Level 3, 11 other companies settle FTC privacy complaint

The 12 companies claimed to hold current certifications in an EU privacy agreement, but did not, the agency says

Twelve U.S. companies, including Internet service provider Level 3 Communications and BitTorrent, the company behind the popular peer-to-peer file-sharing protocol, have agreed to settle U.S. Federal Trade Commission charges that they falsely claimed to abide by an international data privacy framework.

The 12 companies falsely said they complied with the so-called U.S.-E.U. Safe Harbor, which allows U.S. companies to transfer consumer data from the European Union to the U.S. in compliance with E.U. law, the FTC said in a Tuesday press release.

Other companies settling the FTC charges included DataMotion, a vendor of encrypted email and secure file transport software; Apperian, maker of mobile applications for business enterprises and security; and National Football League teams the Atlanta Falcons Football Club; PDB Sports, doing business as the Denver Broncos Football Club; and Tennessee Football, known as the Titans.

Level 3, in a statement, said it takes the data privacy of its customers, employees and vendors "very seriously."

"The agreement with the FTC concerned a technical issue of an outdated safe harbor reference in our privacy policy," the statement continued. "We've since revised the policy to address the FTC's concerns and at no point in time was the privacy of personal information compromised as a result of this issue."

Representatives of BitTorrent, DataMotion and Apperian didn't immediately respond to a request for comments.

Enforcement of the framework is an FTC "priority," FTC Chairwoman Edith Ramirez said in a statement. "These twelve cases help ensure the integrity of the Safe Harbor Framework and send the signal to companies that they cannot falsely claim participation in the program."

The companies deceptively claimed to hold current certifications under the U.S.-E.U. Safe Harbor framework and, in three of the complaints, certifications under the U.S.-Swiss Safe Harbor framework, the FTC said in complaints against the companies.

To participate in the E.U. framework, a company must certify annually to the U.S. Department of Commerce that it complies with seven privacy principles required to meet the EU's adequacy standard. Those principles are notice, choice, onward transfer, security, data integrity, access and enforcement.

The companies, through statements in their privacy policies or display of the safe harbor certification mark, said they held current certifications, even though the companies had allowed their certifications to lapse. The FTC alleged that the conduct violates the FTC Act prohibiting unfair or deceptive business practices, but the violations do not necessarily mean that the companies committed any substantive violations of the privacy principles, the agency said.

Under the proposed settlement agreements, which are subject to public comment, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Trade CommissionregulationU.S. Department of CommerceCivil lawsuitsEdith RamirezprivacyTennessee FootballbittorrentAtlanta Falcons Football ClubPDB SportssecuritylegalApperiangovernmentLevel 3 Communications

More about EUFederal Trade CommissionFTCIDGLevel 3 CommunicationsNational Football League

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place