FROM: U.S. FEDERAL TRADE COMMISSION
FTC Settles with Two Companies Falsely Claiming to Comply with International Safe Harbor Privacy Framework
Two U.S. businesses have agreed to settle Federal Trade Commission charges they falsely claimed they were abiding by an international privacy framework known as the U.S.-EU Safe Harbor, which enables U.S. companies to transfer consumer data from the European Union to the United States in compliance with EU law.
FTC complaints against TES Franchising, LLC, and American International Mailing, Inc. allege that the companies’ websites indicated they were currently certified under the U.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework, when in fact their certifications had lapsed years earlier.
“We remain strongly committed to enforcing the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks,” said FTC Chairwoman Edith Ramirez. “These cases send an important message that businesses must not deceive consumers about whether they hold these certifications, and by extension, the ways in which they protect consumers.”
The complaint against TES also alleges that TES deceived consumers about the nature of its dispute resolution procedures. On its website, the company stated that Safe Harbor-related disputes would be settled by an arbitration agency, would take place in Connecticut, and costs would be split between the consumer and the company. According to the FTC’s complaint, the company had agreed in its Safe Harbor certification filing that it would resolve disputes through the European data protection authorities, which do not require in-person hearings and resolve disputes at no cost to the consumer. The complaint also alleges that the company deceptively claimed to be a licensee of the TRUSTe Privacy program.
To participate in the U.S.-EU Safe Harbor Framework or U.S.-Swiss Safe Harbor Frameworks, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement. A participant may also highlight for consumers its compliance with the Safe Harbor by displaying the Safe Harbor certification mark on its website.
Under the proposed settlement agreements, which are subject to public comment, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization. The settlement with TES further prohibits the company from misrepresenting its participation in or the terms of any alternative dispute resolution process or service.
These cases are being brought with the valuable assistance of the U.S. Department of Commerce.
The Commission votes to issue the administrative complaints and accept the proposed consent agreements were 5-0.
A PUBLICATION OF RANDOM U.S.GOVERNMENT PRESS RELEASES AND ARTICLES
Showing posts with label INTERNATIONAL SAFE HARBOR PRIVACY FRAMEWORK. Show all posts
Showing posts with label INTERNATIONAL SAFE HARBOR PRIVACY FRAMEWORK. Show all posts
Wednesday, April 8, 2015
Wednesday, February 12, 2014
CHILDREN'S GAMING COMPANY SETTLES CHARGES IT VIOLATED SAFE HARBOR PRIVACY FRAMEWORK
FROM: FEDERAL TRADE COMMISSION
FTC Settles with Children’s Gaming Company For Falsely Claiming To Comply With International Safe Harbor Privacy Framework
A children’s online entertainment company has agreed to settle Federal Trade Commission charges that it falsely claimed it was abiding by an international privacy framework known as the U.S.-EU Safe Harbor that enables U.S. companies to transfer consumer data from the European Union to the U.S. in compliance with EU law.
According to a complaint filed by the FTC, Fantage.com, the maker of a popular multiplayer online role-playing game directed at children ages 6-16, deceptively claimed, through statements in its privacy policy, that it held current certifications under the U.S.-EU Safe Harbor framework. The U.S.-EU Safe Harbor framework is a voluntary program administered by the U.S. Department of Commerce in consultation with the European Commission.
To participate, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement. A participant in the U.S.-EU Safe Harbor framework may also highlight for consumers its compliance with the Safe Harbor by displaying the Safe Harbor certification mark on its website.
The FTC complaint charges Fantage.com with representing that it held a current Safe Harbor certification, even though the company had allowed its certification to lapse. The Commission alleged that this conduct violated Section 5 of the FTC Act. However, this does not necessarily mean that the company committed any substantive violations of the privacy principles of the Safe Harbor framework or other privacy laws.
Under the proposed settlement agreement, which is subject to public comment, the company is prohibited from misrepresenting the extent to which it participates in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
Consumers who want to know whether a U.S. company is a participant in the U.S-EU Safe Harbor program may visit http://export.gov/safeharbor to see if the company holds a current self-certification.
This case is being brought with the valuable assistance of the U.S. Department of Commerce. The company was also the subject of complaints filed in 2013 by Chris Connolly and Galexia, Inc.
The Commission vote to accept the consent agreement package containing the proposed consent order for public comment were 4-0. The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 13, 2014, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit written comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in electronic form should be submitted online. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113, 600 Pennsylvania Avenue, N.W., Washington, DC 20580.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.
FTC Settles with Children’s Gaming Company For Falsely Claiming To Comply With International Safe Harbor Privacy Framework
A children’s online entertainment company has agreed to settle Federal Trade Commission charges that it falsely claimed it was abiding by an international privacy framework known as the U.S.-EU Safe Harbor that enables U.S. companies to transfer consumer data from the European Union to the U.S. in compliance with EU law.
According to a complaint filed by the FTC, Fantage.com, the maker of a popular multiplayer online role-playing game directed at children ages 6-16, deceptively claimed, through statements in its privacy policy, that it held current certifications under the U.S.-EU Safe Harbor framework. The U.S.-EU Safe Harbor framework is a voluntary program administered by the U.S. Department of Commerce in consultation with the European Commission.
To participate, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement. A participant in the U.S.-EU Safe Harbor framework may also highlight for consumers its compliance with the Safe Harbor by displaying the Safe Harbor certification mark on its website.
The FTC complaint charges Fantage.com with representing that it held a current Safe Harbor certification, even though the company had allowed its certification to lapse. The Commission alleged that this conduct violated Section 5 of the FTC Act. However, this does not necessarily mean that the company committed any substantive violations of the privacy principles of the Safe Harbor framework or other privacy laws.
Under the proposed settlement agreement, which is subject to public comment, the company is prohibited from misrepresenting the extent to which it participates in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
Consumers who want to know whether a U.S. company is a participant in the U.S-EU Safe Harbor program may visit http://export.gov/safeharbor to see if the company holds a current self-certification.
This case is being brought with the valuable assistance of the U.S. Department of Commerce. The company was also the subject of complaints filed in 2013 by Chris Connolly and Galexia, Inc.
The Commission vote to accept the consent agreement package containing the proposed consent order for public comment were 4-0. The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 13, 2014, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit written comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in electronic form should be submitted online. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113, 600 Pennsylvania Avenue, N.W., Washington, DC 20580.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.
Tuesday, January 21, 2014
12 COMPANIES SETTLE FTC CHARGES REGARDING INTERNATIONAL TRANSFER OF CONSUMER DATA
FROM: FEDERAL TRADE COMMISSION
FTC Settles with Twelve Companies Falsely Claiming to Comply with International Safe Harbor Privacy Framework
Twelve U.S. businesses have agreed to settle Federal Trade Commission charges that they falsely claimed they were abiding by an international privacy framework known as the U.S.-EU Safe Harbor that enables U.S. companies to transfer consumer data from the European Union to the United States in compliance with EU law.
The companies settling with the FTC represent a cross-section of industries, including retail, professional sports, laboratory science, data broker, debt collection, and information security. The companies handle a variety of consumer information, including in some instances sensitive data about health and employment. The twelve companies are:
Apperian, Inc.: Company specializing in mobile applications for business enterprises and security;
Atlanta Falcons Football Club, LLC: National Football League team;
Baker Tilly Virchow Krause, LLP: Accounting firm;
BitTorrent, Inc.: Provider of peer-to-peer (P2P) file sharing protocol;
Charles River Laboratories International, Inc.: Global developer of early-stage drug discovery processes;
DataMotion, Inc.: Provider of platform for encrypted email and secure file transport;
DDC Laboratories, Inc.: DNA testing lab and the world’s largest paternity testing company;
Level 3 Communications, LLC: One of the six largest ISPs in the world;
PDB Sports, Ltd., d/b/a Denver Broncos Football Club: National Football League team;
Reynolds Consumer Products Inc.: Maker of foil and other consumer products;
Receivable Management Services Corporation: Global provider of accounts receivable, third-party recovery, bankruptcy and other services; and
Tennessee Football, Inc.: National Football League team.
“Enforcement of the U.S.-EU Safe Harbor Framework is a Commission priority. These twelve cases help ensure the integrity of the Safe Harbor Framework and send the signal to companies that they cannot falsely claim participation in the program,” said FTC Chairwoman Edith Ramirez.
According to the twelve complaints filed by the FTC, the companies deceptively claimed they held current certifications under the U.S.-EU Safe Harbor framework and, in three of the complaints, also deceptively claimed certifications under the U.S.-Swiss Safe Harbor framework. The U.S.-EU and U.S.-Swiss Safe Harbor frameworks are voluntary programs administered by the U.S. Department of Commerce in consultation with the European Commission and Switzerland, respectively. To participate, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement. A participant in the U.S.-EU Safe Harbor framework may also highlight for consumers its compliance with the Safe Harbor by displaying the Safe Harbor certification mark on its website.
The FTC complaints charge each company with representing, through statements in their privacy policies or display of the Safe Harbor certification mark, that they held current Safe Harbor certifications, even though the companies had allowed their certifications to lapse. The Commission alleged that this conduct violated Section 5 of the FTC Act. However, this does not necessarily mean that the company committed any substantive violations of the privacy principles of the Safe Harbor frameworks.
Under the proposed settlement agreements, which are subject to public comment, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
Consumers who want to know whether a U.S. company is a participant in the U.S-EU or U.S.-Swiss Safe Harbor program may visit http://export.gov/safeharbor to see if the company holds a current self-certification.
These cases are being brought with the valuable assistance of the U.S. Department of Commerce. These companies were also the subject of complaints filed in 2013 by Chris Connolly and Galexia, Inc.
The Commission votes to accept the consent agreement packages containing the proposed consent orders for public comment were 4-0. The FTC will publish descriptions of the consent agreement packages in the Federal Register shortly. The agreements will be subject to public comment for 30 days, beginning today and continuing through Feb. 20, 2014, after which the Commission will decide whether to make the proposed consent orders final. Interested parties can submit written comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in electronic form should be submitted using the following Web links:
Apperian, Inc.
Atlanta Falcons Football Club, LLC
Baker Tilly Virchow Krause, LLP
BitTorrent, Inc.
Charles River Laboratories International, Inc.
DataMotion, Inc.
DDC Laboratories, Inc.
Level 3 Communications, LLC
PDB Sports, Ltd., d/b/a Denver Broncos Football Club
Reynolds Consumer Products Inc.
Receivable Management Services Corporation
Tennessee Football, Inc.
Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.
FTC Settles with Twelve Companies Falsely Claiming to Comply with International Safe Harbor Privacy Framework
Twelve U.S. businesses have agreed to settle Federal Trade Commission charges that they falsely claimed they were abiding by an international privacy framework known as the U.S.-EU Safe Harbor that enables U.S. companies to transfer consumer data from the European Union to the United States in compliance with EU law.
The companies settling with the FTC represent a cross-section of industries, including retail, professional sports, laboratory science, data broker, debt collection, and information security. The companies handle a variety of consumer information, including in some instances sensitive data about health and employment. The twelve companies are:
Apperian, Inc.: Company specializing in mobile applications for business enterprises and security;
Atlanta Falcons Football Club, LLC: National Football League team;
Baker Tilly Virchow Krause, LLP: Accounting firm;
BitTorrent, Inc.: Provider of peer-to-peer (P2P) file sharing protocol;
Charles River Laboratories International, Inc.: Global developer of early-stage drug discovery processes;
DataMotion, Inc.: Provider of platform for encrypted email and secure file transport;
DDC Laboratories, Inc.: DNA testing lab and the world’s largest paternity testing company;
Level 3 Communications, LLC: One of the six largest ISPs in the world;
PDB Sports, Ltd., d/b/a Denver Broncos Football Club: National Football League team;
Reynolds Consumer Products Inc.: Maker of foil and other consumer products;
Receivable Management Services Corporation: Global provider of accounts receivable, third-party recovery, bankruptcy and other services; and
Tennessee Football, Inc.: National Football League team.
“Enforcement of the U.S.-EU Safe Harbor Framework is a Commission priority. These twelve cases help ensure the integrity of the Safe Harbor Framework and send the signal to companies that they cannot falsely claim participation in the program,” said FTC Chairwoman Edith Ramirez.
According to the twelve complaints filed by the FTC, the companies deceptively claimed they held current certifications under the U.S.-EU Safe Harbor framework and, in three of the complaints, also deceptively claimed certifications under the U.S.-Swiss Safe Harbor framework. The U.S.-EU and U.S.-Swiss Safe Harbor frameworks are voluntary programs administered by the U.S. Department of Commerce in consultation with the European Commission and Switzerland, respectively. To participate, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement. A participant in the U.S.-EU Safe Harbor framework may also highlight for consumers its compliance with the Safe Harbor by displaying the Safe Harbor certification mark on its website.
The FTC complaints charge each company with representing, through statements in their privacy policies or display of the Safe Harbor certification mark, that they held current Safe Harbor certifications, even though the companies had allowed their certifications to lapse. The Commission alleged that this conduct violated Section 5 of the FTC Act. However, this does not necessarily mean that the company committed any substantive violations of the privacy principles of the Safe Harbor frameworks.
Under the proposed settlement agreements, which are subject to public comment, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
Consumers who want to know whether a U.S. company is a participant in the U.S-EU or U.S.-Swiss Safe Harbor program may visit http://export.gov/safeharbor to see if the company holds a current self-certification.
These cases are being brought with the valuable assistance of the U.S. Department of Commerce. These companies were also the subject of complaints filed in 2013 by Chris Connolly and Galexia, Inc.
The Commission votes to accept the consent agreement packages containing the proposed consent orders for public comment were 4-0. The FTC will publish descriptions of the consent agreement packages in the Federal Register shortly. The agreements will be subject to public comment for 30 days, beginning today and continuing through Feb. 20, 2014, after which the Commission will decide whether to make the proposed consent orders final. Interested parties can submit written comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in electronic form should be submitted using the following Web links:
Apperian, Inc.
Atlanta Falcons Football Club, LLC
Baker Tilly Virchow Krause, LLP
BitTorrent, Inc.
Charles River Laboratories International, Inc.
DataMotion, Inc.
DDC Laboratories, Inc.
Level 3 Communications, LLC
PDB Sports, Ltd., d/b/a Denver Broncos Football Club
Reynolds Consumer Products Inc.
Receivable Management Services Corporation
Tennessee Football, Inc.
Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.
Subscribe to:
Posts (Atom)