Twelve U.S. businesses have agreed to settle Federal Trade Commission charges that they falsely claimed they were abiding by an international privacy framework known as the U.S.- EU Safe Harbor that enables U.S. companies to transfer consumer data from the European Union to the United States in compliance with EU law.
The companies settling with the FTC represent a cross-section of industries, including retail, professional sports, laboratory science, data broker, debt collection, and information security. The companies handle a variety of consumer information, including in some instances sensitive data about health and employment.
“Enforcement of the U.S.-EU Safe Harbor Framework is a Commission priority. These twelve cases help ensure the integrity of the Safe Harbor Framework and send the signal to companies that they cannot falsely claim participation in the program,” said FTC Chairwoman Edith Ramirez.
The FTC complaints charge each company with representing, through statements in their privacy policies or display of the Safe Harbor certification mark, that they held current Safe Harbor certifications, even though the companies had allowed their certifications to lapse. The Commission alleged that this conduct violated Section 5 of the FTC Act. However, this does not necessarily mean that the company committed any substantive violations of the privacy principles of the Safe Harbor frameworks.