certifications and their privacy policies. Cordery has experience of helping organisations with that task.
The FTC’s announcement is here.
Information on Cordery’s data protection practice is here.
Jonathan Armstrong is a lawyer with Cordery in London where his focus is on compliance issues.