On April 6, 2017, New York Attorney General Eric T. Schneiderman announced that privacy compliance company TRUSTe, Inc., agreed to settle allegations that it failed to properly verify that customer websites aimed at children did not run third-party software to track users. According to Attorney General Schneiderman, the enforcement action taken by the NY AG is the first to target a privacy compliance company over children’s privacy.
TRUSTe was certified by the FTC to operate a Children’s Online Privacy Protection Act (“COPPA”) safe harbor program, under which companies could use its COPPA services to demonstrate compliance with the law. The NY AG alleged that TRUSTe failed to run scans of “most or all” of its 32 customers’ websites for third-party tracking technology on the children’s webpages of those websites. The NY AG further alleged that TRUSTe “failed to make a reasonable determination as to whether third-party tracking technologies present on clients’ websites violated COPPA, certifying child-directed websites despite information indicating that third parties present on those websites collected and used the personal information of users in a manner prohibited by COPPA.”
Under the terms of the settlement, TRUSTe agreed to pay $100,000 and “adopt new measures to strengthen its privacy assessments,” including (1) conducting an annual review of the information policies, practices and representations of each customer that participates in its COPPA safe harbor program; (2) requiring customers to conduct comprehensive internal assessments of their practices relating to information collection and use and (3) providing regular training to individuals responsible for performing assessments within the COPPA safe harbor program.