Chris Babel, CEO
As a father of 3 boys, kids’ online privacy is important to me, as it is incredible where kids can wander and what mischief they can get into online. TRUSTe has been focused on kids’ privacy since we launched our Children’s Privacy Certification program in 2001, shortly after the Children’s Online Privacy Protection Act (“COPPA”) regulations became effective. We updated the program in 2013, after the COPPA regulations were revised. As part of that update to the program, we introduced new processes to help companies understand the tracking taking place on their websites so they can manage and comply with COPPA. While our Children’s Privacy Certification program is not a major part of our business (we currently have approximately 20 COPPA certification customers out of 1,000+ certification customers overall), TRUSTe regards it as an important part of our privacy solutions set – due to the complexity and sophistication of the legislation it addresses, and our ongoing commitment to protecting kids’ privacy.
Today, I’d like to provide some details of our settlement agreement with the Office of the Attorney General of the State of New York (“NYAG”) and our submission to the U.S. Federal Trade Commission (“FTC”) of revisions to enhance our Children’s Privacy Certification Program. The settlement announced today relates solely to the operational practices of our Children’s Certification program – not the vast majority of our business such as TRUSTe’s many other certification, consulting, and technology solutions.
In August 2015, the NYAG began looking into two former participants in our Children’s Privacy Certification Program. As part of this inquiry, the NYAG expressed concerns with how we implemented some operational and technical processes related to how companies monitored tracking on their websites. We have agreed to several COPPA-specific actions – which do not affect our much-broader non-COPPA certification business.
This NYAG inquiry focused on a period prior to the FTC Decision and Order that went into effect March 2015. While the FTC Order did not find issues with TRUSTe’s privacy practices, it does relate to our certification operations, including our obligations under COPPA. Prior to the FTC Order, we had already begun instituting new certification processes and since that time we have continued to improve our policies, processes and governance practices to address evolving regulatory expectations and customer needs.
As part of the NYAG settlement we will continue certain of our established operational and technical processes such as ongoing use of a dedicated technical scan review team to analyze trackers which we implemented in early 2016; to further clarify certain of our specific Children’s Certification program policies; and to clarify operating procedures related to third party tracking technologies, such as an enhanced review and customer commitment regarding third party tracker uses.
As part of our ongoing engagement with the FTC, we have been working with them to update our Children’s Privacy Certification program and look forward to their review of our proposed enhancements that we have submitted.
Whether it’s helping a Fortune 10 company manage their global privacy program with our technology or helping a small US gaming company protect kids’ privacy in their mobile app with a certification, we continually strive to improve our services and technologies in an effort to assist our customers develop, implement and demonstrate privacy compliance globally.
The changes announced today will help us continue this improvement and further assist our clients in achieving their privacy compliance goals.
(For additional details around today’s news, please see the highlights further below.)
If you are looking for additional details on this announcement, here are some additional highlights:
- Our customers, regulators and TRUSTe all operate in an incredibly complex environment – and for two decades, TRUSTe has been committed to promoting trust in how privacy and personal information are protected online. As our business has grown within this environment, so has the complexity of related legislation. In the case of COPPA, the 2013 revisions to the regulations are effective in improving children’s privacy partly because they address the increasing complexity of cross-site tracking and profiling online.
- We take our regulatory relationships and scrutiny incredibly seriously – and the fact is that our work with the FTC and the NYAG helps strengthen our business and the solutions we offer, because such interactions push us to help customers tighten compliance with much-needed legal protections in a fast-moving online world.
- Most of what we have now formally agreed to with the NYAG relates to already well-established business processes that TRUSTe implemented in support of our FTC Order and as part of our ongoing commitment to continually improving our certification and verification programs in response to changing customer needs.
- Our business and the solutions we offer have changed, and will continue to change in response to evolving privacy requirements and expectations. Much has evolved since the years-ago timeframe that was the basis of both regulators’ concerns. Keeping pace with regulatory and other shifts, and delivering regular updates to the solutions we provide, will remain normal course of business for TRUSTe.
- For consumers, if you have an inquiry regarding the privacy practices of a TRUSTe COPPA client or other certification client, please visit truste.com/consumer-resources. TRUSTe provides privacy dispute resolution services to all of our certification clients so that you may raise privacy questions regarding a TRUSTe certified website, mobile application or business practice.