Trustmark Schemes Struggle to Protect Privacy (2008)

3. Enforcement

The most significant criticism of trustmarks is that in practice they have proved to be virtually worthless in the face of major privacy breaches. Their privacy standards are low to begin with, but even these rules are simply not enforced against large, paying members.

It is very difficult to gather overall data on enforcement. Most schemes do not publish any data on breaches, complaints or revocations. The only published figure available is on TRUSTe and that is limited to a brief fact sheet that says there were 3 terminations in the 2007 financial year.[14] Other data can be compiled by reviewing media stories and TRUSTe’s ‘watchdog advisories’.[15]

From this information it is clear that enforcement action is rare. The following table sets out the known enforcement action by TRUSTe following major privacy incidents. Data and examples for other trustmark schemes are simply not available:


Privacy Breach


Geocities (1998)

GeoCities settled with the Federal Trade Commission over allegations that it misled its users about what it did with their personal data.[16] FTC demanded that GeoCities display a clear privacy policy and get consent from parents before information is taken from children[17] TRUSTe had certified GeoCities as compliant.

TRUSTe declined to revoke GeoCities’ trustmark despite the FTC investigation and charges.[18]

AOL (1999)

AOL provided member details to telemarketers. Privacy advocates complained that this breached the privacy policy certified by TRUSTe.[19]

AOL and TRUSTe claimed that the certification only applies to, not to No action was therefore taken.

Hotmail (1999)

A security flaw in Hotmail exposed personal information for a short period. [20] Hotmail was a TRUSTe member.[21]

TRUSTe and Microsoft issued a strange, joint press release indicating that the Hotmail security issue had been cleared by an audit. Details and the identity of the auditors were not made public.[22] No action was taken against Hotmail.

Microsoft Global UID (1999)

A software bug (acknowledged by Microsoft) transferred Hardware IDs to Microsoft regardless of whether users chose to send this information or not. Microsoft was a TRUSTe member.

TRUSTe claimed that the software download was outside their jurisdiction as it did not involve personal information supplied to the website licenced by TRUSTe.[23] TRUSTe took no action. The decision was widely condemned as there were significant references to downloaded software in the Microsoft website privacy policy.

Real Networks (1999)

RealNetworks' RealJukebox software was found to be surreptitiously gathering data about the music-listening habits of its users and passing it on to the company. RealNetworks was a TRUSTe member.

TRUSTe declined to investigate RealNetworks because ‘RealJukebox is music-listening software that works via the Internet, but only indirectly through a Web site visit.’[24] Privacy and consumer groups condemned the decision: ‘The TRUSTe seal featured on the Real-Networks site created in consumers natural expectations of a certain level of professionalism, honesty, and privacy from the company. When they didn't get it, RealNetworks customers were extremely vocal about their displeasure.’[25]

Deja News (1999)

Deja News' practice of logging IP addresses in conjunction with the site's mail-to feature allowed Deja News to collect personal information in breach of their privacy policy. Deja News was a TRUSTe member.[26]

TRUSTe eventually issued a statement suggesting that they had ‘specified certain clarifying language to be included in the privacy statement’. But Deja News, independent of TRUSTe, had already dropped the practice. No other action was taken against Deja News.

Batteries .com (2003)

A Web site licensed by TRUSTe,, stated in its privacy policy that it would not share consumer information with third parties, yet consumers received spam that could be traced back to an email leak by[27]

TRUSTe required staff to undergo privacy training. They also had to update their privacy policy and send apologies to customers. TRUSTe stated: ‘This benefits both and the marketplace more than if TRUSTe had simply revoked its right to post the TRUSTe seal’.

Choicepoint (2005)

Choicepoint inadvertently sold personal records to criminals involved in an identity theft scheme..[28] This compromised the personal information of 163,000 people – Choicepoint settled with the FTC for a $15 million USD fine.

TRUSTe was silent during this entire incident. Notably, at the end of 2005 TRUSTe did acknowledge the kind assistance of Choicepoint in formulating the TRUSTe Security Guidelines 2.0.[29]

Gratis (2005)

Gratis Internet, parent company of, offered free iPods for users who agree to try out various subscription offers. In 2005 Gratis sold the data it gathered on 7.2 million consumers to an email advertising firm.[30] The owners of Gratis were investigated and sued. Gratis was a TRUSTe member.

When asked by Wired News in 2004 how third-party spammers got hold of Gratis members’ e-mail addresses, TRUSTe said it could not find a problem with Gratis’ practices - ‘The results of our investigation indicate that Gratis Internet did not violate their privacy policy.’ [31]TRUSTe terminated Gratis on 9 February 2005,[32] but provided no reasons, stating that: details of violations are subject to confidentiality.

On 11 February 2005 TRUSTe issued a strange press release that TRUSTe and Gratis would ‘work together for the benefit of consumers to ensure Gratis websites are in compliance with the TRUSTe program requirements’.[33]

Shortly after this press release (exact date unknown) the TRUSTe website was amended to say that ‘Gratis has failed to finalize the required changes ... and has not been recertified into the TRUSTe Web Privacy Seal Program’.[34]

AOL (2006)

AOL released the log of 3 month’s worth of searches by 650,000 users, for open download by researchers. Names were replaced by a unique user number, resulting in many users being clearly identified, in breach of the AOL privacy policy. Several senior AOL staff were sacked over the incident.[35]

Although AOL was a TRUSTe member during this period, TRUSTe made no public comment about the incident and took no action against AOL. In 2007 TRUSTe honoured AOL as one of three ‘Most Trusted Companies for Privacy’.[36]

Facebook Beacon (2007)

Beacon was developed by Facebook so advertisers could reach new audiences. When a Facebook user buys something a small frame would pop up giving the user an option to share that information with friends. This window would only appear for a few seconds and if the user missed it the data would be posted in the user’s news feed. Facebook was a TRUSTe member.

After public outcry Facebook changed the way Beacon operates. Users also complained to TRUSTe.[37] TRUSTe remained silent throughout the incident. Some time after Beacon had been reformed, TRUSTe and Facebook issued a joint press release: ‘TRUSTe and Facebook Announce Disclosure Enhancements for New Web sites that Implement Beacon... TRUSTe Continues to Lead Development of Online Privacy Standards’.[38]

Facebook account closure (2007)

Numerous Facebook members have concerns that they cannot close their Facebook account, because there is no mechanism to do so on the Facebook site. Several prominent consumers have complained about this to TRUSTe. [39]

TRUSTe advised complainants that ‘Facebook is not violating its privacy policy or TRUSTe's program requirements’[40] In another complaint, they called Facebook's account deletion process ‘inconvenient,’ but said Facebook was ‘being responsive to us, and they currently meet our requirements.’[41] Facebook was able to delete user details for one member, but only after his complaint appeared on television in the UK.[42]


TRUSTe has defended itself against this type of criticism, stating: “As for enforcing standards our goal is to resolve privacy issues, offer incentives to change business practices, and fix problems when they inevitably occur, not in kicking out websites”.[43] TRUSTe also points to its success in terminating Gratis:

Consumer generated Watchdog complaints have resulted in severe sanctions against licensees, including TRUSTe’s public termination of Gratis Internet - a company that the New York Attorney General has sued subsequent to TRUSTe’s actions.[44]

In fact, Gratis Internet is the only major company that appears to have been terminated by TRUSTe. And the investigation and subsequent law suit by the New York Attorney General were launched well before TRUSTe took any action at all. Gratis retained its membership of TRUSTe for many months after TRUSTe was first informed that they had sold millions of email addresses to a marketing company.

This defence looks a bit thin when TRUSTe can only point to one effective enforcement action in more than 11 years – against a company who was already being taken to court by regulators. As one commentator noted: ‘I cannot find a good reason to advise a consumer with a privacy complaint against a TRUSTe seal holder to bother filing a complaint with TRUSTe’.[45]

Other trustmark schemes have had even less success at enforcement, or have published no information on enforcement at all. [46]

[14] <>

[15] <>

[16] Federal Trade Commission of America, Internet Site Agrees to Settle FTC Charges of Deceptively Collecting Personal Information in Agency’s First Internet Privacy Case, 13 August 1998, <>.

[17] Computergram International, Dyson Believes A Test Case Would Prove Truste’s Mettle, 27 October 1998, <;col1>.

[18] Regoli N, Indecent Exposures in an Electronic Regime, 9 February 2002, Federal Communications Law Journal, <>.

[19] Smith R, Online Profiling from a Consumer's Perspective, 8 November 1999, <>.

[20] Lettice J, MS-commissioned secret audit clears MS over Hotmail holes, The Register, 5 October 1999, <>.

[21] TRUSTe, Hotmail Advisory, 9 September 1999, <>.

[22] TRUSTe, Hotmail Resolution, 4 October 1999, <>.

[23] TRUSTe, Microsoft UserId Investigation Results, March 1999, <>.

[24] Oakes C, TRUSTe Declines Real Probe, Wired, 11 September 1999, <>.

[25] Levine D, Personal Information Privacy – What Rights do you have to your data?, Know Your Rights, Vol 8, Issue 4, April 2000, <>.

[26] TRUSTe, IP Logging:Watchdog # 1847 – Deja Statement of Finding Investigation Results, April 1999, <>.

[27] TRUSTe, A Case Study in Enforcement:, 2003, <>.

[28] Singel R, More on Choicepoint, Secondary Screening, February 2005, <>.

[29] TRUSTe, Security Guidelines, November 2005, <>.

[30] Kahney L, Sold Private Data – Despite Promising Not to, 16 March 2006, <>.

[31] Kahney L, Sold Private Data – Despite Promising Not to, 16 March 2006, <>.

[32] TRUSTe, TRUSTe Revokes Seals From FreeiPods, 9 February 2005, <>.

[33] TRUSTe, TRUSTe and agree to work together to ensure Customer Privacy, 11 February 2005, <>.

[34] TRUSTe, TRUSTe Watchdog Advisories, accessed August 2008, <>.

[35] Arrington M, AOL Proudly Releases Massive Amounts of Private Data, TechCrunch, 6 August 2006, <>.

[36] Marketwire, TRUSTe and Ponemon Institute Name HP, Intuit and AOL the Top Three Most Trusted Companies of 2007 for Privacy, 30 January 2008, <>.

[37] Karmens R, A Letter to TRUSTe Regarding Facebook, Binary Freedom, 26 November 2007, <>.

[38] TRUSTe, TRUSTe and Facebook Announce Disclosure Enhancements and Model Privacy Policy Language for New Web sites that Implement Beacon, 14 December 2007, <>.

[39] See for example: Aspan M, On Facebook, leaving is hard to do, International Herald Tribune, 11 February 2008, <>, and, Mansour S, TRUSTe covering for Facebook, December 2007, <>.

[40] Mansour S, TRUSTe covering for Facebook, December 2007, <>.

[41] Aspan M, On Facebook, leaving is hard to do, International Herald Tribune, 11 February 2008, <>.

[42] McGarr S, Facebook’s European Privacy Problem, MaGarr Solicitors, 20 January 2008, <>.

[43] Hansell S, Will the Profit Motive Undermine Trust in Truste?, 15 July 2008, <>.

[44]TRUSTe, TRUSTe Certifications and Online Trust, 25 September 2006, <>.

[45] Gellman R, TRUSTe fails to justify its role as privacy arbiter, Privacy Law and Policy Reporter Volume 7 No. 6, December 2000, <>.

[46] Gellman R, TRUSTe fails to justify its role as privacy arbiter, Privacy Law and Policy Reporter Volume 7 No. 6, December 2000, <>.