TrustArc (formerly TRUSTe) is a privacy compliance technology company based in San Francisco, California. The company provides software and services to help corporations update their privacy management processes so they comply with government laws and best practices.
TrustArc, was founded as a non-profit industry association called TRUSTe in 1997 by Lori Fena, then executive director of the Electronic Frontier Foundation, and Charles Jennings, a software entrepreneur, with the mission of fostering online commerce by helping businesses and other online organizations self-regulate privacy concerns.
In 2000, TRUSTe became the first organization to join the Safe Harbor framework of the U.S. Department of Commerce and the European Union, and subsequently launched its EU Safe Harbor Seal Program. The EU-US Safe Harbor was agreed upon by the Department of Commerce and the EU to provide a framework for American companies to comply with European data and privacy standards.
In 2001, TRUSTe became a Children's Online Privacy Protection Act Safe Harbor organization for the Federal Trade Commission and thereafter launched its Children's Privacy Seal Program. That year, Fran Maier, who had helped build Match.com and had been running the company following the departure of its co-founder, Gary Kremen, joined the organization as Executive Director. One of her first efforts was to address consumer issues with email spam, which at the time was estimated to comprise 59 percent of all email traffic.
The same year, TRUSTe's founding Executive Director, Susan Yamada, who was formerly editor of Upside Magazine, resigned, though later went on to serve as board chair.
In 2008, TRUSTe changed its structure from a non-profit industry association to a venture-backed for-profit company, raising its first round of capital from Accel Partners. This raised the question of whether a for-profit company would be less stringent on the companies it certifies than a non-profit.
In November 2009, Chris Babel, former Senior Vice President of VeriSign's worldwide Authentication Services, joined TRUSTe as chief executive officer. Maier remained active in the company until 2014, serving variously as president, CEO and board chair.
In 2013, TRUSTe was approved by the European Interactive Digital Advertising Alliance as an official certification provider for the EU Self-Regulatory Programme for Online Behavioural Advertising. The same year, TRUSTe was named the first approved Accountability Agent for the Asia-Pacific Economic Cooperation's Cross Border Privacy Rules System.
In 2016, in an effort to help companies prepare for the European Union's General Data Protection Regulation, which extends the scope of the EU data protection law established in 1995 to all foreign companies processing data of EU residents, TRUSTe partnered with the International Association of Privacy Professionals to offer free compliance assessments of a company's privacy practices.
On June 6, 2017, the company changed its name from TRUSTe to TrustArc.
TrustArc's certification subsidiary, TRUSTe, provides privacy dispute resolution services, designed to help oversee consumer requests and complaints regarding the privacy practices of those companies participating in TRUSTe's program.
Criticism and Controversies
A Wired article in 2002 questioned whether TRUSTe certification could be trusted, noting that "TRUSTe officials often seemed to be covering for their clients" rather than revoking privacy seals for violations.
In January 2006, Harvard economics researcher Benjamin Edelman published a study showing that sites with TRUSTe certification were 50 percent more likely to violate privacy policies than uncertified sites. Edelman also reported that TRUSTe did not go far enough to punish seal holders that break their rules and was not prompt enough in revoking the seal on companies that violate privacy standards.
Federal Trade Commission settlement
On November 17, 2014, the Federal Trade Commission announced that TRUSTe had agreed to settle a complaint that it misrepresented to consumers its recertification program, and its status as a non-profit entity, against a $200,000 penalty. The FTC complaint alleged that from 2006 to 2013, TRUSTe failed, in over 1000 instances, to conduct annual privacy checks on the companies it certified. Consumer organizations, including Center for Digital Democracy and the Consumer Federation of America, argued for higher penalties and more FTC oversight, but the FTC declined to increase the penalties. FTC Commissioner Maureen Ohlhausen issued a partial dissent to the FTC ruling, "because TRUSTe never misrepresented its corporate status," and had informed clients of its for-profit status.
- "Operating Geos". Yahoo Finance. 25 June 2013.
- Fena, Lori; Jennings, Charles (2003). The Hundredth Window. Archive.org: Simon & Schuster. p. xix. Retrieved 27 August 2017.
Lori still serves on its board of directors as chair ...
- "The Hundredth Window:Protecting Your Privacy and Security in the Age of the Internet". Simon and Schuster Free Press. Retrieved 2008-08-19.
- The EU-U.S. Privacy Collision: A Turn to Institutions and Procedures, 126 Harv. L. Rev. 1966 (2013)
- Children's Privacy Seal
- Angwin, Julia (February 12, 1998). "LOVE'S LABOR LOST Online matchmaker still seeks love, money". San Francisco Chronicle. pp. B3. Retrieved 28 September 2017.
- "Interagency Public Workshop: Get Noticed: Effective Financial Privacy Notices".
- "Privacy group to put seal on spam". CNET.
- Hansell, Saul (July 15, 2008). "Will the Profit Motive Undermine Trust in Truste?". New York Times.
- "People". TrustArc. Retrieved 2017-06-07.
- "EDAA Certification".
- "APEC Certification".
- "APEC CROSS-BORDER PRIVACY RULES SYSTEM" (PDF). Apec.org. Asia Pacific Economic Cooperation Secretariat. p. 4. Retrieved 26 September 2017.
- European Union. "DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 July 2002" (PDF). EC.Europa.EU. European Union. Retrieved 14 November 2017.
concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
- International Association of Privacy Protection. "IAPP & TRUSTe GDPR Readiness Assessment". IAPP.org. Retrieved 14 November 2017.
- "TRUSTe Transforms to TrustArc". TrustArc. Jun 6, 2017. Retrieved 2017-06-07.
- "Privacy Dispute Resolution". TrustArc.com. Retrieved 27 September 2017.
helps efficiently manage privacy inquiries ...
- Boutin, Paul (April 9, 2002). "Just how Trusty is TrustE?". Wired.
- Edelman, Benjamin (September 25, 2006). "Certifications and Site Trustworthiness". Retrieved 2008-07-03.
- Edelman, Benjamin (March 18, 2008). "Coupons.com and TRUSTe: Lots of Talk, Too Little Action". Retrieved 2008-07-03.
- "FTC press release".
- Clark, Daniel S. "UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION Complaint 1323219" (PDF). FTC.gov. para 1: Federal Trade Commission. Retrieved 27 September 2017.CS1 maint: location (link)
- Wyattnov, Edward (Nov 17, 2014). "F.T.C. Penalizes TRUSTe, a Web Privacy Certification Company". New York Times.
- Davis, Wendy (March 18, 2015). "TRUSTe Finalizes Settlement With FTC". Media Post.
- Ohlhausen, Maureen K. (November 17, 2014). "Partial Dissent of Commissioner Maureen K. Ohlhausen - In the Matter of True Ultimate Standards Everywhere, Inc. ("TRUSTe")". FTC.gov. Federal Trade Commission of the United States. Retrieved 27 September 2017.