From Wikipedia, the free encyclopedia
Jump to: navigation, search
Type Private
Industry Internet Privacy
Online Advertising
Founded 1997
Headquarters 835 Market Street, San Francisco, California, USA
Key people CEO: Chris Babel - CFO: Tim Sullivan - VP Product: Kevin Trilli - VP Marketing: Dave Deasy
Employees 130

TRUSTe is a trust mark sales company[1] based in San Francisco, California, with additional offices in London, United Kingdom and Cebu City, Philippines. Best known for its online privacy seals, TRUSTe assesses, monitors, and certifies websites, mobile apps, cloud, and advertising channels to allow companies "to safely collect and use customer data to power their business".[2] The company incorporates regulatory requirements and industry best practices from the United States and North America, European Union, and Asia Pacific regions into its review of digital properties.[3][4] As of 2012, TRUSTe has provided data privacy management services and certifications for more than 5,000 businesses.[5]In a December 2013, Harris Interactive report commissioned by TRUSTe, 74% of Internet users were more worried about online privacy as opposed to the previous year. According to TRUSTe, this underlines the need for stronger online data privacy across all channels.[6]


TRUSTe was founded as a non-profit industry association in 1997 by Lori Fena, then executive director of the Electronic Frontier Foundation (EFF), and Charles Jennings, a software entrepreneur, with the mission of fostering online commerce by helping businesses and other online organizations self-regulate privacy concerns.[7] Toward this end TRUSTe launched its flagship Privacy Seal Program, providing privacy seals to websites who abide by a set of fair information privacy practices and agreed to participate in the company's consumer privacy dispute resolution service.[8]

In 2000, TRUSTe became the first organization to join the U.S. Department of Commerce's European Union (EU) safe harbor framework and subsequently launched its EU Safe Harbor Seal Program.[8] The US-EU Safe Harbor was agreed upon by the U.S. Department of Commerce and the European Union to provide a framework for American companies to comply with European data and privacy standards.

In 2001, TRUSTe became a Children's Online Privacy Protection Act (COPPA) Safe Harbor organization for the Federal Trade Commission[9] and thereafter launched its Children's Privacy Seal Program.

Fran Maier, co-founder of,[10] joined TRUSTe as Executive Director in 2001.[11] One of the first efforts was to address consumer issues with spam or unwanted email.[12] Maier resigned her position in 2012.

In 2006, TRUSTe launched its TRUSTed Download Program, designed to separate “good” downloadable software from adware and spyware.[13]

In 2008, TRUSTe changed its structure from a non-profit industry association to a venture-backed for-profit company, raising its first round of capital from Accel Ventures. This raised questions about whether the organization is appropriately tough on the companies it certifies.[14]

Chris Babel, former Senior Vice President of VeriSign’s worldwide Authentication Services, joined TRUSTe as chief executive officer in November 2009.[15]

In 2010, TRUSTe launched TRUSTed Apps, a data privacy certification for mobile applications, as well at TRUSTed Ads, a compliance solution that provides consumers preference controls for online behavioral advertising (OBA).[16]

In 2011, TRUSTe launched TRUSTed Cloud, a data privacy certification for cloud and SaaS platforms.[17]

In 2012, TRUSTe expanded TRUSTed ads to data privacy compliance with mobile ads[18] and launched its EU Cookie Consent Privacy Management Platform.[19]

In 2013, TRUSTe was approved by the European Interactive Digital Advertising Alliance (EDAA) as an official Certification Provider for the EU Self-Regulatory Programme for Online Behavioural Advertising (OBA).[20] The same year, TRUSTe was named the first approved Accountability Agent for the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR) System.[21]


Privacy Assessments
Binding Corporate Rules (BCRs), EU Safe Harbor
Privacy Certifications
TRUSTed Apps, TRUSTed Cloud, TRUSTed Data, TRUSTed Downloads, TRUSTed Smart Grid, TRUSTed Websites, APEC Privacy, Children’s Privacy, EDAA Trust Seal Certification
Monitoring Tools
Website Monitoring, App Monitoring, Dispute Resolution
Compliance Controls
TRUSTed Ads, Consent Manager

Meaning of TRUSTe seal[edit]

The TRUSTe seal does not indicate that a web site complies with any specific set of privacy rules, such as the European Union's Data Protection Directive. It indicates only that the site has self-certified as complying with the site's own privacy statement and TRUSTe’s program requirements .[22]

TRUSTe modifies its certification approach depending on the peculiarities and requirements of its client’s business. The company’s clients range from small to large enterprises with varying business models. All TRUSTe privacy certifications involve a five-step process.[23] It begins with an analysis and desktop review of the client’s websites and privacy policies, and if the client’s practices match TRUSTe’s Program Requirements. Specifically, TRUSTe’s seal evaluates a client’s policies around sharing of personal data with third parties, targeted ads, mobile apps, data security practices, financial data encryption, and the ability for a user to request access to their personal data.[24]

The next stage involves a gap analysis of data collection as per policies, followed by TRUSTe’s findings report along with suggestions and a privacy roadmap. On successful implementation of the recommended roadmap in phase three, TRUSTe awards its seal in phase four. The final phase involves ongoing compliance monitoring, consumer complaint management, and guidance for future requirements


TRUSTe claims to enforce its privacy rules, and operates a "Watchdog" operation which accepts consumer complaints. TRUSTe described its enforcement process in a filing with the U.S. Federal Trade Commission in 2000.[25] From 2000 to June 2004, TRUSTe published "Watchdog Reports" reporting their enforcement actions.[26] The final report, for June 2004, shows 256 reports received and 130 reports closed. All 130 reports were resolved with "Issue Handles with no changes necessary to the Privacy Statement nor the Site". In no case was an enforcement action taken. In 2004, no enforcement actions were taken. In 2003, one enforcement action was taken, out of over a thousand complaints.[26] After June 2004, TRUSTe ceased reporting on enforcement actions, despite the statement in its FTC filing that it would publish such reports at least twice a year.

In 2012, TRUSTe published a "Transparency Report" which did not list individual enforcement actions, but did indicate that, after over 4000 consumer complaints, TRUSTe took only 9 enforcement actions during 2012, 3 of which resulted in termination of TRUSTe endorsement.[27]

Dr. Benjamin Edelman of the Harvard Business School found in January 2006 that sites with TRUSTe certification were 50% more likely to violate privacy policies than uncertified sites.[28]

Dr. Edelman has also reported that TRUSTe does not go far enough to punish seal holders that break TRUSTe’s rules and that the organization is not quick enough in revoking the seal on companies that violate privacy standards.[29]

In 2002, Wired Magazine questioned whether TRUSTe could be trusted, noting that rather than revoking privacy seals for violations, "TRUSTe officials often seemed to be covering for their clients".[30]

In 2008, a Galexia Consulting study reported that TRUSTe had terminated only one customer for non-compliance in the previous eleven years, despite a number of significant privacy violations which had received press coverage. "The most significant criticism of trustmarks is that in practice they have proved to be virtually worthless in the face of major privacy breaches. Their privacy standards are low to begin with, but even these rules are simply not enforced against large, paying members."

See also[edit]


  1. ^ Trustmark Schemes Struggle to Protect Privacy. Galexia Consulting. 2008. 
  2. ^ . TRUSTe. February 22, 2014  Missing or empty |title= (help)
  3. ^ Operating Geos
  4. ^ Participating Companies
  5. ^ Business Growth
  6. ^ Harris Interactive Report
  7. ^ "The Hundredth Window:Protecting Your Privacy and Security in the Age of the Internet". Simon and Schuster Free Press. Retrieved 2008-08-19. 
  8. ^ a b [1]
  9. ^ Children's Privacy Seal
  10. ^ Angwin, Julia (1998-02-12). "Media innovation must come from the free market". The San Francisco Chronicle. 
  11. ^ [2]
  12. ^ [3]
  13. ^ "TRUSTe Launches TRUSTed Download Beta Program to Certify That Consumer Software is not Spyware" (Press release). TRUSTe. November 3, 2006. Retrieved 2008-06-30. 
  14. ^ Hansell, Saul (July 15, 2008). "Will the Profit Motive Undermine Trust in Truste?". New York Times. 
  15. ^ "TRUSTe Management". TRUSTe. Retrieved 2008-06-30. 
  16. ^ "TRUSTed Apps". 
  17. ^ "Cloud Certification". 
  18. ^ "TRUSTed Mobile Ads". 
  19. ^ "Consent Manager". 
  20. ^ "EDAA Certification". 
  21. ^ "APEC Certification". 
  22. ^ "Privacy Program Requirements". TRUSTe. 2011. 
  23. ^ "5 Step Process". TRUSTe. 2011. 
  24. ^ TRUSTe COPPA
  25. ^ "TRUSTe web site privacy seal compliance-escalation process". Federal Trade Commission. 2000. 
  26. ^ a b "TRUSTe watchdog reports". TRUSTe. 2008. Archived from the original on 2012-04-02. 
  27. ^ "TRUSTe Transparency Report for 2012". TRUSTe. 2012. 
  28. ^ Edelman, Benjamin (September 25, 2006). "Certifications and Site Trustworthiness". Retrieved 2008-07-03. 
  29. ^ Edelman, Benjamin (March 18, 2008). " and TRUSTe: Lots of Talk, Too Little Action". Retrieved 2008-07-03. 
  30. ^ Boutin, Paul (April 9, 2002). "Just how Trusty is TrustE?". Wired. 

External links[edit]