The privacy standards company TRUSTe has agreed to pay $100,000 and adopt new security measures to settle a complaint brought by New York Attorney General Eric T. Schneiderman.
Schneiderman had charged that the company failed to adequately assess its customers' websites, leaving such popular sites as Roblox.com and Hasbro.com vulnerable to illegal tracking of underage visitors, a practice that is prohibited under the federal Children's Online Privacy Protection Act (COPPA).
“Companies entrusted with protecting children’s privacy online have a responsibility that my office takes seriously – now, more than ever before,” said Attorney General Schneiderman. “TRUSTe failed to meet its obligations to keep children safe from the prying eyes of online trackers and its customers within the parameters of the law. My office is committed to protecting children online and will continue to hold accountable those who violate this or any other online privacy statute.”
Safe harbor program
The settlement concerns TRUSTe’s Children’s Privacy Program, a “safe harbor program,” designed to assess website operators’ compliance with COPPA. COPPA encourages operators of children’s websites to participate in such programs by providing a safe harbor from enforcement actions to operators that comply with safe harbor program rules.
As the operator of a COPPA safe harbor program, TRUSTe is required to conduct a comprehensive review of website operators’ policies, practices, and representations at least once per year to assess operators’ compliance with COPPA. The Attorney General’s office found, however, that TRUSTe’s annual reviews failed to adhere to the company’s own policies in several critical respects.
Among other failings, Schneiderman said that although TRUSTe conducted electronic scans of customers’ websites for third-party tracking technology prohibited by COPPA, in many cases TRUSTe omitted most or all of its customers’ children’s webpages from its scans. TRUSTe therefore could not determine whether unexpected third party tracking technologies were present on these customers’ children’s websites.
Also, Schneiderman said that in many cases, TRUSTe failed to provide its customers with relevant results from its electronic scans, including some of the third party tracking technologies that TRUSTe had detected. This deprived TRUSTe’s customers of an opportunity to analyze the results to identify tracking technologies that violate COPPA.
This is the second announcement made in connection with “Operation Child Tracker,” the Attorney General’s ongoing investigation into the illegal tracking of children’s online activity by marketers, advertising companies, and others.
In September 2016, Schneiderman announced that his office had entered into settlements with four companies that had violated COPPA by allowing illegal third-party tracking technologies on some of the nation’s most popular kids’ websites, including websites for Barbie, Nick Jr., My Little Pony, American Girl, Hot Wheels, and dozens of others.