News
CDD Files Complaint with the FTC Accusing 30 Companies of Violating Safe Harbour
03.09.2014
The Center for Digital Democracy (CDD) is one of the leading US nonprofit organizations focused on consumer protection in the digital era. On 14 August, CDD has filed a complaint with the US Federal Trade Commission (FTC) accusing 30 companies of violating the fundamental privacy right of millions of European consumers by routinely ignoring the US-EU-Safe Harbor provisions. The Safe Harbor framework provides a streamlined process for US companies to comply with the European data protection directive. It is thus essential for their ability to operate business vis-à-vis European consumers from the US. Based on a voluntary “self-certification” system Safe Harbor is supposed to protect EU citizens’ privacy when their data is collected by US companies.
To participate in Safe Harbor, US companies must self-certify to the FTC, acknowledging that they comply with seven principles and other related requirements. The CDD claims that the respective companies, including Adobe, AOL and Salesforce were first of all misstating their actual purposes and practices of data collection and use. For instance these companies would fail to give consumers transparency by making insufficient disclosures and providing ineffective opt-out features. In addition they were misleading EU consumers by redefining significant terms from EU law and the Safe Harbor. According to the CDD some of the companies have also merged with other companies, thus expanding their data collection and profiling capabilities, or changed their entire corporate structure and business plan, but still have not updated their Safe Harbour disclosures or made clear to consumers their ongoing duties to protect personal information. The CDD also criticized the FTC saying they provided little oversight and enforcement.
After the NSA spying revelations, Safe Harbor has been subject to controversy and criticism for quite some time now. Last year the European Commission reviewed the Safe Harbor provisions and tried to restore trust in data flows between the EU and the US. This year in March the European Parliament voted to preliminarily suspend Safe Harbor.
To participate in Safe Harbor, US companies must self-certify to the FTC, acknowledging that they comply with seven principles and other related requirements. The CDD claims that the respective companies, including Adobe, AOL and Salesforce were first of all misstating their actual purposes and practices of data collection and use. For instance these companies would fail to give consumers transparency by making insufficient disclosures and providing ineffective opt-out features. In addition they were misleading EU consumers by redefining significant terms from EU law and the Safe Harbor. According to the CDD some of the companies have also merged with other companies, thus expanding their data collection and profiling capabilities, or changed their entire corporate structure and business plan, but still have not updated their Safe Harbour disclosures or made clear to consumers their ongoing duties to protect personal information. The CDD also criticized the FTC saying they provided little oversight and enforcement.
After the NSA spying revelations, Safe Harbor has been subject to controversy and criticism for quite some time now. Last year the European Commission reviewed the Safe Harbor provisions and tried to restore trust in data flows between the EU and the US. This year in March the European Parliament voted to preliminarily suspend Safe Harbor.
Well
informed
Subscribe to our newsletter now to stay up to date on the latest developments.
Subscribe nowInsights
