The Center for Digital Democracy has filed a complaint with the Federal Trade Commission against 30 data marketing companies, including data brokers, for allegedly violating the U.S./European Union safe harbor framework by "compiling, using and sharing personal information without their 'awareness and meaningful consent.'"
It was the latest in the ongoing tension between self-regulation of privacy and those who see data brokers and marketers as having access to too much data without sufficient government oversight of how it is used and shared.
The safe harbor is a voluntary set of self-certified standards for providing choice and control over their data that EU members can agree to follow to avoid as an alternative to codified EU data protection standards.
But CDD has never been a big fan of self-regulation, and doesn't see it working well here.
“The U.S. is failing to keep its privacy promise to Europe,” said Jeff Chester, CDD’s executive director. “Instead of ensuring that the U.S. lives up to its commitment to protect EU consumers, our investigation found that there is little oversight and enforcement by the FTC."
CDD says the companies overall are not being sufficiently candid about how they collect data, are not providing meaningful opt-out opportunities, and calls promised anonymity a "myth."
But CDD has issues with the harbor as well as those trying to shelter in it. It says the required declarations and privacy policies fail to provide "accurate and meaningful information to EU consumers."
"The commercial surveillance of EU consumers by U.S. companies, without consumer awareness or meaningful consent, contradicts the fundamental rights of EU citizens and European data protection laws, and also violates the intention of the Safe Harbor mechanism to adequately protect EU consumers’ personal information," says CDD in the complaint.
CDD wants the FTC to investigate the alleged violations, and if it finds violations—as CDD feels sure it will—exclude them from the safe harbor until they have been remedied.
"What our complaint reveals is that the U.S. digital marketing industry doesn’t take its privacy commitments seriously," Chester told B&C/MultiChannel News. "The FTC is going to have crack down on digital media and marketing companies behaving so badly."
Just last week, the CDD advised the government to scrap attempts to get companies to self-regulate data privacy and instead legislate safeguards.
Chester suggested there is a need for speed in reviewing and reforming the safe harbor.
“The U.S. and EU are currently negotiating a trade agreement that will enable U.S. companies to gather even more data on Europeans,” he said in announcing the complaint. “Reform of Safe Harbor is urgently required before it becomes a ‘Get Out of Protecting Privacy’ card used by American companies under the forthcoming Transatlantic Trade and Investment Partnership (T-TIP).”
An FTC spokesperson had no comment, but the commission in June did secure settlements with 14 companies over allegations they violated the US./EU safe harbor.
In addition, in a November 2013 letter to European Commission VP Viviane Reding, FTC Chair Edith Ramirez said she was committed to improving the safe harbor program. "The FTC shares with our European counterparts a strong commitment to protecting consumer privacy. We have been dedicated to developing privacy frameworks that are globally interoperable and implementing mechanisms that achieve this goal. This is the imperative with which we approach the work we do relative to the Safe Harbor program."
But she also said that she felt it continued to be "an effective and functioning tool for the protection of the privacy of EU citizens' data transferred to the United States," echoing a point she made at a speech in Brussels on the multistakeholder model.