A leading U.S. consumer privacy group − the Center for Digital Democracy (CDD) – filed a complaint at the U.S. Federal Trade Commission (FTC) over the U.S.-EU Safe Harbour agreement that is supposed to protect EU citizens’ privacy when their data is collected by U.S. companies. According to CDD the agreement fails in providing the safeguards that were promised to protect European consumers, as several companies are still compiling, using, and sharing EU consumers’ personal information without their awareness and meaningful consent.
Supervised by the U.S. Department of Commerce, the Safe Harbour agreement is based on a voluntary “self-certification” process, in which companies that promise to provide clear “notice” (of their data-collection practices and data uses) and “choice” (giving consumers the opportunity to “opt out” of practices they did not previously agree to) are then allowed to collect information from European consumers without strictly following the EU’s higher data-protection standards. The EU has itself recognized that the current Safe Harbour regime is inadequate, and has called for its revision.
CDD calls for an investigation of 30 companies involved in data profiling and online targeting, including data brokers that have compiled vast amounts of sensitive information on individual consumers; data management platforms that allow their corporate clients to analyze their own consumer information and combine it with outside data sources to produce detailed marketing insights; and mobile marketers that track devices and tie them to user profiles in order to identify the most profitable consumers for personalized advertising.
“The U.S. is failing to keep its privacy promise to Europe,” said Jeff Chester, CDD’s executive director. “Instead of ensuring that the U.S. lives up to its commitment to protect EU consumers, our investigation found that there is little oversight and enforcement by the FTC. The Big Data-driven companies in our complaint use Safe Harbour as a shield to further their information-gathering practices without serious scrutiny. Companies are relying on exceedingly brief, vague, or obtuse descriptions of their data collection practices, even though Safe Harbour requires meaningful transparency and candor. Our investigation found that many of the companies are involved with a web of powerful multiple data broker partners who, unknown to the EU public, pool their data on individuals so they can be profiled and targeted online.”
“The U.S. and EU are currently negotiating a trade agreement that will enable U.S. companies to gather even more data on Europeans,” Chester added. “Reform of Safe Harbour is urgently required before it becomes a ‘Get Out of Protecting Privacy’ card used by American companies under the forthcoming Transatlantic Trade and Investment Partnership (T-TIP).”
Further information can be found here.