FROM: FEDERAL TRADE COMMISSION
FTC Settles with Children’s Gaming Company For Falsely Claiming To Comply With International Safe Harbor Privacy Framework
A children’s online entertainment company has agreed to settle Federal Trade Commission charges that it falsely claimed it was abiding by an international privacy framework known as the U.S.-EU Safe Harbor that enables U.S. companies to transfer consumer data from the European Union to the U.S. in compliance with EU law.
According to a complaint filed by the FTC, Fantage.com, the maker of a popular multiplayer online role-playing game directed at children ages 6-16, deceptively claimed, through statements in its privacy policy, that it held current certifications under the U.S.-EU Safe Harbor framework. The U.S.-EU Safe Harbor framework is a voluntary program administered by the U.S. Department of Commerce in consultation with the European Commission.
To participate, a company must self-certify annually to the Department of Commerce that it complies with the seven privacy principles required to meet the EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement. A participant in the U.S.-EU Safe Harbor framework may also highlight for consumers its compliance with the Safe Harbor by displaying the Safe Harbor certification mark on its website.
The FTC complaint charges Fantage.com with representing that it held a current Safe Harbor certification, even though the company had allowed its certification to lapse. The Commission alleged that this conduct violated Section 5 of the FTC Act. However, this does not necessarily mean that the company committed any substantive violations of the privacy principles of the Safe Harbor framework or other privacy laws.
Under the proposed settlement agreement, which is subject to public comment, the company is prohibited from misrepresenting the extent to which it participates in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
Consumers who want to know whether a U.S. company is a participant in the U.S-EU Safe Harbor program may visit http://export.gov/safeharbor to see if the company holds a current self-certification.
This case is being brought with the valuable assistance of the U.S. Department of Commerce. The company was also the subject of complaints filed in 2013 by Chris Connolly and Galexia, Inc.
The Commission vote to accept the consent agreement package containing the proposed consent order for public comment were 4-0. The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 13, 2014, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit written comments electronically or in paper form by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in electronic form should be submitted online. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113, 600 Pennsylvania Avenue, N.W., Washington, DC 20580.
NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.