IAPP’s ‘Top 10 Privacy Law Stories of 2014’ — Article by TRUSTe’s Joanne Furtsch

The IAPP’s list of “Top 10 Privacy Law Stories of 2014” includes an article by TRUSTe’s Director of Product Joanne Furtsch. The author of the IAPP post, IAPP Knowledge Manager Emily Leach, CIPP, writes, “Privacy + law. Some may see good potential for a snooze fest there, but this year’s top Privacy Tracker stories will surely prove them wrong. From China to California to the EU; starring giant of the leisure industry, the tech industry and global governments, and encompassing battles over personal freedoms and government overreach, these are stories that made sure nobody in privacy could nap on the job.” She continues:

Below, based on click rates, are the year’s most interesting privacy law stories. This may not quite get Barbara Walters-style ratings, but it should. These legislative changes have the power to alter the way billions of people access information—and are surveilled by their governments and their service providers—and may truly shape the modern definition of privacy.


COPPA is Not Just for Kids’ Websites Anymore

This article was first published in the IAPP Privacy Tracker blog on 10/28/14 

By Joanne Furtsch, Director of Product Policy at TRUSTe, CIPP/C, CIPP/US

It’s not just online services and websites targeted toward children that need to be diligent about following Children’s Online Privacy Protection (COPPA) regulations. A few months ago the Federal Trade Commission (FTC) took two companies to court for violating COPPA.

These most recent cases highlight two ends of the spectrum of COPPA violators: One was an app specifically targeted toward children, while the other was a popular app for all audiences that had a faulty age-gate mechanism and was collecting personal information from children under age 13 who were using the app.

Regardless of the audience a website or online service is intended for, these recent cases underscore the importance for companies to ensure they comply with COPPA.

COPPA first went into effect in 2000. It only applies to children under 13 because that age group was deemed the most vulnerable to online marketing (although best practices suggest asking parental permission for all minors). Two years ago the FTC revised the COPPA Rule to keep pace with rapidly changing technology by adding five additional regulations to the existing set of rules. The updates include expanding the types of personal information companies cannot collect from minors under the age of 13 unless the company gets verifiable parental consent (VPC).


TRUSTe finds extensive number of Third Parties on Kids sites – What this means for COPPA Compliance

Tony Berman
Sr. Product Manager | TRUSTe

As most website operators know, the updated COPPA Rule goes into effect July 1, 2013. Included in the update comes an obligation to clearly list all third party operators who collect personal information along with their name and contact information.

With this in mind, earlier this month I used TRUSTe’s Website Monitoring Service to find aggregate data for the top 25 Alexa ranked kids gaming websites. My findings indicate that these sites utilize a great number of third parties including service providers that may be collecting personal information such as persistent identifiers directly from children under the age of 13. These third parties may need to be listed in the gaming website’s privacy policy as collecting data directly from children in order to comply with the updated COPPA Rule. The FTC addresses this requirement in its updated COPPA FAQS in question C.5.

Summary of findings: On average there are over 47 third parties per website. Over 62% of third parties found are advertising related companies, while the next largest category of social/sharing tools is at just over 7%. 77% of third party cookies found are persistent.


Catch Us If You Can – April 2013

Melissa Pereira

Director of Corporate Communications | TRUSTe


TRUSTe's exibition as part of the Ad:tech tradeshow.

———April 9 -10

We kick-off April at Ad:Tech in San Francisco’s Moscone Center West. Stop by TRUSTe’s booth, #2215 to meet the TRUSTe team and learn more about how we’re providing leading privacy management solutions to the advertising ecosystem.

Catch a live demo of the TRUSTe Website Tracker Monitoring Service, an innovative monitoring product, which helps customers get detailed insight on the tracking technologies (such as cookies, flash cookies, pixels, web beacons and scripts) on their websites or ads. Receive a free scan report of your domain and learn how this product offers clients fully customizable scans, website performance analysis and immediate tracker alerting to name a few.

To celebrate our exciting new partnership during #Ad:tech SF, we’ll be hosting an invite only networking party with Nexage on Tuesday from 7-10pm at John Colins, San Francisco.

Join TRUSTe on Wednesday, April 10 at the Future of Privacy+Innovation event TRUSTe VP of Product Kevin Trilli will speak at the this UC Hastings Privacy and Technology Project event with Keynote Speaker Kamala D. Harris, California Attorney General at the Runway Workspace, San Francisco. (more…)

Will the new COPPA Rules Effect TRUSTe’s COPPA Safe Harbor Program?

Jim Rennie
Sr. Product Counsel | TRUSTe


Today, the FTC announced new amendments to the Children’s Online Privacy Protection Act (COPPA) rules.  COPPA focuses on the collection and use of data concerning children under the age of 13.  COPPA was first enacted in 2000, the new rule amendments are intended to update the law and bring it in line with current technologies and practices.  The new rules go into effect July 1, 2013.

TRUSTe’s COPPA Safe Harbor program has been a leading compliance solution for companies seeking to serve the needs of children and their parents online.

As a leader in online privacy compliance, TRUSTe has always strived to set a bar for certification that is above the bare minimum required.  This philosophy helps to smooth the transition sparked by rule changes such as this one, as many of the changes are already incorporated into TRUSTe’s program requirements and our best practice recommendations.

For example: under the new rules, geolocation data will be considered Personal Information which may not be collected without parental consent.  Not only has TRUSTe required geolocation data to be treated as Personal Information for several years, we have also required transmission of such information be encrypted in order to enhance consumer safety.

Similarly, under the new rules unique identifiers such as mobile device IDs and IP addresses are considered Personal Information.  TRUSTe has been advising our client for some time that our understanding of Personal Information includes exactly these types of identifiers. (more…)