TrustE

Subscribe to TrustE

The Federal Trade Commission (FTC) approved TRUSTe’s proposed modifications to their Children’s Online Privacy Protection Act (COPPA) safe harbor program this week.

COPPA requires, among other things, that commercial website and mobile app operators that knowingly collect personal information from children under age 13 post comprehensive privacy policies on their websites and in their mobile apps, notify parents and guardians of the website’s or mobile app’s information practices, and obtain parental consent before collecting, using or disclosing any personal information from children under age 13. However, COPPA includes a ‘safe harbor’ provision whereby industry groups may seek approval from the FTC to create self-regulatory guidelines that implement “the same or great protections for children” as those in COPPA. Website and mobile app operators that participate in FTC-approved safe harbor programs are subject to the review and disciplinary procedures provided in the safe harbor guidelines in lieu of an FTC’s formal investigation or enforcement.
Continue Reading FTC Approves Modifications to TRUSTe’s COPPA Safe Harbor Program

Privacy laws in Asia-Pacific countries such as Japan, Australia, New Zealand and Singapore restrict the export of personal information except when the exporter meets certain qualifying conditions. One qualifying condition is if the exporter is in compliance with the Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules System (CBPR). Under the CBPR, the exporting company would have its data privacy policy and practices reviewed and certified by a third party to confirm the policy and practices are consistent with the applicable domestic law. For example, if an exporting company desired to export personal information of Japanese citizens, its privacy policy and practices would need to be consistent with Japanese law in order for the third party to certify the exporter was CBPR compliant. A company promoting compliance with CBPR on its website would be representing, directly or indirectly, expressly or by implication, that it was certified by a third party to participate in APEC’s CBPR system.

The U.S.’s data protection scheme does not require a third party to review a company’s privacy practices and policy prior to its export of personal information from the U.S. However, the U.S. scheme does prohibit a company from making false statements about its privacy practices and policy. Acting Federal Trade Commission (FTC) Chairman Maureen K. Ohlhausen recently reinforced the importance of this U.S. requirement, stating that companies “must live up to the promises they make to protect consumer data.”
Continue Reading FTC Resolves Allegations Against Three U.S. Based Companies Involving Misrepresentations of International Privacy Program Certifications

On April 6, 2017, New York Attorney General Eric Schneiderman (AG) announced that he has settled an investigation against TrustE for alleged violations of failing to adequately prevent illegal tracking technology on children’s websites, including Hasbro.com and Roblox.com. TrustE has agreed to pay the State $100,000 in the settlement and adopt measures to strengthen its