Twelve US companies, including major backbone provider Level3 and BitTorrent, have violated a privacy treaty between the European Union and the United States. The companies said they were in compliance, but their certification had expired.
The treaty that the twelve companies violated, the US-EU Safe Harbor Framework, is intended to allow American companies to process data of European internet users. In general, the American law offers a much lower protection of privacy than the European one, but the treaty allows American companies to process data from Europeans according to European law.
To comply with the treaty, which is voluntary, companies must re-register every year. The 12 companies, including the major backbone provider Level3 and the company of the creator of BitTorrent, did not do so, while stating on their website that they were certified under the treaty, writes the US Federal Trade Commission. That does not mean that the companies have violated the privacy of citizens in practice, the FTC emphasizes.
The 12 companies, including two American football clubs, an app maker and a DNA testing company, have reached a settlement with the FTC, which has yet to be approved. In addition, the companies promise not to post misleading information about privacy programs again. Incidentally, Level3 is also the company that allegedly gave the NSA access to unencrypted fiber taps, including taps on the internal networks of Google and Yahoo.