Has your company taken this selfie lately?

Share This Page

The company name may be American Apparel, but commerce is global, especially in the fashion industry.  If a business says it abides by the U.S.-EU Safe Harbor for transferring consumer data, companies have an obligation to live up to that promise.  American Apparel, the popular clothing retailer, is the latest company to be the subject of FTC law enforcement for claiming it was in compliance with the framework, but failing to conduct the required annual self-certification.

Administered by the Department of Commerce, the Safe Harbor program is a voluntary international privacy framework that lets U.S. companies transfer consumer data from the European Union to the United States in compliance with EU Law.  To participate, a company must self-certify every year that it complies with the seven privacy principles required to meet the EU’s adequacy standard:  notice, choice, onward transfer, security, data integrity, access, and enforcement.  Many companies highlight their compliance by mentioning it on their websites.

American Apparel claimed in its privacy policy that it held current certifications under the U.S.-EU Safe Harbor framework and a similar one for the U.S. and Switzerland.  The trouble is the company had let its self-certification lapse.  The FTC’s complaint didn’t charge an underlying privacy violation, but did allege that American Apparel’s compliance claim was false, in violation of Section 5 of the FTC Act.

Like a dozen similar cases announced in January and another one in February, the settlement with American Apparel requires the company to tell the truth about its participation in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting group.

Getting an uneasy feeling about whether your certification is up to date? It's easy to check.  Mark your calendar to make sure your company follows through with the required annual self-certification – and do your clients a favor by reminding them, too.

File a comment about the proposed settlement by June 9, 2014.  Bookmark the FTC's U.S.-EU Safe Harbor Framework page for more resources.



Thanks for your post
obviously like your website but you have to check the spelling on several of your posts. Several of them are rife with spelling problems and I find it very bothersome to tell the truth nevertheless Ill definitely come back again. ecdebddegdbebegg
good concept,hopefully we get more article on it by you.

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.