Galexia

The US Safe Harbor - Fact or Fiction? (2008)

5.7. Dispute resolution providers

One of the most important compliance requirements in the Safe Harbor is Principle 7 – Enforcement and Dispute Resolution. This requires organisations to select an independent dispute resolution provider – usually indicated in the self-certification entry and/or the public privacy policy.

Compliance with this requirement is confusing, as many organisations select multiple dispute resolution providers or indicate the ‘brand’ of dispute resolution (e.g. BBB) without clearly indicating which specific BBB program they have selected. There is also enormous inconsistency between the dispute resolution provider selected in the self-certification form, and the provider mentioned in the website privacy policy.

The following table is therefore a very rough summary of the dispute resolution providers selected by organisations:

Dispute Resolution Provider

Number of Organisations

Compliance

Notes

Entry is blank

9

Non compliant


Entry provides an email address only

2

Non compliant


AAA

184

Non compliant

The American Arbitration Association (AAA) costs between $120 and $1,200 per hour (with a four-hour minimum charge plus a $950 administration fee).

BBB

106

Confusing

The BBB Safe Harbor program is compliant, but it is often unclear whether an organisation is indicating that it is a member of another BBB program (eg the Reliability program), a former BBB program (e.g. the closed Online Privacy program), or whether they just mean a consumer can take their complaint to a generic BBB office.

BBB EU

37

Compliant

This number is likely to be higher as some organisations that have stated ‘BBB’ will actually belong to the BBB EU program.

BBB Online Privacy

32

Not compliant

This program is closed. This number is likely to be slightly higher as many organisations that have stated ‘BBB’ will actually belong to the BBB Online Privacy program.

DMA

112

Compliant


EU DPA Panel

870

Compliant


JAMS

25

Non compliant

The Judicial Arbitration Mediation Service (JAMS) costs $350 to $800 per hour (plus a $275 administration fee).

TRUSTe (generic)

61

Confusing

The generic TRUSTe program cannot receive complaints regarding offline data, and may therefore not be suitable in all circumstances. This number is likely to be lower as some organisations have only entered ‘TRUSTe’ on the form without indicating the specific TRUSTe scheme they belong to.

TRUSTe Safe Harbor

110

Compliant

This number is likely to be higher as some organisations have only entered ‘TRUSTe’ on the form without indicating the specific TRUSTe scheme they belong to.

 

The key requirements for dispute resolution providers are that they are independent, affordable and they can provide an appropriate range of sanctions.

This study did not include a detailed examination of the independence of the selected dispute resolution providers. However a problem regarding independence was noted in passing. Nearly all members of the TRUSTe program state in their privacy policies that ‘TRUSTe is a worldwide, independent, non-profit organization’. This common wording is in fact incorrect and misleading. TRUSTe abandoned its non-profit status in July 2008 and is now a for-profit company. Its major shareholders are venture capital firm Accel – also substantial investors in Facebook. References to TRUSTe being non-profit should be removed immediately. Even the Facebook privacy policy states that TRUSTe is an ‘independent, non-profit organization’ – many months after the change in status.

Affordability is also a major issue. The Safe Harbor FAQ 11: states that ‘the recourse available to individuals must be readily available and affordable’. In all European jurisdictions access to an independent dispute resolution service regarding privacy is free.

Two key Safe Harbor dispute resolution services (selected by 209 Safe Harbor members) are too expensive for ordinary consumers to utilise:

  • The American Arbitration Association (AAA)
    An arbitrator with the AAA charges between $120 and $1,200 per hour (with a four-hour minimum charge). There is also a minimum $925 administration fee for international disputes, that rises depending on the amount of money in dispute. Many privacy complaints will not include a claim for money – in these cases AAA charges a $4,500 administration fee for ‘non-monetary amounts’.[15] These fees do not include additional costs such as the hire of a hearing room or telephone conference.
  • The Judicial Arbitration Mediation Service (JAMS)
    JAMS costs $350 to $800 per hour (plus a $275 administration fee). It is also a significant challenge to find detailed fee information regarding JAMS – there is virtually no disclosure of detailed costs on the JAMS website and their panel of neutrals do not publish a fee schedule.

No Safe Harbor member in this study revealed the extent of these costs to consumers in their privacy policy. Some organisations include a clause in their privacy policy requiring the consumer to share these costs.


[15] <http://www.adr.org/si.asp?id=5385>