FTC Moves to Settle Twelve Violations of the U.S.-E.U. Personal Data Transfer Framework

By Matt Klinger

In late January, the Federal Trade Commission (FTC) announced settlements with three professional football teams, a large internet service provider, and eight other companies over charges they falsely claimed compliance with a framework that allows the transfer of personal data from the European Union to the United States.  

To comply with the framework, known as Safe Harbor, an organization must annually self-certify to the U.S Department of Commerce that it meets certain privacy protection requirements.  But organizations that let their certification lapse, as some in the settlement agreement did, can no longer claim compliance.

Some observers question whether the announcement is an effort to mollify E.U. officials who have recently questioned the effectiveness of Safe Harbor.  No matter the impetus, the FTC has made its commitment to enforcing Safe Harbor clear, and certified organizations should remain vigilant about their status.