Web privacy is more important now than ever. So if your favourite site carries a privacy seal of approval from an independent organisation like Truste, you should feel safer, right? Maybe not. Internet giants like Microsoft, Deja, and RealNetworks all have sites approved by Truste. But each made news last year by engaging in practices that allegedly violated user privacy. Which raises the question: how far can you trust a seal from Truste?
As events cited in these pages show, simply posting a policy and seal doesn't mean a site won't violate your privacy. Critics say that Truste monitors members inadequately once it grants a seal. Instead, it relies on consumers and privacy advocates like Richard Smith to report privacy violations.
The RealNetworks incident, for instance, was resolved after being brought to Truste's attention, but Smith says that the credit goes to the media and consumers. "[Truste isn't] really an enforcement organisation," Smith says. "Mostly, the press coverage is what gets companies to change privacy policies."
Truste does perform quarterly checks of sites, but CEO Bob Lewin admits that Truste doesn't look at a site's books to make sure it's not selling data, or at its programming code to ensure data siphoning isn't taking place. "[T]o do those things would be a bit more expensive than what we do today," he says.
"We've done a satisfactory job," he adds, "but I agree that we can do better."
Critics also question Truste's impartiality. The organisation was created by the industry it oversees, and critics argue that it relies on its sponsors - Microsoft among them - to support it. Lewin denies this, saying, "Eighty-five per cent of our funding comes from licence fees . . . [N]o single sponsor has the financial clout to influence this organisation."
In its three years of existence, Truste has never revoked a seal. And Lewin says less than 2 per cent of Web businesses that approach it for a seal are rejected.
Sealed for your protection?
And most privacy policies don't cover third-party involvement in a site. A firm like DoubleClick can do what it wants, and until now the host site hasn't been obligated to tell you about it. Also, Truste's licence doesn't cover software downloads like RealJukebox or Windows 98. (Last year Microsoft was discovered to be collecting user information through its registration wizard.) Truste announced recently that it plans to expand its policies to include software and third-party contractors.