The US Federal Trade Commission (FTC) has yet again warned businesses not to make false claims about their participation in and compliance with the EU-US Safe Harbor Agreement.
The FTC settled with 13 US businesses that had made false claims about being certified members of the Safe Harbor scheme. The FTC’s announcement comes on the heels of two previous settlements reached in late May 2015 with companies that had lapsed certifications despite representations to the contrary made to online consumers.
The Safe Harbor scheme is currently being discussed at EU level following Edward Snowden's revelations about mass surveillance of EU citizens' personal data held by US cloud computing providers (PRISM case). The European Commission is currently in the process of reviewing the functioning of the safe harbor scheme based on the implementation of these 13 recommendations. This action by the FTC is a further example of the FTC seeking to restore some faith in the scheme.
The FTC announcement can be viewed here.
What action could be taken to manage risks that may arise from this development?
Companies should ensure that they review the Safe Harbor certification of any US service provider wishing to use the framework.