The FTC recently settled with two companies, American International Mailing and TES Franchising, over the companies' "not current" EU-US Safe Harbor self-certifications with the US Department of Commerce.
As we have reported in the past, the Safe Harbor program was created by the US and EU to address European restrictions on sending personal information to companies located in countries without “adequate” privacy protections. To ensure the free flow of information to the US, which has no overarching, generally applicable privacy law similar to that in Europe, US companies could participate in the Safe Harbor program by self-certifying their compliance with the program’s principles. Those principles mirror the fundamental tenets of the EU Data Privacy Directive.
In the settlements, both companies agreed, inter alia, not to misrepresent that they were participating in a privacy program endorsed by the government or standard setting body if in fact they were not.