Search


  • Categories


  • Archives

    « Home

    FTC Settles with 12 Companies Over International Safe Harbor Privacy Framework

    The Federal Trade Commission announced a settlement with 12 companies over “charges that they falsely claimed they were abiding by an international privacy framework known as the U.S.-EU Safe Harbor that enables U.S. companies to transfer consumer data from the European Union to the United States in compliance with EU law.” The companies are: Apperian, Inc.; Atlanta Falcons Football Club, LLC; Baker Tilly Virchow Krause, LLP; BitTorrent, Inc.; Charles River Laboratories International, Inc.; DataMotion, Inc.; DDC Laboratories, Inc.; Level 3 Communications, LLC; PDB Sports, Ltd., d/b/a Denver Broncos Football Club; Reynolds Consumer Products Inc.; Receivable Management Services Corp.; and Tennessee Football, Inc. The FTC said:

    According to the twelve complaints filed by the FTC, the companies deceptively claimed they held current certifications under the U.S.-EU Safe Harbor framework and, in three of the complaints, also deceptively claimed certifications under the U.S.-Swiss Safe Harbor framework. The U.S.-EU and U.S.-Swiss Safe Harbor frameworks are voluntary programs administered by the U.S. Department of Commerce in consultation with the European Commission and Switzerland, respectively. […]

    The FTC complaints charge each company with representing, through statements in their privacy policies or display of the Safe Harbor certification mark, that they held current Safe Harbor certifications, even though the companies had allowed their certifications to lapse. The Commission alleged that this conduct violated Section 5 of the FTC Act. However, this does not necessarily mean that the company committed any substantive violations of the privacy principles of the Safe Harbor frameworks.

    Under the proposed settlement agreements, which are subject to public comment, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.

    Consumers who want to know whether a U.S. company is a participant in the U.S-EU or U.S.-Swiss Safe Harbor program may visit http://export.gov/safeharbor to see if the company holds a current self-certification. […]

    The FTC will publish descriptions of the consent agreement packages in the Federal Register shortly. The agreements will be subject to public comment for 30 days, beginning today and continuing through Feb. 20, 2014, after which the Commission will decide whether to make the proposed consent orders final. Interested parties can submit written comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section.

    Read the full announcement, which includes links to the complaints for each company and links to comment on the settlements. 

    Leave a Reply