![[2018 Global Cloud Computing Readiness Scorecard]](/public/ssi/pubs/pub_1.png)
Trustmark Schemes Struggle to Protect Privacy (2008)
1. Introduction
![[ Galexia Dots ]](/images/hr.gif)
July 2008 was a landmark month in the history of privacy trustmarks – the seals that appear on some websites to provide a level of assurance about privacy protection. The largest and most successful trustmark – TRUSTe with over 2000 members – changed its status from ‘non-profit’ to ‘for profit’. And the second largest trustmark – BBB Online Privacy with over 700 members – closed its doors for good, abandoning a scheme that it had run for over eight years.
Can the remaining trustmark schemes play a legitimate role in protecting privacy? This article examines the track-record of trustmarks to date and assesses their current relevance as a privacy protection tool.
1.1. The role of trustmarks
The basic premise of privacy trustmarks is that end users are supposed to have confidence in web sites displaying the trustmark seal, as it presumably indicates that the site adheres to good privacy standards.[2] In practice, although trustmark seals all appear similar, the level of privacy protection varies a great deal. Some seals are backed by detailed standards and independent audits. Other seals are provided with no requirements or checks (other than payment). Some seals include a free dispute resolution service for complaints, other seals have no complaints mechanism or charge consumers for lodging complaints.
The trustmark sector is completely unregulated and there are no published standards or even basic guidelines for running a trustmark service. There are some emerging trustmark associations, such as the Asia-Pacific Trustmark Alliance,[3] but these are still at the formative stage.
It is difficult to see how privacy can be protected by trustmarks in an environment where many of the seals are worthless. However, some argue that the legitimate trustmark schemes can still provide a level of privacy protection, and trustmarks are often held out as either an alternative or a complement to privacy legislation.
This article examines both legitimate and non-legitimate privacy trustmarks, and finds that there are serious consumer issues for both categories. Trustmarks have struggled to provide even basic privacy protection to date, and with the demise of BBB Online Privacy and the change in status of TRUSTe, it is difficult to be optimistic about the future.
1.2. The current trustmark ‘market’
The privacy trustmark market has changed significantly. The newly for-profit TRUSTe dominates with its high profile, large member base and reported annual revenue of $5 million USD. A handful of other privacy trustmarks still exist, but they are mostly small issue-specific trustmarks such as Privo (catering for children’s sites) and ESRB (catering for computer games). There are also a number of low standard trustmarks catering to the cheap end of the market at around $15-150 a year for membership – these trustmarks should not be taken seriously.
This Article includes brief analysis of the following privacy trustmark schemes:
|
Scheme |
Coverage |
Members[4] |
Notes |
Cost (USD) |
BBB Online Privacy |
Generic privacy seal for websites. |
Approx 700 |
Closed in July 2008. |
Was based on revenue ($200-$7000) |
Consumer Guard |
Generic privacy seal for websites. |
Not available |
Low standard, affordable web seal – limited information available. |
$125 per year |
ESRB |
Specific privacy seal for entertainment software (games) websites. US only. |
Approx 50 |
Large number of sites covered as many members have multiple game sites. |
Based on revenue ($200 to $40,000) |
Guardian |
Generic privacy seal for websites. |
Approx 500 |
A basic business verification site with additional low privacy standards. |
$15.99 per year. |
PrivacyBot |
Generic privacy seal for websites. |
Approx 300 |
Low standard, affordable web seal with limited functionality. |
$100 per year |
Privo |
Specific privacy seal for children’s websites. US only. |
Approx 50 |
Limited to children’s sites – focus on verification of parental consent |
Not available |
TRUSTe |
Generic privacy seal for websites plus range of specific seals for email, children’s sites etc. |
Approx 2400 |
Highest profile scheme – changed from non-profit to for-profit in 2008. |
Based on revenue ($500 to $25,000) |
Trust Guard |
Generic privacy seal for websites. |
Not available – possibly 100-200 |
Low standard, affordable web seal with limited functionality. |
$197 per year |
Verified Privacy WBK Certified Seal |
Generic privacy seal for websites. |
Not available |
No checks or standards – sold as a package with the Website Booster Kit. |
$49 one-time fee |
This article does not provide detailed coverage of all privacy trustmark schemes. For example, it does not cover generic website trustmark schemes that focus on business verification or consumer protection. Some of these schemes do briefly mention privacy, but it is not their focus (e.g. TrustSG in Singapore[5]). Also, this article does not cover the small number of privacy trustmarks that operate in non-English speaking jurisdictions (e.g. the PrivacyMark in Japan[6]).
[2] Curtin M, A Failure to Communicate: When a Privacy Seal Doesn’t Help, Interhack Corporation, 25 August 2000, <http://www.interhack.net/pubs/truste-web-bug/>.
[3] <http://www.ataportal.net/>
[4] Membership estimates are from Penn J, Privacy Seals: Opt In Or Opt Out?, Forrester Research Inc., 3 October 2006, <http://www.truste.org/pdf/privacy_seals_opt_in_or_opt_out.pdf>. However, estimates for most schemes are optimistic and appear to include numerous expired seals – see for example the discussion concerning PrivacyBot below.
[5] <http://www.trustsg.org.sg/index.html>
[6] <http://privacymark.org/index.html>
print this page
sitemap
rss news feed
manage email subscriptions
