This year alone, the Federal Trade Commission ("FTC") settled with more than a dozen companies over alleged false claims that the companies were in compliance with the U.S. and European Union safe harbor privacy program ("US-EU Safe Harbor Program").

The US-EU Safe Harbor Program is a voluntary program administered by the U.S. Department of Commerce in consultation with the European Commission that allows U.S. companies to receive personal data from countries in the European Union. Participation in the US-EU Safe Harbor Program helps U.S. companies to meet the European Union Directive on Data Protection's "adequacy standard" for privacy and the protection of personal data. To participate, a company must self-certify annually to the U.S. Department of Commerce that it complies with the seven privacy principles required to meet the EU's adequacy standard: notice, choice, onward transfer, access, security, data integrity, and enforcement.

One of the most recent settlements with American Apparel, was based on allegations that the clothing manufacturer violated Section 5 of the FTC Act by deceptively claiming in its privacy policy that it was in compliance with the US-EU Safe Harbor Program even though its certification with the program had lapsed.

These settlements serve as a reminder to companies that failure to update membership with a safe harbor program can result in regulatory enforcement and civil penalties.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.