Tuesday

12th Dec 2017

Hundreds of US companies make false data protection claims

  • Data visualisation map for one client by internet firm LinkedIn (Photo: luc legay)

Hundreds of US-based companies handling EU citizens' data have lied about belonging to a data protection arrangement known as the Safe Harbour Framework.

Christopher Connolly, a director at Galexia, an Australian-based consulting company on internet law and privacy, told the European Parliament’s civil liberties committee on Monday (7 October) that “many claims of Safe Harbour membership are false.”

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

He said around one out of every seven Safe Harbour claims of membership are bogus.

The Safe Harbour agreement, hammered out in 2000 between the European Commission and the US Department of Commerce, is supposed to ensure that firms follow EU data protection laws when processing the personal data of EU citizens.

Just under 3,000 companies have signed up to the self-certification scheme, which is only enforceable once the company makes a promise to adhere to a handful of privacy principles.

Companies are also entitled to limit the scope to cover only human resource data, or consumer data, or just offline data.

Galaxia research found over 200 false claims in 2008. This had increased to 427 in September 2013.

“In those 427 organisations, you will find large household names in Europe, with hundreds of millions of customers,” Connolly said.

He added that some of the companies place unauthorised Safe Harbour seals and logos on their website without ever having signed up to the framework in the first place.

The unauthorised visual symbols often have the word ‘EU’ or the European flag on the seal.

“These are simply very low quality and false representations of the actual membership of the Safe Harbour,” Connolly noted.

Over 10 percent of companies that make a false claim of Safe Harbour membership display the US department of commerce Safe Harbour logo on their website.

Privacy advocates have for years asked the Federal Trade Commission (FTC), which enforces Safe Harbour, to address the false claims but with little success.

The FTC has filed six cases of false claims against minor companies and did not sanction any of them.

Around 30 percent of all companies do not provide any information on dispute resolution options, contrary to the Safe Harbour rules. Others who display resolution options point to agencies that charge thousands of dollars to file a complaint.

Over 460 members cite the American Arbitration Association as their dispute resolution provider, which charges the person filing the complaint between $120 and $1,200 per hour with a four-hour minimum charge plus a $950 administration fee.

Meanwhile, Safe Harbour has no provisions to stop NSA-type activities from snooping on EU citizens.

Financial records, data records, travel records, and data and voice carried by US telecommunications providers are excluded from Safe Harbour jurisdiction.

“It would be dangerous to rely on Safe Harbour to manage any aspect of the specific national security issue we face now without first addressing the broader issue of false claims and non-compliance,” Connolly said.

The European Commission, for its part, said it is possible the agreement contains loopholes.

It noted, a few weeks after former NSA agent turned whistleblower Edward Snowden leaked secret documents to the Washington Post and the Guardian, that US data protection standards are lower than in the EU.

"The Safe Harbour agreement may not be so safe after all,” said EU commissioner for Justice Viviane Reding in July.

The commission is set to come out with an assessment report on Safe Harbour before the end of the year.

The FTC, for its part, says the agreement ensures the safe transfer of data of EU citizens.

“We think it is a great way for us to protect European citizens when we are doing a case involving a US company,” FTC commissioner Julie Brill told reports in Brussels in March.

EU privacy bill - one-stop shop

For her part, Reding also on Monday in Luxembourg said "an overwhelming majority" of EU justice ministers gave her "a very strong political endorsement" on a separate EU data privacy bill.

Under the draft law, EU citizens who want to complain about data-mishandling by internet firms, such as Facebook or Google, which have their EU seats in Ireland, can appeal to their national data chiefs instead of trying to reach the more remote Irish authorities.

On the other side, companies can tackle EU-wide data cases through the data chief in the EU country in which they have their HQ, instead of dealing with 28 different EU authorities.

Reding said her officials will draft a final version of the bill in December, with a view to adoption before EU elections in May 2014.

Romania wants EU signal on Schengen membership

Bucharest expects other member states to decide on its accession to the passport-free area before it takes the rotating EU presidency on 1 January 2019 - amid criticism of a controversial new justice reform.

Germany says China using LinkedIn to recruit informants

Germany's spy agency says the Chinese state is trying to recruit high-ranking German officials via social media outlets like LinkedIn. It accused Chinese intelligence of setting up fake profiles to lure them into becoming informants.

News in Brief

  1. EU to Israel: Don't expect us to move embassies
  2. EU Commission condemns anti-semitic 'Jerusalem' protests
  3. Ministers have 'lots of questions' on new CAP plans
  4. Commission: Brexit agreement is 'deal between gentlemen'
  5. 25 EU states sign defence cooperation pact
  6. Netanyahu wants 'hardy' talks with EU on Jerusalem
  7. French centre-right elects new leader
  8. Germany and UK increase arms sales

Stakeholders' Highlights

  1. ACCACFOs Risk Losing Relevance If They Do Not Embrace Technology
  2. UNICEFMake the Digital World Safer for Children & Increase Access for the Most Disadvantaged
  3. European Jewish CongressWelcomes Recognition of Jerusalem as the Capital of Israel and Calls on EU States to Follow Suit
  4. Mission of China to the EUChina and EU Boost Innovation Cooperation Under Horizon 2020
  5. European Gaming & Betting AssociationJuncker’s "Political" Commission Leaves Gambling Reforms to the Court
  6. AJC Transatlantic InstituteAJC Applauds U.S. Recognition of Jerusalem as Israel’s Capital City
  7. EU2017EEEU Telecom Ministers Reached an Agreement on the 5G Roadmap
  8. European Friends of ArmeniaEU-Armenia Relations in the CEPA Era: What's Next?
  9. Mission of China to the EU16+1 Cooperation Injects New Vigour Into China-EU Ties
  10. EPSUEU Blacklist of Tax Havens Is a Sham
  11. EU2017EERole of Culture in Building Cohesive Societies in Europe
  12. ILGA EuropeCongratulations to Austria - Court Overturns Barriers to Equal Marriage

Latest News

  1. Alignment with EU is 'last resort', May tells MPs
  2. Iceland: further from EU membership than ever
  3. Israel presses Jerusalem claim in EU capital
  4. From dark coal toward a brighter future
  5. UK casts doubt on EU deal in 'bizarre' twist
  6. Romania wants EU signal on Schengen membership
  7. Germany says China using LinkedIn to recruit informants
  8. No chance of expanding EU warrant crime list

Stakeholders' Highlights

  1. Centre Maurits CoppietersCelebrating Diversity, Citizenship and the European Project With Fundació Josep Irla
  2. European Healthy Lifestyle AllianceUnderstanding the Social Consequences of Obesity
  3. Union for the MediterraneanMediterranean Countries Commit to Strengthening Women's Role in Region
  4. Bio-Based IndustriesRegistration for BBI JU Stakeholder Forum about to close. Last chance to register!
  5. European Heart NetworkThe Time Is Ripe for Simplified Front-Of-Pack Nutrition Labelling
  6. Counter BalanceNew EU External Investment Plan Risks Sidelining Development Objectives
  7. EU2017EEEAS Calls for Eastern Partnership Countries to Enter EU Market Through Estonia
  8. Dialogue PlatformThe Turkey I No Longer Know
  9. World Vision7 Million Children at Risk in the DRC: Donor Meeting to Focus on Saving More Lives
  10. EPSU-Eurelectric-IndustriAllElectricity European Social Partners Stand up for Just Energy Transition
  11. European Friends of ArmeniaSignature of CEPA Marks a Fresh Start for EU-Armenia Relations
  12. Nordic Council of MinistersNordic Energy Ministers Pledge to Work More Closely at Nordic and EU Level