TRUSTe Certifications and Online Trust
September 25th, 2006
In a recent study, the efficacy of our program and our standards has been called into question. TRUSTe disagrees with the study and its conclusion that TRUSTe certified websites are less trustworthy than non-certified web sites. TRUSTe requires its sealholders to adhere to a strict set of standards for consumer privacy based on informed choice for the use of personal information. Our processes are rigorous – on average 12% of applicants do not earn certification, and 100% of certified websites need to make changes to their policies, practices or websites prior to receiving certification. Notable companies with TRUSTe certification include Apple, Avis, Disney, eLOAN, Nationwide, NFL, and Pfizer. Consumers can be confident that TRUSTe certified sites comply with the disclosed privacy policy and offers them informed notice and choice.
The study does not present a full or accurate review of TRUSTe’s program requirements, monitoring processes and enforcement tools. The TRUSTe Web Seal Program Requirements represent a leading edge of privacy practices requiring disclosure of the uses of personal data, informed choice (as well as specifics for third-party sharing), and commitment to the Watchdog Dispute Resolution program. TRUSTe uses a number of tools, from user complaints to email seeding, to ensure continued compliance with our standards for informed notice and choice. Consumer generated Watchdog complaints have resulted in severe sanctions against licensees, including TRUSTe’s public termination of Gratis Internet - a company that the New York Attorney General has sued subsequent to TRUSTe’s actions.
In addition to several inaccuracies and misstatements, the study’s conclusions are based on an underlying set of assumptions, without exposition the methodology, definitions, and approach giving rise to such assumptions. TRUSTe views Site Advisor as a potentially useful monitoring tool, but not an accreditation program or an authority on privacy. Both approaches have strengths and shortcomings. As an accreditation program TRUSTe will err on the side of rating companies as trustworthy, conversely SiteAdvisor has been shown in some cases to err on the side of untrustworthy.
As for the four sites called out on Mr. Edelman’s blog, Direct-Revenue and MaxMoolah (and all WinHundred related companies) are no longer in the TRUSTe program. FunWebProducts, was, by an error in our database listed on our customer list, but it has never been certified, and has never displayed any seals or reference to TRUSTe to consumers. The fourth, Webhancer is certified by TRUSTe and will be required to submit its software for certification to Trusted Download program which is launching imminently. The Trusted Download program was designed specifically to address notice and choice and control issues with software that go beyond our website requirements. Like the Website Privacy Seal program, it will offer companies incentives to provide notice and choice while prohibiting intrusive behaviors.
We welcome this opportunity for regulators and others to closely review certification programs and for consumers to pay closer attention to seal and ratings programs and their requirements. We invite the public to closely look at the rigorous requirements of the TRUSTe web seal program, email privacy seal program, as well as our recently announced Trusted Download Program.
Entry Filed under: All, In the News
3 Comments
1. ReveNews - Wayne Porter: … | September 25th, 2006 at 2:12 pm
TRUSTe or not to TRUSTe… That is the Question- Porter on Edelman…
In my last entry to CPC or not to CPC That is the Question… I talked with Steve Denton, President of Linkshare about cookie methodology. I took a break because last week was quite a week for me- chasing the Pipeline Worm and on its heels the Heart Wo…
2. Carolyn Hodge | September 25th, 2006 at 4:37 pm
TRUSTe encourages complaints against our sealholders from consumers via our Watchdog, and experts as well.
When we learn of issues in trust we follow a process for requiring companies to change. The strength of this process is also its weakness - optimism that companies can change for the benefit of consumers, trust in our sealholders and thier commitment to thier customers, and a due process to obtain buy-in and make it happen.
Ben’s job is to weed out the bad guys - our job is to make companies change thier practices. And we are constantly working on feedback we get from many sources. Because of feedback from the anti-spyware community we will be issuing new requirements for software that go beyond our current webseal requirements. Because Ben pointed out some companies they are no longer part of the TRUSTe program.
3. Lampie | October 3rd, 2006 at 11:48 pm
CEO Bob Lewin said, “Take RealNetworks. The issue there occurred outside the scope of the current TRUSTe program. Yes, Real Networks is a TRUSTe licensee, but this particular issue had nothing to do with the collection of personal information on the Web site; it had to do with the collection of user information using software servers. Now, within a week, even though it was outside the program, we announced the formation of a pilot to evolve our program to handle those situations. I defy any government agency to do that.”
That was seven years ago.
On the “Who We Are” page of this blog, it says; “In November 2005, O’Malley’s team launched the Trusted Download Program”
That was 11 months ago.
Now you say “Because of feedback from the anti-spyware community we will be issuing new requirements for software that go beyond our current webseal requirements.”
I get the impression that TRUSTe is dragging it’s feet on the software issue.
For the past ten years TRUSTe has gotten watchdog complaints about member sites that abuse the concept of privacy, and refused to act because of some undefined scope you have limited yourself to.
I find no mention of this “scope” on your website. I find no mention of not covering abuse through software. Nowhere on your site does it say a member can deviate from it’s privacy agreement with your blessing (TRUSTe Seal), as long as it does it outside of this undefined scope.
Yet that is how it’s been for ten years.
TRUSTe said that Microsoft’s GUID was outside the scope of it’s program because it used the internet, but not Microsoft’s website, to collect data. The conclusion? Microsoft was in full compliance with TRUSTe.
Apple got to keep it’s seal because Quote: “TRUSTe does not handle cases involving: Software applications”.
RealNetworks got by because they used software servers, whatever that means. Since the seal is worthless when a member site is using “software servers”, please instruct me on how to tell if that is the case. Also, why doesn’t your scope cover this?
You state in this blog “Consumers can be confident that TRUSTe certified sites comply with the disclosed privacy policy and offers them informed notice and choice.”
Where’s the part about “but only if they don’t use more than one domain, or software servers, or just plain software, to violate your privacy. If they do that, you’re on your own.”?
Where can I go to learn the details of TRUSTe’s “scope”?
If TRUSTe is for disclosure and transparency, why can’t I find any of this information on your website?
Please disclose, and make this issue transparent.
Lampie
Trackback this post