On August 14, 2014, the Center for Digital Democracy (“CDD”) filed a complaint with the Federal Trade Commission and requested that the Commission investigate 30 companies certified to the U.S.-EU Safe Harbor Framework. In the complaint, CDD maintains that it analyzed 30 data marketing and profiling companies that currently are Safe Harbor-certified and identified the following five overarching themes that CDD claims “underscore the fundamental weakness of the Safe Harbor in its current incarnation,” including that the companies:
- Do not adequately disclose their actual data collection practices in their privacy policies and Safe Harbor declarations;
- Inaccurately classify themselves as data processors instead of data controllers, which relieves them of certain obligations under EU law;
- Are not transparent enough about changes to their corporate structures that impact consumers;
- Fail to provide meaningful, easy-to-find opt-out mechanisms that EU consumers can utilize to stop the collection and use of their personal data; and
- Create a false impression that, because the companies may not collect a consumer’s name or government-issued ID number, they are only collecting and using “anonymous” or non-personal data.
In announcing the complaint, Jeff Chester, CDD’s Executive Director, complained about the level of oversight and enforcement of Safe Harbor violations by the FTC, stating that “[t]he Big Data-driven companies in our complaint use Safe Harbor as a shield to further their information-gathering practices without serious scrutiny. Companies are relying on exceedingly brief, vague, or obtuse descriptions of their data collection practices, even though Safe Harbor requires meaningful transparency and candor.” CDD Legal Director Hudson Kingston went further by calling for FTC sanctions and protesting that “the fundamental privacy right of 500 million Europeans has been ignored and must be acknowledged and protected going forward.”
This CDD complaint follows increased scrutiny of the Safe Harbor Framework by EU officials. As we wrote in November 2013, the European Commission recommended changes to the Safe Harbor Framework, and in March 2014, the European Parliament passed a resolution that calls for suspending the Safe Harbor Framework immediately.