BitTorrent, Level 3 among a dozen companies to settle FTC privacy complaint

BitTorrent, Level 3 among a dozen companies to settle FTC privacy complaint

Summary: Twelve US companies, including Level 3 Communications and BitTorrent, agreed to settle FTC charges that they falsely claimed to be in compliance with an international privacy framework known as the US-EU Safe Harbor.

SHARE:
BitTorrent-Level-3-Communications-settle-FTC-privacy-complaint-Safe-Harbor

The FTC this week announced that a dozen US companies including Apperian, BitTorrent and Level 3 Communications have agreed to settle a complaint alleging that they falsely claimed to be in compliance with an international privacy regulation that allows them to transfer consumer data from the European Union to the US.

Mobile application management software vendor Apperian, BitTorrent, the peer-to-peer file-sharing protocol, DataMotion, an encrypted email and secure file transport platform provider, and Level 3 Communications were joined by eight other companies including the Super Bowl-bound Denver Broncos and two other National Football League teams.

The FTC claimed that the 12 companies "deceptively claimed" to hold valid and current certifications under the US-EU Safe Harbor framework and, in at least three of the complaints, doubled down with unsubstantiated claims that they also held certifications under the US-Swiss Safe Harbor framework.

This week's reprimand amounts to nothing more than a slap on the wrist and an admonishment to the 12 companies – and others – that the FTC is serious about preventing companies from misrepresenting their adherence to the privacy policies.

Under the proposed settlement agreements, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.

"Enforcement of the U.S.-EU Safe Harbor Framework is a Commission priority," FTC Chairwoman Edith Ramirez said in a statement. "These twelve cases help ensure the integrity of the Safe Harbor Framework and send the signal to companies that they cannot falsely claim participation in the program."

Both the US-EU and US-Swiss Safe Harbor frameworks are voluntary programs administered by the U.S. Department of Commerce under which companies self-certify that they're in compliance with seven privacy principles required to meet the EU's adequacy standard: notice, choice, onward transfer, security, data integrity, access and enforcement.

Typically, companies that opt to participate in the framework like to advertise their participation by way of a Safe Harbor certification on their websites.

In these instances, the 12 companies, either through statements in their privacy policies or by displaying the Safe Harbor certification mark on their websites, claimed to be in compliance with the privacy framework even though their certifications had lapsed.

FTC officials said the companies had all violated Section 5 of the FTC Act, but added that the missteps didn't necessarily mean the companies had committed any "substantive violations" of the privacy principles outlined in the Safe Harbor frameworks.

Topics: Privacy, E-Commerce, Government

About

Larry Barrett is a freelance journalist and blogger who has covered the information technology and business sectors for more than 15 years.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • hmm

    sounds like a technicality more than anything else?
    theoilman
  • Ahhh, yes...

    More Corporations deciding that the "slap on the wrist" will cost them less than the increased profits from lying to the consumer.

    And there's still people that believe that regulating corporations and putting teeth into compliance laws are a bad thing and that the free market must remain pure? Who's more delusional?
    Zorched