The Federal Trade Commission (FTC) has been tapped to investigate 30 U.S. companies, including Adobe and AOL, over their alleged failure to comply with an international data security framework.
Last week, the Center for Digital Democracy (CDD) filed a complaint detailing how the firms compiled, used and shared EU consumers’ personal data without their knowledge and “meaningful consent,” and in doing so violated the U.S.-EU Safe Harbor framework which facilitates the safe transfer of consumer data from the European Union to the U.S.
CDD presented the complaint to the FTC on Thursday. The 118-page document (PDF) names the 30 companies as well the false claims each is accused of making.
“Overseen by the U.S. Department of Commerce, the Safe Harbor is based on a voluntary ‘self-certification’ process, in which companies that promise to provide clear ‘notice’ (of their data-collection practices and data uses) and ‘choice’ (giving consumers the opportunity to ‘opt out’ of practices they did not previously agree to) are then allowed to collect information from European consumers without strictly following the EU’s higher data-protection standards,” a Thursday release from CDD said. “The EU has itself recognized that the current Safe Harbor regime is inadequate, and has called for its revision.”
In addition to major firms, like Adobe and AOL, CDD questioned the data collection practices of Acxiom, Adara Media, Adometry, Alterian, AppNexus, Bizo, BlueKai, Criteo and Datalogix – an analytics firm that drew privacy groups’ ire in 2012 when its data-sharing deal with Facebook came to light.
DataXu, EveryScreen Media, ExactTarget, Gigya, HasOffers, Jumptap, Lithium, Lotame, Marketo, MediaMath, Merkle, Neustar, PubMatic, Salesforce.com, SDL, SpredFast, Sprinklr, Turn, and Xaxis were also cited in the complaint.
In an executive summary (PDF) outlining its investigation request, CDD claimed that company infractions fell under three “patterns of deception:” a failure to uphold Safe Harbor commitments through misstating their purposes and practices regarding data collection and use; misrepresentation of important legal facts for consumers; or a failure to update Safe Harbor disclosures to consumers after merging with or acquiring other firms which may have “expanded their data collection and profiling capabilities.”
Of note, the CDD complaint claimed that Adobe should be investigated for its alleged failure to provide adequate notice to consumers concerning the full range of its data-mining practices, its consumer profiling by way of undisclosed data sources, and its use of precision ad-targeting technologies.
AOL’s compliance status was also called into question due to its “failure to provide an adequate explanation of the full range of its targeted advertising practices and personal information amalgamation as they relate to AOL’s participation in the EU-US Safe Harbor Framework,” CDD’s complaint said.