Last week, the FTC announced that it had settled with a gaming
company that falsely claimed to be certified under the US Safe
Harbor. The Safe Harbor agreement is a self-certification
arrangement under which you can transfer personal data from Europe
to the US without "tripping up" on the EU data export
prohibition. It is a critical plank in the platform for
global companies who need to transfer personal data across
borders. Think about how many companies operate globally or
who use cloud-based storage solutions and you can see how important
it is to be able to transfer data internationally in a legally
Are we seeing a new pattern of enforcement?
Only last month, the FTC announced enforcement action against 12
companies who also falsely claimed to be Safe Habor certified. So
this is starting to look like a deliberate move to be more
pro-active on Safe Harbor infringers. This has mostly been for
failure to certify. Annual re-certification is required under the
Safe Harbor for it to be valid. By the way, failing to hold a
current certification doesn't mean that you are guilty of any
actual privacy law breach. So the companies had not suffered
a data leak or hack and were not, necessarily, guilty of ignoring
any individual rights in relation to privacy. Perhaps this is
a sign of a new willingness to take enforcement action.
Why are we seeing additional privacy enforcement?
If you asked the FTC, they will tell you that enforcement of the
Safe Harbor is a top priority and should send a signal to companies
that they cannot pretend to be in the program when this is not the
case. But there may be a political reason too. The
recent Snowdon revelations are still bubbling in Europe and
elsewhere and there is a real concern among European consumers that
their data may be at risk if it is held in the US or by US
companies. This is being stoked by the media and politicians
although it is not quite clear who is more to blame. One of the
longstanding criticisms of the US position is that enforcement of
Safe Harbor or companies falsely claiming that they are
participants has been limited. So the FTC's latest enforcement
action takes this criticism head on. It also must be one of
the most efficient ways to demonstrate a willingness to ensure
companies are complying with the Safe Harbor without fighting long
or complex disputes with alleged offenders. Failing to
self-certify is a fairly binary issue and easy to prove.
Of course, if you were going to be cynical, you would probably
compare and contrast the US FTC enforcement action with equivalent
action taken by supervisory authorities in Europe in relation to
unlawful data exports. While the EU supervisory authorities
have been hot on many other enforcement issues, enforcement in
relation to data exports has been pretty fragmented. Suddenly
the FTC looks like a rather more effective enforcer of privacy
rights than some of the EU supervisory authorities would like to
admit. We are watching the FTC's enforcement action and
enthusiasm for Safe Harbor with great interest.
Dentons is a global firm driven to provide you with the
competitive edge in an increasingly complex and interconnected
marketplace. We were formed by the March 2013 combination of
international law firm Salans LLP, Canadian law firm Fraser Milner
Casgrain LLP (FMC) and international law firm SNR Denton.
Dentons is built on the solid foundations of three highly
regarded law firms. Each built its outstanding reputation and
valued clientele by responding to the local, regional and national
needs of a broad spectrum of clients of all sizes –
individuals; entrepreneurs; small businesses and start-ups; local,
regional and national governments and government agencies; and
mid-sized and larger private and public corporations, including
international and global entities.
Now clients benefit from more than 2,500 lawyers and
professionals in 79 locations in 52 countries across Africa, Asia
Pacific, Canada, Central Asia, Europe, the Middle East, Russia and
the CIS, the UK and the US who are committed to challenging the
status quo to offer creative, actionable business and legal
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances. Specific Questions relating to
this article should be addressed directly to the author.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Ten days following the election, join us for a discussion with Gary Doer, former Canadian Ambassador to the US, and Gordon Giffin, US Ambassador to Canada under Bill Clinton, to discuss how the new President and Congressional makeup will shape US-Canada relations for years to come.
On November 8, 2016, the United States will go to the polls to elect their 45th president. Whether it is Hillary Clinton or Donald Trump, this decision will profoundly shape American policy for the next four to eight years. As our largest trading partner and neighbour to the south, the next US administration will influence a broad range of policy issues that directly impact Canada. These include the future of NAFTA and the TPP, the Arctic and geo-politics, the renewal of the Softwood Lumber Agreement, and the energy sector.
On Thursday, September 22, 2016, Dentons hosted a panel discussion about the management of liabilities and risks associated with environmental crises, including potential liabilities for directors and officers and provided insight into risk and liability techniques associated with environmental crisis management.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).