The Federal Trade Commission (FTC) has approved changes TRUSTe proposed to its safe harbor program several months ago under the Children’s Online Privacy Protection Act (COPPA) Rule. The approved modifications include a new requirement that program participants conduct an annual internal assessment of third-parties’ collection of personal information from children on their websites or online services by checking for tracking technologies. Other changes include: TRUSTe’s program requirements are now referred to as “Children’s Privacy Certification Standards; the use of “seal” rather than “trustmark” and “Privacy Notice” in place of “Privacy Statement; additional data security requirements; and personnel training requirements for participating businesses. TRUSTe claims its new rules “meet or exceed COPPA requirements” and by approving the revisions, the FTC agreed.
The COPPA Rule requires that operators of commercial websites and online services directed to children under the age of 13 must post comprehensive privacy policies on their sites, notify parents about their information practices, and obtain parental consent before collecting, using, or disclosing any personal information from children under the age of 13. TRUSTe manages an approved safe harbor program intended to ensure that online businesses are complying with COPPA rules.
In its role as a safe harbor operator under COPPA, TRUSTe is required to carry out annual reviews of website operators’ policies, practices, and representations. TRUSTe proposed the changes following a settlement earlier this year with the New York Attorney General over allegations that the company did not adequately assess whether companies certified under its program allowed third parties to track children at participant sites.