Galexia

Trustmark Schemes Struggle to Protect Privacy (2008)

2. Standards

The most important test for privacy protection in the trustmarks environment is the underlying standards or requirements that are applied by each scheme. Perhaps expectations here should be realistic – what standard should a consumer expect in a market where a business can buy a legitimate looking privacy seal for $15.99 a year?

Indeed, the privacy standards are appallingly low for trustmarks. Attempts to impose higher standards (during the early stages of trustmark development) appeared to fail on commercial grounds. For example, TRUSTe originally had three privacy seals, indicating whether the collection and disclosure of personal information occurred using a colour scheme.

This was quickly dropped in favour of a single seal:

TRUSTe's original idea was to allow a website to display one of three icons, indicating whether its privacy policy was good, ok, or bad. There turned out to be problems with this - strangely enough, no site wanted to post an icon saying that their privacy sucked - and the icons looked too similar anyway. So they went with one icon, a ‘badge’ that every member site posts. All the badge means is that the site has a privacy policy, and that, as far as TRUSTe knows, they haven't violated it.[7]

More recently, TRUSTe indicated that commercial considerations still had an impact on TRUSTe’s privacy standards:

Ms. Maier [CEO] said that TRUSTe would not attract companies into its program if it required them to get the affirmative consent of every user for any use of personal data. [8]

As TRUSTe is the largest remaining trustmark scheme, it is important to examine the privacy standards they apply to members. When a consumer visits a website and clicks on the TRUSTe logo they are taken to a verification page, which makes the following claims:

The TRUSTe program is consistent with government and industry guidelines concerning the use of your personal information. These standards include the Organization for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, the Federal Trade Commission and Department of Commerce's Fair Information Practices, the California Online Privacy Protection Act, and the CAN-SPAM Act.

This sounds very impressive, but is it true?

The first standard mentioned in the claim is the OECD Guidelines. In fact, these OECD Guidelines contain several principles that do not appear anywhere in the TRUSTe standards for a generic seal.[9] These include:

  • OECD Collection Limitation Principle
    There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
  • OECD Data Quality Principle
    Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

This is not the first Article to assess TRUSTe’s privacy standards against the OECD Guidelines, and they have been found wanting by two Data Protection Commissioners:

Another, and more troubling problem, relates to the actual privacy standards set by the seal programs. Different seals mean different things. Some are not seals of assurance at all, and do not require adherence to a specified privacy policy. This office [the Information and Privacy Commissioner Ontario] and Australia’s federal Data Protection Commissioner conducted a joint study comparing the privacy criteria of the three most popular seals – TRUSTe, BBBOnLine and WebTrust – against the OECD Guidelines. In our opinion, none of these seal programs, at the time of our review, fully met the standards of the OECD Guidelines. The common deficits were no requirement to: 1) limit collection; 2) ensure that data was relevant to the purposes; 3) provide information to the data subject in a reasonable time and manner, without excessive charge, and in an intelligible manner; and 4) provide reasons for any denial of access.[10]

The claim of ‘consistency’ with the OECD Guidelines is a strong one. The complete absence of two of the OECD Principles is not mentioned on the TRUSTe site.

TRUSTe’s privacy standards for their most common seal (the ‘basic’ privacy seal with over 2000 members) are in fact lower than any privacy law, binding agreement or international privacy standard. Indeed, the TRUSTe standards have to be strengthened (by the inclusion of extra access and correction rights) for organisations wishing to receive the TRUSTe EU Safe Harbour Privacy Seal – a program that includes around 15% of TRUSTe members.

Unfortunately, despite this low bar, TRUSTe has the highest privacy standards of any of the generic privacy trustmark schemes available, now that the BBB Online Privacy Seal program has closed.

The low privacy standards in the trustmark market are further eroded when the trustmark disclaimers are taken into account. For example, the Trust Guard disclaimer states:

Trust Guard is a website verification company. We take great care in our verification process and strive to offer accurate, reliable information to consumers. If a Trust Guard Verified company changes its information without informing Trust Guard, we cannot be held responsible.[11]

The Guardian eCommerce disclaimer states:

A Web site's participation in the Safe Site Approval and Privacy Seal Program does not guarantee consumers are protected in terms of privacy and security.  While seal program participants have met our strict code of ethics and our site requirements, this does not guarantee a Web site's compliance now or in the future.[12]

Some trustmark schemes make very little attempt to impose privacy standards. For example, the Trust Guard Privacy Verified seal looks impressive to consumers, but to qualify you only have to include a brief three paragraph privacy policy.

Trust Guard also promises that ‘As soon as you place your Multi-Seal order, we’ll begin the verification process, send you your Seals, and set up your Certificate within one business day; updating any outstanding issues on your Certificate as they are verified. This allows you to start receiving benefits to your website right away!’ The cost of the privacy seal is either $197 per year or about $130 per year as part of a multi-seal package deal. Readers may wish to make their own determination of the level of privacy protection provided by Trust Guard at these prices when combined with their 24 hour approval process.

The low level of privacy standards have resulted in great disappointment for many users. A typical expression of this disappointment comes from a complainant:

The [TRUSTe seal] was like a warm fuzzy blanket that made me feel more comfortable visiting the site in question, and I never paid more heed to it than that. This warm fuzzy blanket, though, turned out to be crawling with bedbugs and full of holes.[13]

[7] Slashdot, TRUSTe Decides Its Own Fate Today, 8 November 1999, <http://yro.slashdot.org/article.pl?sid=99/11/05/1021214>.

[8] Hansell S, Will the Profit Motive Undermine Trust in Truste, 15 July 2008, <http://bits.blogs.nytimes.com/2008/07/15/will-profit- motive-undermine-trust-in-truste/>.

[9] <http://www.truste.org/requirements.php>

[10] Ann Cavoukian, Should the OECD Guidelines Apply to Personal Data Online? A Report to the 22nd International Conference of Data Protection Commissioners (Venice, Italy), September 2000, <https://ospace.scholarsportal.info/bitstream/1873/6935/1/10301025.pdf>. See also: The Office of the Information and Privacy Commissioner Ontario and The Office of the Federal Privacy Commissioner of Australia, Web Seals: A Review of Online Privacy Programs, September 2000, <http://www.privacy.gov.au/publications/seals.html>.

[11] <https://secure.trust-guard.com/seal/certificates/therichpom.htm>

[12] <http://www.guardianecommerce.net/guardlegal.htm>

[13] Mansour S, TRUSTe covering for Facebook, December 2007, <http://stevenmansour.com/writings/2007/december/24/truste_covering_facebook>.