On July 31, 2017, the Federal Trade Commission (“FTC”) announced that it voted 2-0 to approve TRUSTe’s modifications to its safe harbor program under the terms of the Children Online Privacy Protection Act (“COPPA”).  TRUSTe is a for-profit organization that provides enterprise members with privacy compliance certifications for a yearly fee.  The FTC requested comments on TRUSTe’s modified safe harbor program from April to May 24, 2017, as previously reported in this newsletter. 

The FTC approved TRUSTe’s modified program because it complies with minimum guidelines for a COPPA safe harbor program under 16 C.F.R. § 312.11(b).  There are now seven approved COPPA safe harbor organizations.  To act as a “safe harbor,” a program must (1) protect children at least as much as the default COPPA rule; (2) have an effective and mandatory mechanism for assessing members; and (3) impose disciplinary actions for noncompliance by members.

Generally, COPPA is a strict liability statute for child-directed website operators.  However, a safe harbor member is generally subject to the enforcement procedures in the safe harbor instead of the FTC investigation and enforcement procedures.  TRUSTe has operated as a COPPA safe harbor since May 2001, but has been the subject of actions by the FTC in 2014-2015 and the New York Attorney General in 2015-2017.  TRUSTe has since made significant improvements to its operational and technical processes.  In its proposed modified program, TRUSTe fleshed out its guidelines regarding (1) scanning for third party tracking technologies manually (in addition to automatically, via proprietary software) and (2) the timing for seal removal for participants who have not completed annual review and remediation by the anniversary of the prior year’s certification date.

The FTC characterized the comments on the proposed modifications as either approving or neutral.  Notably, industry players—two toy and gaming companies—indicated support for TRUSTe’s proposed modifications.  Two non-profits, the Center for Digital Democracy and the Campaign for a Commercial-Free Childhood, asked the FTC to suspend TRUSTe’s authority to operate its COPPA safe harbor program altogether because TRUSTe “misrepresent[s] its certification procedures.”  No comments actually pointed to any deficiencies in TRUSTe’s proposed modified safe harbor program, however.  Therefore, in a pro-business move, the FTC has concluded that the TRUSTe modified safe harbor program satisfies the COPPA Rule.  In response to multiple comments requesting increased enforcement, including from non-profit organizations, the FTC also noted that it has “a robust monitoring program to ensure compliance with our orders[.]”