Search |
Interesting information |
U.S. Companies Risk FTC Action by Misrepresenting Compliance with EU Data Protection Safe Harbor
Melissa Krasnow, et al of Dorsey & Whitney LLP reported on 11 May 2010 that "U.S. companies that transfer personal data from the European Economic Area (i.e., the 27 Member States of the European Union (EU) and Iceland, Liechtenstein and Norway) (EEA) to the United States, and misrepresent that they have self-certified under the Safe Harbor framework, risk Federal Trade Commission (FTC) enforcement action under Section 5 of the Federal Trade Commission Act."
The authors conclude that "U.S. companies need to be careful with the language they use in their privacy statements and other public documents regarding their self-certification status or compliance with the Safe Harbor or the seven Safe Harbor principles. Before representing that they adhere to the Safe Harbor framework, U.S. companies should ensure that they have in fact self-certified with the U.S. Department of Commerce and formally renewed their Safe Harbor compliance registration each year."