- Although TRUSTe conducted electronic scans of customers’ websites for third-party tracking technology prohibited by COPPA, in many cases TRUSTe omitted most or all of its customers’ children’s webpages from its scans. TRUSTe therefore could not determine whether unexpected third party tracking technologies were present on these customers’ children’s websites.
- In many cases, TRUSTe failed to provide its customers with relevant results from its electronic scans, including some of the third party tracking technologies that TRUSTe had detected. This deprived TRUSTe’s customers of an opportunity to analyze the results to identify tracking technologies that violate COPPA.
- TRUSTe accepted customers’ representations that third party tracking technologies found on their children’s websites did not violate COPPA instead of independently determining whether the tracking technologies violated COPPA.
- TRUSTe must conduct electronic scans of a substantial portion of each of its customers’ children’s websites for tracking technologies prohibited by COPPA. Only dedicated employees with expertise and experience operating TRUSTe’s scanning software may conduct the scans. After scans have completed, employees must verify that each scan was conducted properly.
- TRUSTe must disclose to its customers every third party tracking technology identified through TRUSTe’s scans.
- TRUSTe must require that its customers provide information about the third parties operating on the customers’ children’s websites, including the types of information each third party collects and how that information is used.
- TRUSTe must review the information that customers provide to determine whether each of the identified third party tracking technologies violates COPPA.
- TRUSTe must maintain a database of third party tracking technologies to assist in its determination of whether identified third party tracking technologies violate COPPA.
The Office of the Attorney General thanks the Federal Trade Commission for its assistance in this case.
This is the second announcement made in connection with “Operation Child Tracker,” the Attorney General’s ongoing investigation into the illegal tracking of children’s online activity by marketers, advertising companies, and others. In September 2016, the Attorney General announced that his office had entered into settlements with four companies that had violated COPPA by allowing illegal third-party tracking technologies on some of the nation’s most popular kids’ websites, including websites for Barbie, Nick Jr., My Little Pony, American Girl, Hot Wheels, and dozens of others. Those companies agreed to pay penalties totaling $835,000 and to adopt comprehensive reforms to protect children from improper tracking and the collection of children’s personal information in the future.
This case was handled by Bureau of Internet and Technology Assistant Attorney General Jordan Adler and Deputy Bureau Chief Clark Russell under the supervision of Bureau Chief Kathleen McGee. The Bureau of Internet and Technology is overseen by Executive Deputy Attorney General for Economic Justice Manisha M. Sheth.