Security firm settles with FTC over data protection agreement

Security firm settles with FTC over data protection agreement
© Getty Images

Security firm IOActive is one of 13 companies that has agreed to settle federal allegations it misled customers about compliance with overseas data protection agreements. 


The Federal Trade Commission (FTC) claimed IOActive — which recently made news when one of its researchers helped remotely hijack and shut down a Jeep — let its U.S.-European Union safe harbor certification lapse, yet continued to claim membership. 

FTC Chairwoman Edith Ramirez said in announcing the settlements that safe harbors are “important agreements, and the FTC remains strongly committed to enforcing them.”

“Companies must not deceive consumers about their participation in these programs,” she added.

U.S. companies looking to work in the EU can self-certify as members of the safe harbor framework agreement, which sets security and privacy standards for transferring customer data across borders in compliance with both area’s data protection laws.

The framework was created in 2000, but for years went largely unenforced. Digital privacy groups frequently claimed hundreds of companies were falsely claiming certification.

The U.S. has a similarly maligned data protection safe harbor agreement with Switzerland.   

Following former government contractor Edward Snowden’s revelations of secret U.S. surveillance programs, European officials stepped up pressure on the U.S. to bring action against noncompliant American companies.

Over the last year and a half, the FTC has settled claims of noncompliance with dozens of companies in response. 

Other tech companies that settled with the FTC this week included contract management software maker Contract Logix, messaging app designer Pinger and email marketing firm Inbox Group.