Regulators Find Apps & Websites Aimed at Children Show Lack of Privacy Controls

Family computer

Family computer

This week, regulators published the findings from their annual global privacy sweep which reviewed the privacy practices of nearly 1,500 apps and websites aimed at children. The review found that 67 percent harvested personal information, while only 31 percent employed controls. The investigation was conducted by the Global Privacy Enforcement Network in May and involved 29 data protection regulators.

“The attitude shown by a number of these websites and apps suggested little regard for how anyone’s personal information should be handled, let alone that of children,” said Adam Stevens of the UK Information Commissioner’s Office.

The FTC posted a response on its blog on Sept. 3 written by a couple officials from the Bureau of Consumer Protection, Office of Technology Research and Investigation.

After the sweep, Alberta Canada’s privacy commissioner immediately spearheaded a privacy education program for all Canadian students in grades 7-8. Canadian Privacy Commissioner Daniel Therrien added that a small number of websites and apps “did not collect any personal information at all, demonstrating it is possible to have a successful, appealing and dynamic product that is also child friendly and worry-free for parents.”

Read the rest of this entry »


Japan Amends Data Privacy Law & Proposed Implementing Regs Endorse CBPRs as Route to Compliance

By Josh Harris, Director of Policy

PersonalInformationEarlier today (Sept. 3), Japan’s Diet passed an amendment to the “Act on the Protection of Personal Information,” which has been in effect since April 2005. Under the amendment, which goes into effect in January 2016, Japan will establish a Personal Information Protection Commission. The Commission will be established as an independent authority in attempt to bolster Japan’s expected request for a determination of adequacy by the European Commission.

In addition, Article 24 of the amended law imposes restrictions on the transfer of personal information of Japanese citizens to third parties in foreign countries. Exemptions to these restrictions include express consent of the individual, transfer to foreign countries that the Personal Information Protection Commission determines have measures of protecting personal information equivalent to that of Japan, or where the third party has established a system which meets the Rules of the Commission to “continuously implement equivalent necessary measures.”

The draft rules for implementing Article 24 specifically call out a company’s APEC Cross Border Privacy Rules (CBPR) certification as satisfying this requirement. Japan joined the CBPR system in May 2014. TRUSTe has been an APEC-approved certifier under the CBPR system since 2013.


Registration Now Open for ‘EU Data Protection 2015 – Regulation Meets Innovation’



Today, registration opens for “EU Data Protection 2015 – Regulation Meets Innovation,” which will take place in San Francisco on Dec. 8. Check out details on the new event website and book your seat today at

The conference brings together thought leaders in privacy, security and regulation to address the changes in the proposed European General Data Protection Regulation and the business impact. The proposed Regulation represents the most significant development in global data protection law in the last 20 years.

The event is timed to coincide with the conclusion of the negotiations of the EU GDPR. It will take place at Bespoke, in downtown San Francisco, from 8 a.m.- 6 p.m.

Speakers include:

  • John Bowman, Senior Principal, Promontory & Former UK Negotiator for EU GDPR
  • Dennis Dayman, Chief Privacy & Security Officer, Return Path
  • Josh Harris, Director of Policy, TRUSTe
  • Barbara Lawler, Chief Privacy Officer, Intuit
  • Phil Lee, Partner & Head of US Officer, Fieldfisher
  • Robert Stankey, Partner, Davis Wright Tremaine,
  • Christian Wiese Svanberg, Attorney-at-Law, Plesner, & Former Danish Negotiator for EU GDPR
  • Hilary Wandall, AVP Compliance & Chief Privacy Officer, Merck & Co., Inc.
  • Tom Widgery, Director of Privacy and Information Security Governance, SVB Financial Group
  • Jack Yang, Associate General Counsel, Vice President, Head of Data Use and Privacy, Visa Inc.

Thank you to our launch sponsors and partners Davis Wright Tremaine LLP, National Cyber Security Alliance, Online Trust Alliance and Trunomi.

If you’re interested in speaking or sponsoring this event, please contact



September Spotlight: Live Demos, Privacy Webinars, IAPP Privacy. Security. Risk. 2015



September 10, 10-10:30 a.m., PDT

Live Demo: Ads Privacy Compliance Technology

Enforcement of DAA principles on interest-based advertising over desktop has been in force for a while now, but mobile enforcement starts Sept. 1. If you leverage interest-based advertising, you’ll need to have the following in place for both desktop and mobile environments across all devices. Learn more about mobile ad compliance in this live demo webinar.

Register here.


September 14- 16

Information Governance Exchange


TRUSTe is solution provider at this two-day event that attracts senior executives working in data privacy, governance and related fields. Attendees will connect with their peers and have the opportunity to attend numerous strategic information sharing sessions, one-to-one meetings and discussions.

Request an invitation here.


Read the rest of this entry »


End of Month Recap: What You May Have Missed [August]


At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month.


This month on the blog we covered data breaches, ‘Right to be Forgotten,’ and the new IoT Trust Framework, among other topics. This was the second month of our new series featuring the leading players in the Privacy Ecosystem. Check out the list below for some of the most popular blog posts this month:


New IoT Trust Framework Addresses Privacy Risks & Guidelines

On Aug. 11, the Online Trust Alliance released its Internet of Things Trust Framework to address IoT privacy and security risks. The Framework provides guidelines for IoT manufacturers, developers and retailers to follow when designing, creating, adapting and marketing connected devices in two key categories: home automation, and consumer health and fitness wearables.


Popular Webinar Tackles How Privacy Practices Can Help Prepare for a Data Breach

In this blog post, we introduce our first webinar teaser video. You’ll be seeing more of these short clips in future blog posts. The idea is to let visitors to the blog watch a minute of blog content before downloading the full version.


13 Companies Settle with FTC for False US-EU & US-Swiss Safe Harbor Claims

On Aug. 17, 13 companies settled with the Federal Trade Commission (FTC) for falsely claiming they were certified and in compliance with the US-EU or US-Swiss Safe Harbor Framework. Compliance with the Framework means companies must follow established requirements for meeting adequacy standards to transfer customer or employee data from the EU or Switzerland to the U.S. Then, companies must self-certify with the Department of Commerce. The self-certification needs to be renewed annually.


Survey Compares American and British Opinions on the ‘Right to be Forgotten’

This blog post coincided with the release of a new survey about the ‘Right to be Forgotten.’ Both American and British adults were asked their thoughts about this ruling and the results were interesting. While more British online adults (44%), than American online adults (29%), think that the ‘Right to be Forgotten’ ruling allows for censorship, both American and British adults’ responses were similar when it came to what type of data they would request removed from company databases.


This month in the Privacy Ecosystem series:

Meet the Leading Players in the Privacy Ecosystem: Craig Spiezle, Executive Director & President, Online Trust Alliance

Meet the Leading Players in the Privacy Ecosystem: Daniel J. Solove, Founder, TeachPrivacy

Meet the Leading Players in the Privacy Ecosystem: Gabe Totino, President & CTO, AssertID


What else would you like to read about on the TRUSTe blog?


Survey Compares American and British Opinions on the ‘Right to be Forgotten’

Right to be Forgotten

Right to be Forgotten

It can be a thin line between censorship and human rights – at least, according to the opinions of online Americans and British Internet users in a recent survey about the ‘Right to be Forgotten’ ruling.

The ‘Right to be Forgotten’ ruling stipulates that “individuals have the right, under certain conditions, to ask search engines to remove links with personal information about them. This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data processing.”

According to a new survey by TRUSTe, 69% of American online adults say that the ‘Right to be Forgotten’ is a human right, while slightly fewer British Internet users – 64%, say the same.

The survey showed feelings of American Internet users compared with British Internet users are slightly different when it comes to the practicality of the ‘Right to be Forgotten’ – while 24% of British Internet users think the ruling is not practical, only 16% of Americans say the same. An even greater difference is how people in Britain feel about the impact of the ruling on censorship. When asked if they think the ‘Right to be Forgotten’ ruling allows for censorship, 44% of British online adults said “yes” while only 29% of Americans felt the same.

However, the results were quite similar when it came to questions about what type of information they would request removed from company databases. Fifty-two percent of Americans and 55% in Britain said they would request to have their phone number removed, followed by their address (41% of Americans, 34% of British Internet users).

You can read the full U.S. press release here and the U.K. press release here.


TRUSTe Hosted Reception for APEC’s Data Privacy Subgroup

fort bonifacio skyscrapers manila


On August 26th, TRUSTe hosted a welcome reception for the Asia Pacific Economic Cooperation’s (APEC) Data Privacy Subgroup (DPS) at the Marco Polo Hotel in Cebu, Philippines.

The semi-annual meeting of the DPS is taking place on the margins of APEC’s Third Senior Officials meeting during the Philippines APEC host year. APEC is a regional economic forum established in 1989 to leverage the growing interdependence of the Asia-Pacific region. APEC’s DPS developed the Cross Border Privacy Rules (CBPR) system in 2006 to build consumer, business and regulator trust in cross border flows of personal information.

To date, TRUSTe is the only recognized Accountability Agent to certify organizations as compliant with this standard. For further information visit

Read the rest of this entry »


Privacy Meetup Event: ‘Breach Considerations, Communication Best Practices’



Join the Privacy Innovation & Technology Group on August 25th from 6-8 p.m. at the TRUSTe US offices, located at 835 Market Street, Suite 800 San Francisco.

The title of this event is “The New Normal: Breach Considerations & Communication Best Practices.” You can register for the event through

The guest speaker is Sofia Mata-Leclerc, Director of Brunswick Group. She advises clients on a range of corporate reputation issues, specializing in corporate positioning, profile-raising and crisis communications. Read more about Sofia by visiting the Privacy Innovation & Technology’s Meetup page.

The schedule for the event is as follows:

6-6:30 p.m. – Kick back and make nice with privacy professionals
6:30-7:30 p.m. – Communicating in “The New Normal”: Breach Considerations & Consideration Best Practices
7:30-8 p.m. – Continued networking

If you’d like to join this Meetup group to be alerted of future events, click here to be taken to the group’s Meetup page.


Older posts «

» Newer posts