News & Press: Legal Updates

FTC Increases Enforcement of Safe Harbor Violations

Friday, January 10, 2014  
Share |

FTC Increases Enforcement of Safe Harbor Violations
Alert from CASRO General Counsel

The Federal Trade Commission, which administers and handles enforcement of the US-EU and US-Swiss Safe Harbor Frameworks, has reportedly increased its enforcement activities with regard to privacy policies that misrepresent a company’s self-certification with the Safe Harbor Framework. The report states that the FTC has sent to numerous companies draft complaints and a proposed consent decree that requires remedial obligations—some allegedly spanning 20 years—regarding compliance and filing of reports with the FTC.

The motivation for this increased activity might be the recent criticism leveled from officials in the European Union that the Safe Harbor agreement should be reconsidered because it has not provided adequate data protection to European data subjects, in part because of a lack of rigorous enforcement.  In addition, FTC Commissioner Julie Brill recently confirmed that the FTC had received a complaint from a researcher—one who had previously lodged a Safe Harbor complaint that resulted in FTC enforcement actions—identifying roughly 400 companies that were allegedly either falsely claiming that they self-certified to the Safe Harbor or were otherwise violating it.  Brill stated that the FTC was taking appropriate action.

Regardless of the reason, companies that claim to self-certify to the Safe Harbor Framework in their online privacy policies should:

1.      Ensure that they keep their self-certifications current by filing timely annual re-certifications and

2.      Ensure that their privacy policies accurately reflect the status of their self-certification.

Needless to say, companies should never intentionally misrepresent that they self-certify to the Safe Harbor Framework.

Community Search
Member Log In

Forgot your password?

Not A CASRO Member?

Latest News
Website Underwriters