Comments:
Ben and TRUSTe differ on our perspectives of what should be certified, how long it should take to discover bad practices and what the consequences should be. TRUSTe prides itself on raising practices across the industry, Ben’s job is to weed out bad guys. Both approaches serve the interests of consumers. We require 100% of the 2400 companies certified by us, to make changes to data collection and use practices, and we hold them to those promises. When we learn of issues in trust we follow a process for requiring companies to change, the main strengths and weaknesses in that process are optimism that companies can change for the benefit of consumers, and a due process to make it happen. To suggest that self-regulation is a failure, or that all websites certified by TRUSTe are untrustworthy because we haven’t moved fast enough for some folks misses the point. Ben’s approach to spotting the few bad players, can be complementary to TRUSTe’s approach to try to get the majority of good guys to all play by the same rules. TRUSTe encourages anyone to report intrusive or untrustworthy behavior via our Watchdog, and we are imminently launching requirements to address software behavior raised by Ben and others.
As someone who has submitted a watchdog complaint to TRUSTe (#28387), I can say without hesitation that TRUSTe shows no interest in getting their “Fortune 500” conquests to change. I followed the website’s directions for appealing the decision, but it seems the appeals process described on the website is a myth.
The reason TRUSTe refused to look into the problem? Quote: “TRUSTe does not handle cases involving: Software applications”.
Funny that nobody at TRUSTe could describe how data might be transmitted over the internet, the web, or even a local network, without the use of “software applications”.
TRUSTe said that GeoCities had been violating customers privacy since before becoming a TRUSTe member, so the fact that they continued to do it while displaying the seal was technically not under the scope of the investigation.
TRUSTe said that Microsoft’s GUID was outside the scope of it’s program because it used the internet, but not Microsoft’s website, to collect data. The conclusion? Microsoft was in full compliance with TRUSTe.
TRUSTe said Deja News collection of users e-mail information was covered by it’s privacy agreement, and therefore acceptable.
CEO Bob Lewin said, “Take RealNetworks. The issue there occurred outside the scope of the current TRUSTe program. Yes, Real Networks is a TRUSTe licensee, but this particular issue had nothing to do with the collection of personal information on the Web site; it had to do with the collection of user information using software servers. Now, within a week, even though it was outside the program, we announced the formation of a pilot to evolve our program to handle those situations. I defy any government agency to do that.”
That was almost 7 years ago, yet TRUSTe is still making excuses instead of a difference. How long does it take to “widen your scope” when your not a government agency?
There are some pretty good clues as to what might really be going on, for example…
--I could not find a single example of TRUSTe turning a site over to the FTC, but they filed suit against American-Politics.com for using the seal without paying up.
--TRUSTe has the power to withdraw it’s seal from any site for any reason, yet for almost a decade they’ve let sites violate surfers privacy while displaying the seal, by claiming it’s “out of our scope”.
--When they know a site shouldn’t be trusted, but is “out of their scope”, they don’t disclose that fact to the public. It’s very clear where TRUSTe’s loyalties and priorities are. They also don’t ask the site to remove the seal. It doesn’t take a genius to understand how this erodes the public’s trust and the seal’s integrity.
Those two things are the only real assets TRUSTe has. They have no interest in the first, and only protect the other when they haven’t been paid.
--The website has no information about who is using/abusing the loopholes, and affords no public accountability for the Watchdog system.
Isn’t TRUSTe for transparency and disclosure?
--Some of the funding for TRUSTe comes from sponsor sites that, by coincidence I’m sure, seem to be the ones that make the best use of the loopholes and narrow “scope” of TRUSTe’s interest. Considering the reported $2,700,000.00 TRUSTe took in just from license revenues in 2004, shouldn’t they be doing away with the sponsor program and becoming “independent” like their mission statement says?
TRUSTe’s motto is “To Build Trust through Privacy”.
The problem is, they are not interested in privacy, and seem to know very little about earning the public’s trust. Disclosure is their mantra, and staying within their “scope” is the rule. They couldn’t care less what information is collected and sold by their member sites, as long as it’s covered in the privacy agreement.
If it’s not covered? TRUSTe doesn’t concern themselves with the pilfered data and privacy issues. The important thing is to convince the offending site to add to their privacy agreement, so disclosure is in compliance.
Why is this a problem? Because while TRUSTe envisions themselves as a “disclosure watchdog” ( which is good for revenue and membership numbers ), the general public knows that if privacy is truly protected, disclosure is a moot point. It would never occur to most people to put all of their energy into enforcing disclosure, while ignoring privacy. Disclosure is a tool to protect our privacy, not an end in itself.
So the public judges TRUSTe, thinking they’re a Privacy Watchdog, and can’t understand why they fail so completely. Meanwhile TRUSTe can’t understand why everyone is so negative and critical. After all, enrollment is up, revenue is up, and disclosure is at an all time high! AT&T even disclosed, in plain language, that they plan to collect our information with a large shovel, and use it like they owned it.
I guess that’s OK, since they told us first… right?
Lampie
Truste is nothing more than a big fat marketing company that sells data to spammers anyway. Trust is the wrong word for that company.