Thirteen companies have agreed to settle with the Federal Trade Commission (FTC) over charges that they misled consumers. The companies had claimed they were certified members of the U.S. – EU orU.S. – Swiss Safe Harbor Frameworks despite the fact that their certifications had lapsed or the companies had never applied for membership in the program in the first place.
The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks enable companies to transfer consumer data from the EU and Switzerland to the U.S. in compliance with EU and Swiss law.
In order to participate in the U.S.-EU or U.S.-Swiss Safe Harbor Frameworks, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard. A participant may also highlight for consumers its compliance with the Safe Harbor by displaying the Safe Harbor certification mark on its website.
Seven companies are alleged to have violated the FTC Act by falsely claiming to have a current certification in one or both safe harbor programs when their certifications had actually not been renewed.
Six companies are alleged to have violated the FTC Act by claiming certification in one or both safe harbor programs when they never actually applied for membership in the programs:
Each of the proposed settlement agreements prohibit the companies “from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.”