FTC Exposes Certification Flaws with TRUSTe Seals

TRUSTe, Inc.’s online certifications are not always trustworthy according to the Federal Trade Commission (FTC).

The FTC found, and TRUSTe agreed, that the company misled consumers in two respects.  First, TRUSTe failed to conduct annual recertifications of websites holding TRUSTe Certified Privacy Seals.   Second TRUSTe failed to monitor references in its seals, which falsely stated the company was a non-profit entity when, in fact, it changed to a for profit company in 2008, the TRUSTe complaint states.

TRUSTe provides online seals to businesses that meet specific requirements for consumer privacy programs that it administers.  TRUSTe claims its seals assure consumers that businesses’ privacy practices are in compliance with specific privacy standards, such as the Children’s Online Privacy Protection Act (COPPA) and the U.S.-EU Safe Harbor Framework.

TRUSTe claims it is “the #1 privacy brand,” the FTC noted.  The company’s “Click-to-verify” seals connect to TRUSTe’s website to verify the seal holder’s name, specific privacy seals held, and the validity date for each seal.

truste seal

TRUSTe represented that the certificates are recertified on an annual basis.  However, the FTC found this was not always true.

From 2006 to 2013, TRUSTe “did not conduct annual recertifications for all companies holding TRUSTe Certified Privacy Seals,” the FTC found.  “In over 1,000 instances, TRUSTe conducted no annual review of the company’s compliance with applicable Program Requirements.”

The FTC also found that TRUSTe’s monitoring fell short in recertification because it recertified some entities that continued to state on their websites that TRUSTe was a non-profit company even though that status had changed in 2008.

TRUSTe agreed to pay the FTC $200,000.  Under the TRUSTe settlement, the company also is required to annually report to the FTC its COPPA-related safe-harbor activities.

True Ultimate Standards Everywhere, Inc., d/b/a TRUSTe, Inc., Federal Trade Commission Docket C-1323219, approved Nov. 17, 2014.