Research and Advances
Computing Applications Virtual extension

Do Privacy Seals in E-Commerce Really Work?

  1. Introduction
  2. TRUSTe
  3. WebTrust
  4. BBBOnline
  5. The Good News
  6. The Bad News
  7. Do We Need Legislation?
  8. Conclusion
  9. References
  10. Authors
  11. Tables

While e-commerce has not changed the basic nature of the commercial transaction, a trust gap has developed in business-to-consumer (B2C) e-commerce transactions. This trust gap centers primarily on the privacy of personally identifiable information, such as name, address, and so forth, that is an essential element of B2C transactions. A Forrester research survey suggests that while US business-to-consumer (B2C) e-commerce sales are likely to exceed $100 billion by 2002, sales were reduced by some $3 billion because of privacy concerns. Web users typically express concern over the safety of giving credit card numbers over the Web, the likelihood that Web sites will sell their personal details, and the legitimacy of Web sites [2]. Such concerns are justified.

In May 2000, the Federal Bureau of Investigation (FBI) and U.S. Department of Justice’s National White Collar Crime Center (NW3C) established the Internet Fraud Complaint Center (IFCC) ( By November 2000, the IFCC had received over 19,000 complaints, an average of 750 a week. Most complaints centered on online auctions (49%), but also included the non-delivery of goods (19%), securities fraud (17%), credit card fraud (5%), and identity fraud (3%).

With legislation looming, the e-commerce industry in the U.S. has set about a self-regulation policy that centers on the use of privacy (or Web assurance) seals. The seal is meant to instill trust in the online consumer by verifying that the Web site has a policy about its collection and use of personally identifiable information. The attempt mirrors the success of the Good Housekeeping Seal of Approval, established in 1909, which stands behind its recommendations to the point of replacing or refunding the purchase price for any item that has been awarded its seal that proves to be defective within the first two years of purchase. But will it work for e-commerce?

The good news is that the three main privacy seals (TRUSTe, WebTrust, and BBBOnline) have adopted a sensible set of data privacy principles and strive to ensure compliance by recipient Web sites. The bad news is that serious abuses continue, while almost half of Web sites have no privacy statement at all. The argument to be made here is that legislation is required to ensure that the good sense outlined by the provisions of each seal becomes a legally binding contract. Only then can legitimate e-businesses be freed from the shackles of bad publicity generated by unscrupulous Web sites.

Although a number of Web assurance seals exist, including Good House keeping’s own Web Site Certification (, BetterWeb by PricewaterhouseCoopers (, and WebAssured’s Online Purchase Protection program backed by Lloyd’s of London (, the three most prominent privacy seals are TRUSTe, WebTrust, and BBBOnline. A summary of the main features of each of the three main seals is given in Table 1.

Back to Top


TRUSTe ( was the first of the major Web assurance seals to be developed, with a pilot program launched in July 1996 by the Electronic Frontier Foundation and CommerceNet Consortium, and the seal being officially released in June 1997. The program requires Web sites to adopt and comply with fair information practices similar to those supported by the U.S. Federal Trade Commission, the U.S. Department of Commerce, and a number of other industrial organizations and associations. TRUSTe works with a Site Coordinator to ensure the privacy statement is written properly.

For a Web site to be TRUSTe compliant, it must adopt and implement a privacy policy for its site. This policy must state what personally identifiable information is collected, how it is collected (for example, cookies), how it is used, and whether it is shared with third parties. The site must seek the consent of and allow online consumers the choice to opt-out of any data sharing. Finally, sites must put in place adequate data security, quality, and access measures to safeguard, update, and correct personally identifiable information. By December 2001, TRUSTe had more than 2000 licensees, including AOL, eBay, IBM, Intel, Microsoft, and Yahoo!

Sites that display the trustmark are subject to TRUSTe’s oversight and complaint resolution procedures. Licensees are monitored by initial and periodic reviews, “seeding” user information to verify the site complies with its stated privacy policy, and feedback from the online community. The graphic that represents the seal itself also has a click-to-verify function. By clicking on the graphic, the online consumer is taken to a licensee validation page at, where the company is identified, along with a description of the TRUSTe Privacy Program and an outline of the complaint resolution procedure.

Back to Top


WebTrust ( was first released in September 1997 by the American Institute of Certified Public Accountants (AICPA), with Version 3.0 being released in November 2000. To be awarded the WebTrust seal, the Web site must be examined by a licensed Chartered Public Accountant (CPA), or equivalent, to ensure compliance with the current WebTrust principles of privacy, security, business practices/transaction integrity, availability, confidentiality, non-repudiation, and, customized disclosures. These principles are modularized, so a Web site can obtain a seal for one or more of these principles in any combination.

The WebTrust Privacy Principle requires the site to declare its privacy practices, to comply with those practices, and to maintain effective controls to protect personally identifiable information. The user should also be given the choice to opt-out of any part of the data collection process. Procedures to handle the use of proper encryption techniques, security breaches, and disaster recovery are only required if the site is also seeking compliance with the WebTrust Security principle. Customer complaints are dealt with through the National Arbitration Forum. Similar to TRUSTe, the graphic that represents the seal also has a click-to-verify function, administered by

The main problem for the WebTrust seal is that although it has been in existence for almost as long as TRUSTe it has not been widely adopted. By January 2002, the WebTrust site index lists only 31 recipients, including AICPA itself. Clearly, cost is an issue. A WebTrust audit takes about 2–3 weeks, with 50–100 hours of CPA time spent verifying the site [4]. At some $100 an hour, the initial audit can run to six figures. While independent verification by a professional CPA would appear to be a forceful demonstration of a Web site’s commitment to respecting privacy, there are cheaper alternatives that appear to as effective in reassuring online users.

Back to Top


BBBOnline ( is the most recent of the three main web assurance seals, developed in 1998 and released by the Better Business Bureau (BBB) in March 1999. There are two main BBBOnline seals, the Reliability seal and the privacy seal. The Reliability seal models the BBB’s certification of brick-and-mortar companies by providing an assurance that the licensee is a reliable, trustworthy online business. The privacy seal focuses on a number of issues, including the content of the privacy statement, and consumer choice and consent to data collection.

To apply for either seal, the applicant Web site must be a member of and in good standing with their local BBB, agree to respond promptly to consumer complaints, and submit to arbitration if the complaint persists. To be awarded the privacy seal, the Web site must write a privacy statement that is easy to read and lists all disclosures in one document. In line with TRUSTe and WebTrust, this document must describe all the types of personally identifiable information that may be collected, how it is collected, and how it will be used and/or shared. The document must explain how the online consumer can review and correct the information collected, and allow the consumer to opt-out of any direct marketing.

The site must also take reasonable steps to protect the information that is collected. A data security policy must be written and reviewed at least annually, with encryption used for all financial transaction information (credit card number, and so on). By January 2002, BBBOnline had awarded Reliability seals to more than 10,000 Web sites, and privacy seals to more than 750 Web sites. Notable recipients of the BBBOnline Privacy seal include AT&T, Dell, Eastman Kodak, Hewlett-Packard, MCI Worldcom, and Proctor & Gamble.

Back to Top

The Good News

A common criticism of Web assurance seals is that they do not ensure the quality of the product, only that a Web site complies with whatever statements are made about their business practices. This is equivalent, it has been suggested, to a hotel gaining a five-star rating by promising poor service and sticking to that promise [1].

Such criticisms are misleading, however, since TRUSTe, WebTrust, and BBBOnline all outline expected standards of data privacy that broadly follow the recommendations outlined by the U.S. Federal Trade Commission. Seal recipients are not given carte blanche to provide their own definition of data privacy, only to amend the details to fit the way in which the Web site actually collects and uses data. More importantly, the core principles expressed by each seal would seem to be necessary conditions to ensure data privacy.

In particular, all three seals recognize that data privacy is closely related to security, since any data that is not secure cannot be deemed to be private. In its 2000 Computer Crime and Security Survey, the Computer Security Institute (CSI) reported that 90% of 650 companies surveyed had detected computer security breaches within the last twelve months, with 70% reporting serious attacks [3]. Denial-of-service attacks on companies such as Microsoft suggest that even large computing companies have a problem protecting their corporate Web systems. By highlighting security issues, however, the seals are at least bringing these concerns to the attention of recipients.

Better news for the seals is that online consumers are beginning to recognize the seals and what they stand for. In July 2000, Cheskin Research reported that 69% of Web users recognized the TRUSTe seal (up from 10% in January 1999), with 37% recognizing the BBBOnline seal (up from 18%) [7]. The TRUSTe seal increased the confidence in a Web site for 55% of the sample (40% for BBBOnline). The relative success of the TRUSTe seal is undoubtedly due to the prominence and range of Web sites that display the seal.

Another study [5] showed that even without specifying what the seal stood for, 62% of respondents recognized the WebTrust seal as an information protection measure, with 59% believing WebTrust minimized the potential for fraud. While these results are encouraging, it should be pointed out that 22% went further and believed that WebTrust guaranteed protection against fraud, which it does not. It appears that Web users may be beginning to trust the privacy seals more than they should.

Back to Top

The Bad News

The main concern with the privacy seal program is whether TRUSTe, WebTrust, or BBBOnline can actually enforce the principles of data privacy that recipients have agreed to comply with. Recent cases highlight the potential for abuse.

When an e-retailer goes out of business, bankruptcy lawyers can see the potentially lucrative customer database as a valuable asset, even if the data was collected under guarantees of privacy. In the summer of 2000, the failed,, and all put their customer databases up for sale. Toysmart, a TRUSTe licensee, was sued by the U.S. Federal Trade Commission for violating the privacy commitment made to its customers. In January 2001, a settlement was reached whereby a subsidiary of Disney effectively paid Toysmart $50,000 to destroy the database.

In October 2000, TRUSTe sued two Web sites, and, for illegally displaying the trustmark. After repeated cease-and-desist notices, TRUSTe filed a trademark infringement lawsuit in the U.S. District Court in Washington, DC. After learning of the lawsuit, the two sites removed the trustmark. While this shows TRUSTe’s commitment to pursue offenders, it also shows the need for legal measures to ensure that the provisions of the seal are not abused.

A Web site can presumably avoid such litigation by having no privacy statement, or by declaring that the customer database is an asset that would be sold with all assets should the company be sold. The privacy notice for was changed in late-2000 to include exactly such a disclaimer under the heading of “Business Transfers.” While it makes no sense to suggest a company must destroy its customer database when sold, it is unclear whether any purchaser of Amazon is under the same obligations of privacy with respect to sharing the data.

The simple fact of the matter is that of the hundreds of thousands of commercial Web sites in existence, only a few thousand have any sort of privacy statement. A report by Consumers International released in January 2001, examined 751 sites worldwide and found that 66% of sites collected enough information to personally identify the online visitor (name, address, and so forth)[6]. Of these, it was found that only 58% had a privacy policy posted on their site, and of these:

  • 69% had no policy to allow the visitor to correct or update their personal information;
  • 82% had no policy to allow the visitor to access that information; and,
  • 84% had no policy to allow the visitor to delete any information.

Furthermore, the same report found that information collected was typically added to a mailing list without the prior consent of the online visitor. Only 20% of sites allowed the online visitor a choice of being added to the site’s own mailing list, and less than 10% requested consent for the details to be added to the mailing list of an affiliate or third party. There is clearly a failure to enforce the rules and regulations that are meant to govern the behavior of Web sites and their use of personally identifiable information.

Back to Top

Do We Need Legislation?

After reviewing the three main seals it is no surprise to find that in spite of the efforts of TRUSTe, WebTrust, and BBBOnline, there are continued calls for legislation to ensure that the good sense outlined by the provisions of each seal becomes a legally binding contract.

Given the core similarities between the seals, it would seem sensible to suggest that any legislation must ensure that a Web site is legally bound by an acceptable standard of privacy. In line with the seals described above, these principles must declare what information is collected, why, how, and with whom it is shared. Online consumers should be allowed to opt-out of the data gathering, and have the facility to inspect and correct any of the information given.

These provisions were the core elements of the Consumer Internet Privacy Enhancement Act that was tabled before the 106th Congress in 2000 by Senators John McCain (Rep., Arizona) and John Kerry (Dem. California). The bill was not passed, but in January 2001 similar legislation was presented to the House of Representatives by Rep. Chris Cannon (Rep., Utah) and Rep. Anna Eshoo (Dem., Calif.).

The debate against legislation is that if online consumers are given the option of opting out of data collection they will do so, thus increasing the operating costs to e-retailers that would have to find other ways of targeting customers. A recent study by the Information Services Executive Council suggests that the impact on the catalog apparel industry would be an increase of 10% in prices [8]. This possibility must be balanced against the clear indication that if online consumers do not want to opt-in, it is because they do not want to be part of the direct marketing strategy that is becoming an obligatory part of online shopping.

Loopholes similar to those demonstrated by Toysmart must also be closed in order to ensure that data collected under guarantees of privacy remains private. This could be done by ensuring that the guarantee of privacy resides with the data, not just the company that collects the data. In other words, when the data is exchanged between companies, both companies must abide by the conditions of privacy under which the data was collected. Since most B2C transactions require a B2B intermediary (such as a credit card company or wholesaler), this would demand that business partners have a common data privacy policy. Such demands are becoming increasingly evident as privacy concerns become a pressing issue in the global market.

For example, the European Union’s Data Protection Directive insists that data can only be exchanged between companies that comply with the Data Protection legislation in place in Europe. In short, since U.S. companies are not under the same legal obligations, a European company cannot share personally identifiable information about European customers with a U.S. company. The U.S.-E.U. trade market currently stands at some $350 billion a year. To overcome this obstacle, the notion of a “safe harbor” is being investigated, where companies seek to demonstrate compliance with such legislation, and thus, qualify for information-sharing.

Back to Top


Using a credit card carries significant risks of fraud but legislation in most countries limits the liability of consumers (for example, to $50). Such legislation clearly enhances the confidence of consumers. Although the potential for fraud is not removed, there are clear limits to the risks involved. In e-commerce, however, the risks are largely undefined. Even for those sites that carry a privacy seal, the liability for an online consumer associated with handing over personal information is currently a matter of cordial agreement between the Web site and a Web assurance organization.

The relative success of the privacy seals suggests that many sites recognize the issue of privacy and strive to uphold the highest standards. These sites are not the problem. The problem is with those sites that violate their stated obligations, those sites that make no commitment, and those sites that actively seek to exploit the data they collect. With each new case of fraud that hits the headlines, the perception by online consumers will continue to be that Internet thieves lurk in the shadows of cyberspace, widening the trust gap and constraining the legitimate commerce being carried out online. As such, it seems to be in the interest of all concerned that legislation is enacted to define the basic principles of data privacy.

Back to Top

Back to Top

Back to Top


T1 Table 1. Summary of privacy seals.

Back to top

    1. Friedman, B., Kahn, Jr., P. H., and Howe, D. C. Trust online. Commun. ACM 43, 12 (Dec. 2000), 34–40.

    2. Hoffman, D. L., Novak, T. P., and Peralta, M. Building consumer trust online. Commun. ACM 42, 4 (Apr. 1999), 80–85.

    3. Issues and trends: 2000 CSI/FBI computer crime and security survey. Computer Security Institute. Press release (Mar. 22, 2000);

    4. Koreto, R. J. A WebTrust experience. Journal of Accountancy 186, 4 (Oct. 1998), 99–102.

    5. Portz, K., Strong, J. M., Busta, B., and Schneider, K. Do consumers understand what WebTrust means? The CPA Journal 70, 10 (Oct. 2000), 46–52.

    6. Privacy@net: An international comparative study of consumer privacy on the Internet. Consumers International (Jan. 25, 2001);

    7. Trust in the wired Americas. Cheskin Research (July, 2000);

    8. What's your privacy worth? Direct Marketers Association/Information Services Executive Council (Sept. 2, 2000); isec/privacyworth.shtml.

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More