February 11, 2014 – The FTC today announced a proposed settlement with Fantage.com Inc., a children’s online entertainment company that allegedly misrepresented its adherence to the U.S.-European Union Safe Harbor Framework (the “Framework”).
According to the FTC’s complaint, Fantage made statements in the privacy policy its website that it followed the privacy principles of the Framework, when in fact, the company had let its Safe Harbor self -certification lapse by not renewing it starting in June of 2012. Fantage subsequently renewed its self-certification to the Safe Harbor Framework in January 2014. Under the settlement the company is prohibited from misrepresenting the extent to which it participates in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.
The FTC’s action against Fantage is similar to recent actions against 12 other organizations, including three National Football League teams, alleging that these organizations had represented their current participation in the Framework when in fact their certifications had lapsed. All of these recent enforcement actions may be in response to recent comments from EU policy makers and pundits questioning the efficacy of the Framework in light of leaks by Edward Snowden regarding U.S. surveillance in 2013.
Written by Bruce Sarkisian, Associate, Privacy & Data Security | Alston & Bird LLP