TrustArc Blog

Regulators Find Apps & Websites Aimed at Children Show Lack of Privacy Controls

September 04, 2015

Family computer

This week, regulators published the findings from their annual global privacy sweep which reviewed the privacy practices of nearly 1,500 apps and websites aimed at children. The review found that 67 percent harvested personal information, while only 31 percent employed controls. The investigation was conducted by the Global Privacy Enforcement Network in May and involved 29 data protection regulators.

“The attitude shown by a number of these websites and apps suggested little regard for how anyone’s personal information should be handled, let alone that of children,” said Adam Stevens of the UK Information Commissioner’s Office.

The FTC posted a response on its blog on Sept. 3 written by a couple officials from the Bureau of Consumer Protection, Office of Technology Research and Investigation.

After the sweep, Alberta Canada’s privacy commissioner immediately spearheaded a privacy education program for all Canadian students in grades 7-8. Canadian Privacy Commissioner Daniel Therrien added that a small number of websites and apps “did not collect any personal information at all, demonstrating it is possible to have a successful, appealing and dynamic product that is also child friendly and worry-free for parents.”

Read more “Regulators Find Apps & Websites Aimed at Children Show Lack of Privacy Controls”

End of Month Recap: What You May Have Missed [August]

August 31, 2015

At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. This month on the blog we covered data breaches, ‘Right to be Forgotten,’ and the new IoT Trust Framework, among other topics. This was the second month of our new series featuring the leading players in the Privacy Ecosystem. Check out the list below for some of the most popular blog posts this month:   New IoT Trust Framework Addresses Privacy Risks & Guidelines On Aug. … Continue reading End of Month Recap: What You May Have Missed [August]

13 Companies Settle with FTC for False US-EU & US-Swiss Safe Harbor Claims

August 18, 2015

Thirteen companies settled with the FTC yesterday for falsely claiming they were certified and in compliance with the US-EU or US- Swiss Safe Harbor Framework. Compliance with the US-EU and US-Swiss Safe Harbor Frameworks means companies follow established requirements for meeting adequacy standards to transfer customer or employee data from the European Union or Switzerland to the United States. To be in compliance, companies must self-certify with the Department of Commerce and are required to show compliance with the seven privacy principles. These principles are notice, choice, onward transfer, security, data integrity, access and enforcement. This self-certification needs to be … Continue reading 13 Companies Settle with FTC for False US-EU & US-Swiss Safe Harbor Claims

TRUSTe finds extensive number of Third Parties on Kids sites – What this means for COPPA Compliance

June 18, 2013

Tony Berman
Sr. Product Manager | TRUSTe

As most website operators know, the updated COPPA Rule goes into effect July 1, 2013. Included in the update comes an obligation to clearly list all third party operators who collect personal information along with their name and contact information.

With this in mind, earlier this month I used TRUSTe’s Website Monitoring Service to find aggregate data for the top 25 Alexa ranked kids gaming websites. My findings indicate that these sites utilize a great number of third parties including service providers that may be collecting personal information such as persistent identifiers directly from children under the age of 13. These third parties may need to be listed in the gaming website’s privacy policy as collecting data directly from children in order to comply with the updated COPPA Rule. The FTC addresses this requirement in its updated COPPA FAQS in question C.5.

Summary of findings: On average there are over 47 third parties per website. Over 62% of third parties found are advertising related companies, while the next largest category of social/sharing tools is at just over 7%. 77% of third party cookies found are persistent.

Read more “TRUSTe finds extensive number of Third Parties on Kids sites – What this means for COPPA Compliance”

10 Important Questions about Privacy as we head into 2013

January 03, 2013

Saira Nayak
Director of Policy, TRUSTe

Photo Source

In 2012, privacy went mainstream.

Issues that were previously the sole province of policy wonks became part of the national discussion: the Petraeus-Broadwell scandal (email privacy and ECPA reform), relaxed FAA restrictions resulting in the use of drones by law enforcement (limits on government surveillance, more ECPA reform) and the very successful role of big data and microtargeting in the 2012 elections (OBA compliance anyone?).

As we start 2013 with privacy firmly ensconced in the national consciousness, important questions – about how privacy policy and enforcement should be framed- remain unanswered.

Here are the questions we think will continue to loom large for consumers, industry and policymakers in 2013:

1. Should law enforcement be required to get a warrant before accessing my emails and texts?

The Petraeus-Broadwell episode demonstrated how easily the government can gain access to electronic communications (texts, email) without an individual’s knowledge or permission. Shortly after the story broke, legislation requiring a warrant for access to an individual’s electronic communications advanced with bipartisan support in the House and Senate. The bill should have a good chance this year, but that all depends on whether privacy will have visibility and bipartisan support in the 113th Congress.] Read more “10 Important Questions about Privacy as we head into 2013”

How Flash Cookies Left A Bad Taste In the FTC’s Mouth

November 09, 2011

John Gamble
Marketing Manager | TRUSTe


Image Credit 

Yesterday the Federal Trade Commission announced a settlement with ScanScout, an online video advertising network, over charges that the company deceived consumers about their ability to opt-out of online tracking activities. ScanScout’s privacy policy read:

“You can opt out of receiving a cookie by changing your browser settings to prevent the receipt of cookies.”

The problem? That wasn’t actually true. While one can opt-out of HTTP cookies using this method, the Flash cookies used by ScanScout to track consumers cannot be controlled via browser settings. (For more information about tracking technology like Flash cookies, check out this FTC educational article).  The FTC found ScanScout’s disclosure deceptive and in violation of the FTC Act and as part of the settlement the company is required to complete the following actions:

  1. Fix their privacy policy
  2. Display prominent notice on their homepage disclosing their tracking and linking to an opt-out mechanism
  3. Display a link within or next to all its targeted display ads that provides an opt-out mechanism

There’s been a real uptick in FTC privacy cases in the last year – most recently they’ve settled with for COPPA violations, Google over its “Google Buzz” rollout,  Frostwire for its Android App, and now ScanScout. And that’s just in the last two months! Could your company be next? Here are some takeaways from this most recent case:

You need total transparency in your privacy policy 

Leave no stone unturned in your disclosures. Avoid ambiguous language: if you’re tracking consumers then in no uncertain terms you should disclose a) how you are doing it, and b) how consumers can opt-out of it. Anything short of that invites scrutiny. Read more “How Flash Cookies Left A Bad Taste In the FTC’s Mouth”