Twelve companies have agreed to settle charges by the Federal Trade Commission that they falsely claimed that they had self-certified their adherence to the U.S.-European Safe Harbor Framework and (for three of them) the U.S.-Swiss Safe Harbor Framework on personal data transfers, when in fact their certifications had lapsed. The proposed settlements prohibit the companies from misrepresenting their participation in any government- or organization-sponsored privacy or data security program. The settlements come less than two months after the European Commission urged the FTC to increase its U.S.-EU Safe Harbor enforcement. The FTC’s action is unlikely to quell European criticisms of the Safe Harbor arrangement, though, since it merely involves companies that falsely claimed that their certifications under the Safe Harbor were current. What the Europeans really want, at a minimum, is for the FTC to aggressively go after companies that self-certify under the Safe Harbor but don’t actually abide by the Safe Harbor’s data protection requirements.