Companies Settle FTC Charges of Falsely Claiming EU, Swiss Safe Harbor Compliance

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

April 7 — Two U.S. businesses have agreed to settle Federal Trade Commission administrative enforcement actions charging them with misleading consumers about their certification under the U.S.-European Union Safe Harbor Program and the U.S.-Swiss Safe Harbor Program, the FTC announced April 7.

The concurrently filed draft administrative complaints against American International Mailing Inc. and TES Franchising LLC alleged that, although both companies claimed to be certified under the frameworks, those certifications had expired years earlier.

The U.S.-EU Safe Harbor Program, which is administered by the U.S. Department of Commerce, allows U.S. companies to lawfully make transfers of personal data outside the European Economic Area because they have self-certified their compliance with privacy principles similar to those found in the EU Data Protection Directive (95/46/EC).

Under the U.S.-Swiss Safe Harbor Program, companies give similar attestations that they will comply with Swiss data protection law principles to transfer data to the U.S. Switzerland isn't a member of the EU, but its laws closely follow EU data protection practices.

“We remain strongly committed to enforcing the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks,” FTC Chairwoman Edith Ramirez said in the FTC statement. “These cases send an important message that businesses must not deceive consumers about whether they hold these certifications, and by extension, the ways in which they protect consumers.”

The proposed no-fault consent orders for American International and TES both include a paragraph stating:

Proposed respondent neither admits nor denies any of the allegations in the draft complaint, except as specifically stated in this order.


Additional Misrepresentations Alleged

The FTC also alleged that TES misled consumers about its dispute resolution procedures. The company's website stated that any U.S.-EU Safe Harbor Program disputes would be settled by an arbitration agency in Connecticut with the costs split evenly, but its Safe Harbor certification filing stated that it would resolve disputes through European data protection authorities, which don't require in-person hearings and resolve disputes at no cost, according to the FTC's statement. As such, the proposed settlement would bar it from continuing to make such misrepresentations.

The complaint said the statements made by TES were also “likely to deter EU and Swiss citizens from attempting to take advantage of the dispute resolution services offered by the company.”

The complaint also alleged that TES misrepresented that TRUSTe Inc. had certified its privacy program to allow it to post a TRUSTe privacy seal on its website.

Proposed Settlement Terms

Under the proposed settlements, both companies would be barred from misrepresenting their participation in any government-sponsored privacy or data security program.

Both proposed consent orders would sunset after 20 years.

The FTC is accepting comments on the proposed consent orders through May 7. The commission also released analyses of the proposed American International Mailing and TES settlements to aid the public in commenting.

The FTC represented the commission. McCarthy, Leonard & Kaemmerer LC represented American International Mailing. TES Franchising represented itself.

An unsigned copy of the American International Mailing proposed consent order is available at

Further information about the action against American International Mailing is available at

An unsigned copy of the TES Franchising proposed consent order is available at

Further information about the action against TES Franchising is available at


Request Bloomberg Law: Privacy & Data Security