Last week, the FTC announced that it had settled with a gaming company that falsely claimed to be certified under the US Safe Harbor.  The Safe Harbor agreement is a self-certification arrangement under which you can transfer personal data from Europe to the US without "tripping up" on the EU data export prohibition.  It is a critical plank in the platform for global companies who need to transfer personal data across borders.  Think about how many companies operate globally or who use cloud-based storage solutions and you can see how important it is to be able to transfer data internationally in a legally compliant manner.

Are we seeing a new pattern of enforcement?

Only last month, the FTC announced enforcement action against 12 companies who also falsely claimed to be Safe Habor certified. So this is starting to look like a deliberate move to be more pro-active on Safe Harbor infringers. This has mostly been for failure to certify. Annual re-certification is required under the Safe Harbor for it to be valid.  By the way, failing to hold a current certification doesn't mean that you are guilty of any actual privacy law breach.  So the companies had not suffered a data leak or hack and were not, necessarily, guilty of ignoring any individual rights in relation to privacy.  Perhaps this is a sign of a new willingness to take enforcement action.

Why are we seeing additional privacy enforcement?

If you asked the FTC, they will tell you that enforcement of the Safe Harbor is a top priority and should send a signal to companies that they cannot pretend to be in the program when this is not the case.  But there may be a political reason too.  The recent Snowdon revelations are still bubbling in Europe and elsewhere and there is a real concern among European consumers that their data may be at risk if it is held in the US or by US companies. This is being stoked by the media and politicians although it is not quite clear who is more to blame. One of the longstanding criticisms of the US position is that enforcement of Safe Harbor or companies falsely claiming that they are participants has been limited. So the FTC's latest enforcement action takes this criticism head on.  It also must be one of the most efficient ways to demonstrate a willingness to ensure companies are complying with the Safe Harbor without fighting long or complex disputes with alleged offenders.  Failing to self-certify is a fairly binary issue and easy to prove.

Of course, if you were going to be cynical, you would probably compare and contrast the US FTC enforcement action with equivalent action taken by supervisory authorities in Europe in relation to unlawful data exports.  While the EU supervisory authorities have been hot on many other enforcement issues, enforcement in relation to data exports has been pretty fragmented.  Suddenly the FTC looks like a rather more effective enforcer of privacy rights than some of the EU supervisory authorities would like to admit.  We are watching the FTC's enforcement action and enthusiasm for Safe Harbor with great interest.

For more information, visit our Privacy and Data Security blog at www.datagovernancelaw.com

About Dentons

Dentons is a global firm driven to provide you with the competitive edge in an increasingly complex and interconnected marketplace. We were formed by the March 2013 combination of international law firm Salans LLP, Canadian law firm Fraser Milner Casgrain LLP (FMC) and international law firm SNR Denton.

Dentons is built on the solid foundations of three highly regarded law firms. Each built its outstanding reputation and valued clientele by responding to the local, regional and national needs of a broad spectrum of clients of all sizes – individuals; entrepreneurs; small businesses and start-ups; local, regional and national governments and government agencies; and mid-sized and larger private and public corporations, including international and global entities.

Now clients benefit from more than 2,500 lawyers and professionals in 79 locations in 52 countries across Africa, Asia Pacific, Canada, Central Asia, Europe, the Middle East, Russia and the CIS, the UK and the US who are committed to challenging the status quo to offer creative, actionable business and legal solutions.

Learn more at www.dentons.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances. Specific Questions relating to this article should be addressed directly to the author.