TrustArc Blog

Regulators Find Apps & Websites Aimed at Children Show Lack of Privacy Controls

September 04, 2015

Family computer

This week, regulators published the findings from their annual global privacy sweep which reviewed the privacy practices of nearly 1,500 apps and websites aimed at children. The review found that 67 percent harvested personal information, while only 31 percent employed controls. The investigation was conducted by the Global Privacy Enforcement Network in May and involved 29 data protection regulators.

“The attitude shown by a number of these websites and apps suggested little regard for how anyone’s personal information should be handled, let alone that of children,” said Adam Stevens of the UK Information Commissioner’s Office.

The FTC posted a response on its blog on Sept. 3 written by a couple officials from the Bureau of Consumer Protection, Office of Technology Research and Investigation.

After the sweep, Alberta Canada’s privacy commissioner immediately spearheaded a privacy education program for all Canadian students in grades 7-8. Canadian Privacy Commissioner Daniel Therrien added that a small number of websites and apps “did not collect any personal information at all, demonstrating it is possible to have a successful, appealing and dynamic product that is also child friendly and worry-free for parents.”

Read more “Regulators Find Apps & Websites Aimed at Children Show Lack of Privacy Controls”

End of Month Recap: What You May Have Missed [August]

August 31, 2015

At the end of each month we’ll compile a list featuring some of the most informative and interesting privacy blog posts to let you know what topics are driving the privacy agenda this month. This month on the blog we covered data breaches, ‘Right to be Forgotten,’ and the new IoT Trust Framework, among other topics. This was the second month of our new series featuring the leading players in the Privacy Ecosystem. Check out the list below for some of the most popular blog posts this month:   New IoT Trust Framework Addresses Privacy Risks & Guidelines On Aug. … Continue reading End of Month Recap: What You May Have Missed [August]

13 Companies Settle with FTC for False US-EU & US-Swiss Safe Harbor Claims

August 18, 2015

Thirteen companies settled with the FTC yesterday for falsely claiming they were certified and in compliance with the US-EU or US- Swiss Safe Harbor Framework. Compliance with the US-EU and US-Swiss Safe Harbor Frameworks means companies follow established requirements for meeting adequacy standards to transfer customer or employee data from the European Union or Switzerland to the United States. To be in compliance, companies must self-certify with the Department of Commerce and are required to show compliance with the seven privacy principles. These principles are notice, choice, onward transfer, security, data integrity, access and enforcement. This self-certification needs to be … Continue reading 13 Companies Settle with FTC for False US-EU & US-Swiss Safe Harbor Claims

TRUSTe finds extensive number of Third Parties on Kids sites – What this means for COPPA Compliance

June 18, 2013

Tony Berman
Sr. Product Manager | TRUSTe

As most website operators know, the updated COPPA Rule goes into effect July 1, 2013. Included in the update comes an obligation to clearly list all third party operators who collect personal information along with their name and contact information.

With this in mind, earlier this month I used TRUSTe’s Website Monitoring Service to find aggregate data for the top 25 Alexa ranked kids gaming websites. My findings indicate that these sites utilize a great number of third parties including service providers that may be collecting personal information such as persistent identifiers directly from children under the age of 13. These third parties may need to be listed in the gaming website’s privacy policy as collecting data directly from children in order to comply with the updated COPPA Rule. The FTC addresses this requirement in its updated COPPA FAQS in question C.5.

Summary of findings: On average there are over 47 third parties per website. Over 62% of third parties found are advertising related companies, while the next largest category of social/sharing tools is at just over 7%. 77% of third party cookies found are persistent.

Read more “TRUSTe finds extensive number of Third Parties on Kids sites – What this means for COPPA Compliance”

The FTC’s Mobile Privacy Report : Building Trust by Giving the User Notice and Choice (Part 1)

February 05, 2013

Saira Nayak
Director of Policy | TRUSTe

TRUSTe’s analysis on FTC’s Mobile Privacy Report: Building Consumer and Brand Confidence In Mobile Advertising.

 Photo Source

On Friday, the FTC issued a staff report entitled “Mobile Privacy Disclosures: Building Trust with Transparency”.  The report was endorsed by four commissioners (Julie Brill, Jon Leibowitz, Maureen Ohlhausen and Edith Ramirez, with newest commissioner Joshua Wright abstaining).

The report articulates a framework for mobile privacy based on the testimony of several industry experts (including TRUSTe VP of Product Kevin Trilli) at its May 2012 workshop on mobile disclosures.  The framework builds on the concepts of privacy by design, simplified choice and transparency that are the pillars of the FTC’s final privacy report that was issued in March 2012. The FTC also published an accompanying business guide, which recommends app developers consider important issues like security and data flows before an app is designed – and incorporating privacy by design into their business practice.

Much of the initial news cycle on was consumed with the FTC’s settlement and $800,000 fine (announced at the same time for COPPA and FTC Act violations by social networking app Path).  As the dust settles, and attention turns to the report itself, it’s becoming very clear that the FTC’s guidance goes much further than just COPPA and deceptive privacy policies. Read more “The FTC’s Mobile Privacy Report : Building Trust by Giving the User Notice and Choice (Part 1)”

10 Important Questions about Privacy as we head into 2013

January 03, 2013

Saira Nayak
Director of Policy, TRUSTe

Photo Source

In 2012, privacy went mainstream.

Issues that were previously the sole province of policy wonks became part of the national discussion: the Petraeus-Broadwell scandal (email privacy and ECPA reform), relaxed FAA restrictions resulting in the use of drones by law enforcement (limits on government surveillance, more ECPA reform) and the very successful role of big data and microtargeting in the 2012 elections (OBA compliance anyone?).

As we start 2013 with privacy firmly ensconced in the national consciousness, important questions – about how privacy policy and enforcement should be framed- remain unanswered.

Here are the questions we think will continue to loom large for consumers, industry and policymakers in 2013:

1. Should law enforcement be required to get a warrant before accessing my emails and texts?

The Petraeus-Broadwell episode demonstrated how easily the government can gain access to electronic communications (texts, email) without an individual’s knowledge or permission. Shortly after the story broke, legislation requiring a warrant for access to an individual’s electronic communications advanced with bipartisan support in the House and Senate. The bill should have a good chance this year, but that all depends on whether privacy will have visibility and bipartisan support in the 113th Congress.] Read more “10 Important Questions about Privacy as we head into 2013”