If there was any confusion about what TRUSTe meant when we said we look at different things than SiteAdvisor, things got a tad clearer today when they announced they “don’t do phishing.”
This is only significant because in the previous post on this blog TRUSTe defends itself in a side-by-side comparison with SiteAdvisor, conducted by Ben Edelman, an expert reviewer and advisory board member to Site Advisor.
To repeat our previous posting, “TRUSTe views Site Advisor as a potentially useful monitoring tool, but not an accreditation program or an authority on privacy. Both approaches have strengths and shortcomings.”
Apples to oranges comparisons only become problematic when you come out on the losing end.
September 28th, 2006
In a recent study, the efficacy of our program and our standards has been called into question. TRUSTe disagrees with the study and its conclusion that TRUSTe certified websites are less trustworthy than non-certified web sites. TRUSTe requires its sealholders to adhere to a strict set of standards for consumer privacy based on informed choice for the use of personal information. Our processes are rigorous – on average 12% of applicants do not earn certification, and 100% of certified websites need to make changes to their policies, practices or websites prior to receiving certification. Notable companies with TRUSTe certification include Apple, Avis, Disney, eLOAN, Nationwide, NFL, and Pfizer. Consumers can be confident that TRUSTe certified sites comply with the disclosed privacy policy and offers them informed notice and choice.
The study does not present a full or accurate review of TRUSTe’s program requirements, monitoring processes and enforcement tools. The TRUSTe Web Seal Program Requirements represent a leading edge of privacy practices requiring disclosure of the uses of personal data, informed choice (as well as specifics for third-party sharing), and commitment to the Watchdog Dispute Resolution program. TRUSTe uses a number of tools, from user complaints to email seeding, to ensure continued compliance with our standards for informed notice and choice. Consumer generated Watchdog complaints have resulted in severe sanctions against licensees, including TRUSTe’s public termination of Gratis Internet - a company that the New York Attorney General has sued subsequent to TRUSTe’s actions.
In addition to several inaccuracies and misstatements, the study’s conclusions are based on an underlying set of assumptions, without exposition the methodology, definitions, and approach giving rise to such assumptions. TRUSTe views Site Advisor as a potentially useful monitoring tool, but not an accreditation program or an authority on privacy. Both approaches have strengths and shortcomings. As an accreditation program TRUSTe will err on the side of rating companies as trustworthy, conversely SiteAdvisor has been shown in some cases to err on the side of untrustworthy.
As for the four sites called out on Mr. Edelman’s blog, Direct-Revenue and MaxMoolah (and all WinHundred related companies) are no longer in the TRUSTe program. FunWebProducts, was, by an error in our database listed on our customer list, but it has never been certified, and has never displayed any seals or reference to TRUSTe to consumers. The fourth, Webhancer is certified by TRUSTe and will be required to submit its software for certification to Trusted Download program which is launching imminently. The Trusted Download program was designed specifically to address notice and choice and control issues with software that go beyond our website requirements. Like the Website Privacy Seal program, it will offer companies incentives to provide notice and choice while prohibiting intrusive behaviors.
We welcome this opportunity for regulators and others to closely review certification programs and for consumers to pay closer attention to seal and ratings programs and their requirements. We invite the public to closely look at the rigorous requirements of the TRUSTe web seal program, email privacy seal program, as well as our recently announced Trusted Download Program.
September 25th, 2006
By John Tomaszewski
The response in the commercial space to the Xanga.com settlement with the FTC has raised some interesting speculation/interpretation on FTC enforcement of the Children’s Online Privacy Protection Act (COPPA). One assumption is that the FTC doesn’t consider End User License Agreements (EULAs) to be worth the paper they are printed on, from a compliance perspective. If a EULA is going to be a legitimate mechanism to inform consumer consent to be bound by the terms, the FTC is looking for a EULA that a consumer can read and reasonably understand the implications without completing a law degree.
All of these EULAs are non-negotiable (the legal term for this is an adhesion contract). Most of the contracts that I sign are adhesive (my apt. lease, my claim check at a parking lot, my airline tickets, etc). I do have the choice not to do business if the contract is draconian. In the Xanga case, the FTC isn’t saying that EULAs are useless and not enforceable. They recognize EULAs non-negotiability but if they are going to be the mechanism for informing consent, they cannot require the average consumer to go through 10 pages of 8 point type to find that they can’t use the site if they are under the age of 13. If you are going to rely on a EULA for notice you had better make sure you are comfortable with your ten-year-old’s ability to understand the bargain it requires.
The answer to the child protection burden for many general audience Web sites has been simply to avoid collecting birthdates. This may allow these sites a safe harbor of plausible deniability, but it completely skirts the intent of the law, which is to protect children. Children these days are growing up privacy and security aware. Avoiding age collection also misses an opportunity to build trusting relationships with kids and their guardians about their online choices. Companies marketing to children should follow the golden rule to keep their audience in mind whether they are promoting products or providing choices.
September 20th, 2006