Out-Law / Your Daily Need-To-Know

US firms ‘failing to uphold EU privacy rules’ says trade commission complaint

Out-Law News | 15 Aug 2014 | 3:33 pm | 2 min. read

At least 30 US companies are failing to provide safeguards for European citizens promised under agreements with the US government, according to a complaint filed with the US Federal Trade Commission (FTC).

The complaint, filed by the Center for Digital Democracy (CDD), claims companies such as AOL and Adobe are “compiling, using, and sharing EU consumers' personal information without their awareness and meaningful consent”.

CDD claims the use of personal information is in violation of the ‘Safe Harbor’ framework, which provides for the transfer of data across borders by US technology companies without European oversight. The US Department of Commerce oversees Safe Harbour based on a voluntary ‘self-certification’ basis.

However, CDD is calling for an investigation into allegations that companies are involved in “data profiling and online targeting, including data brokers that have compiled vast amounts of sensitive information on individual consumers”.

CDD also wants the FTC to investigate data management platforms that allow the companies’ corporate clients to analyse their own consumer information and “combine it with outside data sources, to produce detailed marketing insights”, in addition to “mobile marketers that track devices and tie them to user profiles in order to identify the most profitable consumers for personalised advertising”.

CDD executive director Jeff Chester said: “The US is failing to keep its privacy promise to Europe. Instead of ensuring that the US lives up to its commitment to protect EU consumers, our investigation found that there is little oversight and enforcement by the FTC.”

Chester said: “The big data-driven companies in our complaint use Safe Harbour as a shield to further their information-gathering practices without serious scrutiny. Companies are relying on exceedingly brief, vague, or obtuse descriptions of their data collection practices, even though Safe Harbor requires meaningful transparency and candour. Our investigation found that many of the companies are involved with a web of powerful multiple data broker partners who, unknown to the EU public, pool their data on individuals so they can be profiled and targeted online.”

According to a report published in the Financial Times earlier this year, European Union justice commissioner Viviane Reding said the EU would review the safe harbor agreement. The report said Reding’s office had begun an assessment of the agreement which she said “may not be so safe after all”.

Reding said the agreement “could be a loophole” that allowed companies to shift data to the US where “data protection standards are lower than our European ones”.

Reding’s comments followed the referral of a case by the High Court of Ireland to the European Court of Justice. The case, brought by privacy campaigners, is seeking an investigation into allegations that companies including Facebook, which has its European headquarters in Ireland, helped the US National Security Agency harvest email and other private data from European citizens.

In March 2014, the US said it would take steps before the summer to comprehensively strengthen the Safe Habor framework (10-page / 448 KB PDF) to address EU concerns.