Not So Safe Harbor


The Federal Trade Commission (FTC) has announced that it is taking action against twelve businesses in the US who have been falsely claiming adherence to the framework known as Safe Harbor.

Safe Harbor allows for the free transfer of personal information for commercial purposes from companies in the EU to companies in the US that have signed up to Safe Harbor. Due to the substantial differences in privacy regimes in the EU and US without the Safe Harbor arrangement in place the transfer of personal information would be impossible.

The 12 Companies claimed they held up to date certifications under US-EU Safe Harbor Framework and in 3 of the companies' cases they claimed certifications under the US-Swiss Safe Harbor Framework.

The FTC Chairwomen Edith Ramirez said "enforcement of the US-EU Safe Harbor Framework is a Commission priority. These 12 cases help ensure the integrity of the framework and send the signal to companies they cannot falsely claim participation in the programme."

The companies involved have agreed to settle the charges. The consent agreement packages containing the proposed consent orders will be subject to public comment for 30 days from 21 January 2014 to 20 February 2014, after which the Commission will decide whether the proposed agreements will be final. Each violation of the final order can result in a penalty of up to $16,000.

The actions against the 12 companies come at a crucial time in terms of the future of the Safe Harbour Framework. In November 2013 the European Commission issued 13 recommendations to improve the enforcement and adequacy of Safe Harbor to rebuild trust in the US-EU data flow including recommendations that the FTC should subject a proportion of Safe Harbor companies to ex offico investigations. More recently, the Civil Liberties, Justice and Home Affairs Committee (LIBE) of the European Parliament released on 8 January 2014 its Draft Report...

To continue reading