Research

[« previous] [next »]

Article - FTC enforcement against false Safe Harbor claims (February 2010)

Related Galexia news Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017 » Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016 » Galexia chapter in 'Enforcing Privacy' book published (Springer) - April 2016 » Galexia article about Implementation of the new EU-US Privacy Shield - 21 March 2016 » Galexia Director speaking at Privacy Law and Business Conference in Cambridge (UK) - 7 July 2015 » Galexia presents on The Future of the EU-US Safe Harbor at Brussels conference - 1 June 2014 » Galexia gives evidence about EU/US Safe Harbor privacy framework to the UK House of Lords - 12 March 2014 » Galexia invited to provide evidence to the European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens - 7 October 2013 » Galexia presented at the Privacy Laws & Business 23rd Annual International Conference - 14 April 2010 » Galexia interviewed by Privacy Laws and Business International Journal on the US Safe Harbor and recent actions by the FTC - 26 February 2010 » Related Galexia services and solutions Strategic Privacy Consulting. Read more » Specialised Legal and Regulatory Consulting. Read more » Cite as Privacy Law and Business International, FTC enforcement against false Safe Harbor claims, February 2010, issue 103, pages 13, 27, <http://www.privacylaws.com/>.

In 2009 the US Federal Trade commission (FTC) took action against six organisations for falsely claiming they were members of the EU/US Safe Harbor.

The action followed publication of a report by Galexia which was critical of Safe Harbor’s operation. The FTC asked for public comments on their proposed settlements with the six companies, and received two. One of the comments was from the author of the report, Chris Connolly, who complained that the FTC was in danger of appearing to endorse the privacy protection offered by Directors Desk (one of the companies) when in practice they were clearly in breach of the Enforcement Principle of the Safe Harbor agreement. Directors Desk did not disclose who their dispute resolution provider was, and that it was American Arbitration Association, which charges about $4,000 just to file a complaint.

On 19 January the FTC made a final settlement of these matters. The FTC also responded to the two comments. It noted that nobody from the EU had complained and that there was no evidence of actual breaches.

Chris Connolly, a Board Member of the Australian Privacy Foundation, said:

1. This finalises some useful enforcement action by the FTC, and the six cases are probably a good warning shot to companies making false claims.

2. However, the FTC failed to address a clear case of actual non-compliance with the ‘substance’ of the Safe Harbor agreement.

3. Hundreds of Safe Harbor members belong to very expensive dispute resolution providers, costing thousands of dollars just to lodge a complaint, let alone resolve it. Apparently the FTC does not see this as an issue.

4. Hundreds of Safe Harbor members do not disclose the name of their dispute resolution provider in their privacy policies, despite this being a fundamental requirement of the Safe Harbor agreement. Apparently the FTC does not see this as an issue.

5. Although these six organisations have been taken to task for false claims, I calculate there are more than 300 organisations currently making a false claim of Safe Harbor membership. More action is required.

6. It appears that it would be helpful if someone from the EU actually stood up and complained.

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » International, Comparative and Cross-Border Research. Read more » Cybersecurity Research and Advice. Read more » Related BSA reports developed by Galexia (external links) 4th Global Cloud Computing Readiness Scorecard » (2018) [BSA micro-site] Galexia micro-site with additional analytics » 3rd Global Cloud Computing Readiness Scorecard » (2016) [BSA micro-site] Galexia micro-site with additional analytics » - This report! 2nd Global Cloud Computing Readiness Scorecard » (2013) [BSA micro-site] Galexia micro-site with additional analytics » 1st Global Cloud Computing Readiness Scorecard » (2012) [BSA micro-site] 1st EU CyberSecurity Maturity Dashboard (2015) » (March 2015) [BSA micro-site] 1st APAC CyberSecurity Maturity Dashboard (2015) » (July 2015) [BSA micro-site] Related Galexia news about BSA BSA & Galexia Global Cloud Computing Scorecard 2018 (Galexia Analytics Release) - May 2018 » 2018 Global Cloud Computing Readiness Scorecard released - 6 March 2018 » New Global Cloud Computing Readiness Scorecard being developed - February 2017 » Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017 » Galexia Micro-site on the 2016 Global Cloud Computing Scorecard with analytics and graphs on trends since 2012 - December 2016 » Galexia presenting at the International Conference of Data Protection and Privacy Commissioners, Marrakech - October 2016 » 3rd Global Cloud Computing Readiness Scorecard released - 27 April 2016 » 3rd Global Cloud Computing Readiness Scorecard due for public release - April 2016 » The European Union Network and Information Security (NIS) Directive moves a step closer to implementation - 16 January 2016 » APAC CyberSecurity Dashboard and 10 Country Reports Launched - 1 July 2015 »

[« previous] [next »]

[up to articles, papers, conferences & seminars] [up to research]