TRUSTe to File Antiprivacy Brief Against Toysmart

SAN FRANCISCO (07/03/2000) - Consumer privacy could be the latest casualty in the dot-com shakeout, as failing companies look to sell customer lists in liquidation sales. The nonprofit organization TRUSTe announced Friday it is planning to file a brief in bankruptcy court that will decide whether Toysmart.com can sell its customer lists.

In classified advertisements in the Wall Street Journal earlier this month, Toysmart, based in Waltham, Mass., announced it is selling its assets, including customer lists and databases. However, selling the customer information to a third party violates the online company's agreement with TRUSTe, a San Jose, Calif.-based organization that encourages good privacy practices by awarding sites with seals of approval.

"They're hiding behind the veil of bankruptcy law to be able to do it," says TRUSTe spokesman Dave Steer. But, the agreement between Toysmart and TRUSTe is still binding, and companies that deviate from it can be found in breach of contract, he says, adding: "The contract is enforceable. This is an unfair and deceptive practice."

Toysmart ceased operations May 19, filed for Chapter 11 bankruptcy on June 9 and hired the Recovery Group, based in Boston, to help it sell its assets.

Stephen Gray, the managing director of the Recovery Group, did not return calls to comment Friday. The hearing in bankruptcy court in Massachusetts is scheduled for July 26.

In addition to preparing its court brief, TRUSTe has complained about the matter to the U.S. Federal Trade Commission, and the lieutenant governor and attorney general of Massachusetts. Executives at the FTC and the attorney general's office did not return calls to comment.

The Toysmart situation puts the focus on online companies, but customers of offline companies that go bankrupt and sell customer data are vulnerable, too.

"Our office is looking into ways we can help change state bankruptcy laws," as well as include privacy protections for customers in federal bankruptcy law, said Jason Kauppi, a spokesman for Lt. Gov. Jane Swift of Massachusetts.

Massachusetts was one of the first states to file privacy legislation.

Meanwhile, proposed federal legislation would require consent for Web sites to share customer data with third parties and prevent companies from selling customer data with its assets.

If TRUSTe doesn't act now, more failing dot-coms will try to recoup money by selling their sensitive customer data, Steer said. "We're focused on Toysmart because we believe it's a bellwether to the future of consumer control over their personal information," he adds.

Toysmart illustrates the need for privacy legislation, according to David Sobel, legal counsel for the Electronic Privacy Information Center in Washington. It also shows how TRUSTe lacks teeth to enforce its agreements with online companies designed to protect consumer privacy, something legislation would resolve, he added.

"There really is no meaningful protection provided to Internet users and that means both the absence of federal laws in this area and the reliance that some people in some companies are placing on certain programs like TRUSTe," Sobel says. "This demonstrates one of the failings of a system like TRUSTe, that when this kind of situation arises, they really don't have any leverage."

Steer suggests that TRUSTe could sue members for breach of contract if they don't follow their agreed-upon policy, but that recourse is untested. Rather than adopt privacy legislation, he favors expanding TRUSTe's "legal framework" for upholding contracts in the event of bankruptcies.

"I'm skeptical of the government's ability to effectively address this issue," Steer says. "What I'd like to see is a commitment to enforcing the laws that are currently on the books before we rush to pass any new laws" that might end up being a compromise and not offering consumers full protection.

TRUSTe is looking into other faltering online companies to make sure they are not planning to sell customer data in their liquidations. In one noteworthy case, Fashionmall.com, based in New York, acquired customer data along with the intellectual property of failed U.K. fashion site Boo.com. But Ben Narasin, CEO of Fashionmall, said that unlike Toysmart, which is selling its assets piecemeal, he bought Boo's assets to keep the company going.

"We didn't buy Boo just to have a list of [customer] names. We bought Boo because we wanted to own what is the pre-eminent, world's most elite fashion-online brand," says Narasin. "We bought the heart and soul. We left the debris behind, like the middleware, the burn rate and the inventory."

Fashionmall will abide by Boo's privacy policy for existing Boo customers but will follow its own policy for new Boo customers. Fashionmall's privacy statement promises not to share customer data with third parties without their consent, allows customers to remove information from the company's database and lets customers opt out from receiving communications from the company or its partners. Narasin said he isn't familiar with Boo's privacy policy but assumes it is at least as consumer-friendly as his company's because privacy laws in Europe are stronger than they are in the U.S.

Join the newsletter!

Error: Please check your email address.

More about Electronic Privacy Information Centerfashionmall.comFederal Trade CommissionFTCTRUSTeWall Street

Show Comments

Market Place