Bay Area companies skirting European privacy protections, consumer group claims
Abode Systems, Salesforce.com and eight other Bay Area companies are among 30 corporations nationwide named in a consumer group's complaint, accusing the firms of failing to safeguard the privacy of Europeans, despite an intergovernmental agreement to do so.
The complaint filed Thursday by the Washington-based Center for Digital Democracy asks the Federal Trade Commission to investigate the firms for violating the so-called U.S.-EU Safe Harbor agreement, which is intended to ensure that companies won't compile, use or share the personal information of European consumers without the consumers' consent.
The FTC oversees enforcement of the pact, which was approved in 2000.
U.S. companies voluntarily participate in the Safe Harbor agreement, promising to provide European consumers with clear prior notice of their data-gathering intentions and giving them the opportunity to choose not to have their data used.
"The U.S. is failing to keep its privacy promise to Europe," Jeff Chester, the Center for Digital Democracy's executive director, said in a statement. "Many companies are relying on exceedingly brief, vague or obtuse descriptions of their data collection practices, even though Safe Harbor requires meaningful transparency and candor. Our investigation found that many of the companies are involved with a web of powerful multiple data broker partners who, unknown to the EU public, pool their data on them so they can be profiled and targeted online."
Besides San Jose-based Adobe and San Francisco-based Salesforce, the other Bay Area companies named in the complaint are Mountain View-based Adara Media and Gigya, Lithium of San Francisco, Marketo of San Mateo, Redwood City-based PubMatic and Turn, Bizo, which was recently acquired by LinkedIn of Mountain View, and BlueKai, recently bought by Oracle of Redwood City.
Adobe, Marketo and Turn issued statements saying they take the Safe Harbor provisions seriously and don't believe the allegations against them have merit. LinkedIn, Oracle, and Lithium declined to comment.
Other companies named in the complaint and the FTC could not immediately be reached for comment.
Among other violations of the agreement, the complaint accused the companies of "an overall lack of candor" about their data-gathering practices and a "general failure to provide meaningful opt-out mechanisms that EU consumers can find and use to remove themselves fully from privacy-harming data collection and processing."
The Center for Digital Democracy also urged authorities to toughen the pact's consumer protections, because, as Chester noted, "the U.S. and EU are currently negotiating a trade agreement that will enable U.S. companies to gather even more data on Europeans."
©2014 San Jose Mercury News (San Jose, Calif.)
Distributed by MCT Information Services