FTC Settles with Companies Falsely Claiming to Comply with International Safe Harbor Privacy Framework

On January 21, 2014, the FTC announced that it charged 12 companies that falsely claimed they were abiding by an international privacy framework known as the U.S.-EU Safe Harbor. This framework enables U.S. companies to transfer consumer data from the European Union to the United States in compliance with EU law.

The 12 companies included a cross section of the business, especially the Atlanta Falcons, BitTorrent, Level 3 Communications and the Tennessee Titans. According to the complaints, the companies deceptively claimed they held current certifications under the U.S.-EU Safe Harbor framework. The U.S.-EU and U.S.-Swiss Safe Harbor frameworks are voluntary programs administered by the U.S. Department of Commerce in consultation with the European Commission. To participate, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement.

Under the proposed settlement agreements, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.

These cases serve as an important reminder that if you feature the Safe Harbor mark on your site or refer to your participation, remember that you must apply and get accepted every year.

Add a comment

Type the following characters: romeo, tango, six, romeo

* Indicates a required field.

Subscribe

Recent Posts

Contributors

Archives

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.