About Us - Galexia News
First US Prosecution for false web claim of Safe Harbor status - 11 September 2009
The California-based company Balls of Kryptonite has become the subject of the first complaint against a company for falsely claiming membership of the US Safe Harbor Principles.
The Safe Harbor Privacy Principles were developed to allow the export of personal information from the EU to the US, in the absence of any US laws meeting the EU ‘adequacy’ requirement of the EU Data Protection Directive 95/46/EC. The Safe Harbor is a voluntary arrangement; organisations wishing to receive personal information from the EU must self-certify to the Department of Commerce that they comply with the Principles. At present, no law expressly prohibits falsely claiming membership of the Safe Harbor; any prosecution must rely on more general prohibitions against, for instance, deceptive or misleading conduct.
A 2008 study by Galexia found over 200 organisations which claimed to have self-certified were in fact not members of the Safe Harbor.
- The US Safe Harbor Privacy Principles (external link) »
- The FTC Action entry for the Balls of Kryptonite complaint (external link) »