Through a recent complaint against Windows Live, TRUSTe has demonstrated that it has standards that are far below what is expected to provide minimum standards of privacy protection.
It is essential for users and businesses to understand the unacceptably weakness of TRUSTe standards so that false sense of security is not had when seeing the TRUSTe logo on a web site or when a business is considering hiring a third party trust service.
Here are the failures we have documented from direct experience with TRUSTe:
1. LOW TRANSPARENCY requirement.
TRUSTe not only accepts after-the-fact assurances of corporate privacy policy practices, it does not require that those practices in future be published to ensure user awareness. This was proven when TRUSTe endorsed Microsoft’s explanation that it has some privacy practices that are implemented 30 days, 60 days and one year after a user account is inactive, leading to “closed” status.
2. LACK OF CLARITY
Microsoft’s response that satisfied TRUSTe’s standards includes a provision that after the one year required for an account to be fully closed, it would “eventually” delete the user account name. No one knows what “eventually” means. So if a user registers with their real name, Microsoft is saying it will retain that account name in its records indefinitely. And that is okay with TRUSTe.
3. UNWILLINGNESS TO COMMIT TO DESTRUCTION OF PERSONAL INFORMATION
Microsoft’s response was carefully crafted to avoid committing to destroying the actual records and personal information of users who register with it. It refers to deleting content after a period of time and deleting log records after a further period of time. At no point does Microsoft commit to destroying personal information nor any account records.
TRUSTe’s certification of that response is empirical evidence that TRUSTe is quite happy to have companies retain personal information so long as the language used to facilitate such privacy breaches is sufficiently planned to mislead uncritical readers.
CONCLUSION: TRUSTe certification and the TRUSTe Watchdog are without value to internet users. It does provide cover for companies that wish to engage in privacy-hostile practices, but it is not a symbol that should give users any comfort whatever.
