FTC Actions Allege Violations Of International Safe Harbor Privacy Framework


On January 21, the FTC announced agreements with 12 companies to resolve allegations that the companies falsely claimed compliance with an international privacy framework. The FTC complaints explain that the U.S.-EU Safe Harbor Framework provides a method for U.S. companies to transfer personal data outside of the EU that is consistent with the requirements of the European Union Directive on Data Protection. The Directive sets forth EU requirements for privacy and the protection of personal data and requires EU Member States to implement legislation that prohibits the transfer of personal data outside the EU unless the European Commission has made a determination that the recipient jurisdiction’s laws ensure the protection of such personal data. To participate in the Framework, a U.S. company must self-certify to the U.S. Department of Commerce that it complies with seven principles and related requirements that have been deemed to meet the EU’s adequacy standard. The FTC claimed that the companies indicated compliance with the Safe Harbor principles, for example through privacy policies or certification marks, when the companies had allowed their self-certifications to lapse. The FTC alleged that this conduct violated Section 5 of the FTC Act. The companies did not admit the allegations, and the FTC acknowledged that the allegations do not necessarily mean that the companies committed any substantive violations of the privacy principles of the Safe Harbor framework. The proposed settlement agreements would prohibit the companies from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.


Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BuckleySandler LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.