Friday

23rd Jun 2017

Hundreds of US companies make false data protection claims

  • Data visualisation map for one client by internet firm LinkedIn (Photo: luc legay)

Hundreds of US-based companies handling EU citizens' data have lied about belonging to a data protection arrangement known as the Safe Harbour Framework.

Christopher Connolly, a director at Galexia, an Australian-based consulting company on internet law and privacy, told the European Parliament’s civil liberties committee on Monday (7 October) that “many claims of Safe Harbour membership are false.”

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

He said around one out of every seven Safe Harbour claims of membership are bogus.

The Safe Harbour agreement, hammered out in 2000 between the European Commission and the US Department of Commerce, is supposed to ensure that firms follow EU data protection laws when processing the personal data of EU citizens.

Just under 3,000 companies have signed up to the self-certification scheme, which is only enforceable once the company makes a promise to adhere to a handful of privacy principles.

Companies are also entitled to limit the scope to cover only human resource data, or consumer data, or just offline data.

Galaxia research found over 200 false claims in 2008. This had increased to 427 in September 2013.

“In those 427 organisations, you will find large household names in Europe, with hundreds of millions of customers,” Connolly said.

He added that some of the companies place unauthorised Safe Harbour seals and logos on their website without ever having signed up to the framework in the first place.

The unauthorised visual symbols often have the word ‘EU’ or the European flag on the seal.

“These are simply very low quality and false representations of the actual membership of the Safe Harbour,” Connolly noted.

Over 10 percent of companies that make a false claim of Safe Harbour membership display the US department of commerce Safe Harbour logo on their website.

Privacy advocates have for years asked the Federal Trade Commission (FTC), which enforces Safe Harbour, to address the false claims but with little success.

The FTC has filed six cases of false claims against minor companies and did not sanction any of them.

Around 30 percent of all companies do not provide any information on dispute resolution options, contrary to the Safe Harbour rules. Others who display resolution options point to agencies that charge thousands of dollars to file a complaint.

Over 460 members cite the American Arbitration Association as their dispute resolution provider, which charges the person filing the complaint between $120 and $1,200 per hour with a four-hour minimum charge plus a $950 administration fee.

Meanwhile, Safe Harbour has no provisions to stop NSA-type activities from snooping on EU citizens.

Financial records, data records, travel records, and data and voice carried by US telecommunications providers are excluded from Safe Harbour jurisdiction.

“It would be dangerous to rely on Safe Harbour to manage any aspect of the specific national security issue we face now without first addressing the broader issue of false claims and non-compliance,” Connolly said.

The European Commission, for its part, said it is possible the agreement contains loopholes.

It noted, a few weeks after former NSA agent turned whistleblower Edward Snowden leaked secret documents to the Washington Post and the Guardian, that US data protection standards are lower than in the EU.

"The Safe Harbour agreement may not be so safe after all,” said EU commissioner for Justice Viviane Reding in July.

The commission is set to come out with an assessment report on Safe Harbour before the end of the year.

The FTC, for its part, says the agreement ensures the safe transfer of data of EU citizens.

“We think it is a great way for us to protect European citizens when we are doing a case involving a US company,” FTC commissioner Julie Brill told reports in Brussels in March.

EU privacy bill - one-stop shop

For her part, Reding also on Monday in Luxembourg said "an overwhelming majority" of EU justice ministers gave her "a very strong political endorsement" on a separate EU data privacy bill.

Under the draft law, EU citizens who want to complain about data-mishandling by internet firms, such as Facebook or Google, which have their EU seats in Ireland, can appeal to their national data chiefs instead of trying to reach the more remote Irish authorities.

On the other side, companies can tackle EU-wide data cases through the data chief in the EU country in which they have their HQ, instead of dealing with 28 different EU authorities.

Reding said her officials will draft a final version of the bill in December, with a view to adoption before EU elections in May 2014.

Border management going virtual

EU leaders at a summit in Brussels are set to endorse new border control measures, while the head of a Tallinn-based EU agency predicts a future where border management goes virtual.

Opinion

Why Schengen deserves to be saved

Far-right parties around Europe have managed to turn the passport-free Schengen area into a game of political hot potato despite its numerous benefits.

News in Brief

  1. Merkel and Macron hold symbolic joint press conference
  2. Juncker has 'no' clear idea of kind of Brexit UK wants
  3. Belgian PM calls May's proposal on EU citizens 'vague'
  4. UK lacks support of EU countries in UN vote
  5. Spain to command anti-smuggler Mediterranean force
  6. Estonia confirms opposition to Nord Stream 2 pipeline
  7. Ireland and Denmark outside EU military plan
  8. EU leaders renew vows to uphold Paris climate deal

Stakeholders' Highlights

  1. EPSUOn Public Services Day, Stop Austerity! Workers Need a Pay Rise!
  2. EGBAOnline Gambling: The EU Court Rejects Closed Licensing Regimes In Member States
  3. World VisionFaces of Today, Leaders of Tomorrow: Join the Debate on Violence Against Girls - 29 June
  4. ECR GroupThe EU Must Better Protect Industry from Unfair Competition
  5. Malta EU 2017Better Protection for Workers From Cancer-Causing Substances
  6. EPSUAfter 9 Years of Austerity Europe's Public Sector Workers Deserve a Pay Rise!
  7. Dialogue PlatformGlobalised Religions and the Dialogue Imperative. Join the Debate!
  8. UNICEFEU Trust Fund Contribution to UNICEF's Syria Crisis Response Reaches Nearly €200 Million
  9. EUSEW17Bringing Buildings Into the Circular Economy. Discuss at EU Sustainable Energy Week
  10. European Healthy Lifestyle AllianceCan an Ideal Body Weight Lead to Premature Death?
  11. Malta EU 2017End of Roaming Charges: What Does It Entail?
  12. World VisionWorld Refugee Day, a Dark Reminder of the Reality of Children on the Move

Latest News

  1. New Irish PM praises unscripted nature of EU summits
  2. EU extends sanctions on Russia
  3. UK's universities set 'Brexit wish list'
  4. Decision on post-Brexit home for EU agencies postponed
  5. May's offer on citizens’ rights dismissed as ‘pathetic’
  6. 'Historic' defence plan gets launch date at EU summit
  7. EU pressures firms to tackle online terrorism
  8. Lack of eligible candidates dogs EU relocation scheme

Stakeholders' Highlights

  1. European Social Services ConferenceDriving Innovation in the Social Sector I 26-28 June
  2. Dialogue PlatformMuslims Have Unique Responsibility to Fight Terror: Opinon From Fethullah Gülen
  3. EUSEW17Check out This Useful Infographic on How to Stay Sustainable and Energy Efficient.
  4. Counter BalanceEuropean Parliament Criticises the Juncker Plan's Implementation
  5. The Idealist QuarterlyDoes Europe Really Still Need Feminism? After-Work Chat on 22 June
  6. EUSEW17Create an Energy Day Event Before the End of June. Join the Call for Clean Energy
  7. UNICEF1 in 5 Children in Rich Countries Lives in Relative Income Poverty, 1 in 8 Faces Food Insecurity
  8. International Partnership for Human Rights26 NGOs Call on Interpol Not to Intervene Versus Azerbaijani Human Rights Defenders
  9. Malta EU 2017Significant Boost in Financing for SMEs and Entrepreneurs Under New Agreement
  10. World VisionYoung People Rise up as EU Signs Consensus for Development at EU Development Days
  11. ILGA-EuropeLGBTI Activists and Businesses Fighting Inequality Together
  12. Nordic Council of MinistersNordic Prime Ministers Respond to Trump on Paris Agreement