Thanks to a twitter lead (HT @clarinette02), we were alerted rather late in the day to the action being taken by the Federal Trade Commission in the US against a Californian mail order company that had misused .co.uk domain names to deceive UK consumers that the company was based in the UK. In addition, the company had claimed on its websites to be registered on the Department of Commerce Safe Harbor list, the list of US entities self-certifying compliance with the Safe Harbour scheme agreed between the FTC and EU Commision. EU entities can, under the terms of the scheme and Art 25(6) of the Data Protection Directive 95/46/EC, export personal data to Safe Harbor entities without the need to take any other adequacy steps.
The FTC has been granted a temporary injunction until 25 September 2009, pending a full hearing of the case. The FTC has applied for a permanent injunction against the company, together with “such relief as the Court finds necessary…including…restitution and disgorgement of ill-gotten gains”.
We will keep track of the case to see what the Court decides to do in respect of the data protection/Safe Harbor breach.