The Federal Trade Commission on Tuesday announced that a dozen U.S. companies, including sports teams like the Atlanta Falcons and peer-to-peer service BitTorrent, have breached treaty rules that allow them to hold data of EU citizens.
In a press release, the agency explained that the companies, which in some cases hold sensitive health and employment data, had violated the “U.S.-EU Safe Harbor” treaty, which requires U.S. firms to comply with the EU’s strict privacy laws. The companies in question represent a cross-section of industries, including data brokers, debt collection, and information security (full list below).
The FTC said it will announce further details about the violations in coming days, but also suggested that the offenses might be technical in nature rather than “substantive violations” of the privacy principles. In particular, the agency says the US companies had been deceiving people by using out-of-date certification marks — voluntary symbols that companies use to confirm they are complying with the rules.
As a result of the FTC’s investigation, the companies will enter so-called “consent agreements” which require them to promise to comply with certain obligations or face further penalties. The agreements will be subject to a 30-day comment period before they are final.
The news comes at a sensitive time for the U.S. cloud computer industry in the wake of the ongoing NSA surveillance scandal. In particular, EU parliamentarians have recommended suspending the Safe Harbor treaty over America’s treatment of EU data. Meanwhile, there have been rumors of new industry contracts in which UK and Canadian firms are demanding that counter-parties pledge not to store data on U.S. servers.
The FTC announcement may be a gesture on the part of the U.S. government to reassure the European Union that it is committed to privacy and upholding the terms of the treaty.
The full list of companies are:
- Apperian, Inc.: Company specializing in mobile applications for business enterprises and security;
- Atlanta Falcons Football Club, LLC: National Football League team;
- Baker Tilly Virchow Krause, LLP: Accounting firm;
- BitTorrent, Inc.: Provider of peer-to-peer (P2P) file sharing protocol;
- Charles River Laboratories International, Inc.: Global developer of early-stage drug discovery processes;
- DataMotion, Inc.: Provider of platform for encrypted email and secure file transport;
- DDC Laboratories, Inc.: DNA testing lab and the world’s largest paternity testing company;
- Level 3 Communications, LLC: One of the six largest ISPs in the world;
- PDB Sports, Ltd., d/b/a Denver Broncos Football Club: National Football League team;
- Reynolds Consumer Products Inc.: Maker of foil and other consumer products;
- Receivable Management Services Corporation: Global provider of accounts receivable, third-party recovery, bankruptcy and other services; and
- Tennessee Football, Inc.: National Football League team.