Thirteen companies have agreed to settle Federal Trade Commission charges that they misled consumers by claiming they were certified members of the U.S.-EU or U.S.-Swiss Safe Harbor Frameworks when their certifications had lapsed or the companies had never applied for membership in the program at all.
The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks allow companies to transfer consumer data from the European Union and Switzerland to the U.S. in compliance with EU and Swiss law.
“The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks are important agreements, and the FTC remains strongly committed to enforcing them,” said FTC Chairwoman Edith Ramirez. “Companies must not deceive consumers about their participation in these programs.”
Seven companies are alleged to have violated the FTC Act by falsely claiming to have a current certification in one or both safe harbor programs when their certifications had actually not been renewed:
Six companies are alleged to have violated the FTC Act by claiming certification in one or both safe harbor programs when they never actually applied for membership in the programs:
To participate in the U.S.-EU or U.S.-Swiss Safe Harbor Frameworks, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement. A participant may also highlight for consumers its compliance with the Safe Harbor by displaying the Safe Harbor certification mark on its website.
Under the proposed settlement agreements the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
Consumers who want to know whether a U.S. company is a participant in the U.S-EU or U.S.-Swiss Safe Harbor Frameworks may visit http://export.gov/safeharbor to see if the company holds a current self-certification.
These cases are being brought with the valuable assistance of the U.S. Department of Commerce.
The Commission votes to issue the administrative complaints and accept the proposed consent agreements were 5-0. The FTC will publish a description of the consent agreement packages in the Federal Register shortly. The agreements will be subject to public comment for 30 days, beginning today and continuing through Sept. 16, 2015, after which the Commission will decide whether to make the proposed consent orders final. Interested parties can submit comments electronically:
- Golf Connect, LLC
- Pinger, Inc.
- NAICS Association, LLC
- Jubilant Clinsys, Inc.
- IOActive, Inc.
- Contract Logix, LLC
- Forensics Consulting Solutions, LLC
- Dale Jarrett Racing Adventure
- SteriMed Medical Waste Solutions
- California Skate-Line
- Just Bagels Mfg., Inc.
- One Industries Corp.
- Inbox Group, LLC
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.