The Federal Trade Commission is taking action against 12 US companies found to be in breach of a treaty that means they have to comply with European Union privacy laws. The companies — including BitTorrent and the Denver Broncos — violated the US-EU Safe Harbor framework: a voluntary program in which companies must meet seven EU privacy principles.

Despite the FTC's action, the Commission said the 12 companies had not necessarily committed "substantive violations" of the privacy principles. The problems appear to stem from certification marks that companies opting-in to the US-EU Safe Harbor framework are able to display on their websites or in documentation. The FTC said that the 12 companies, "through statements in their privacy policies or display of the Safe Harbor certification mark," showed that they had valid Safe Harbor certifications even after those certifications had lapsed. The proposed settlements prohibit the 12 companies from "misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization" in the future. The FTC says it will publish more detailed descriptions of these settlements shortly.

The companies had not necessarily committed substantive violations of the Safe Harbor treaty

GigaOm suggests that the FTC action may be designed to reassure the EU that the US government is concerned with its citizens' privacy after it was revealed the NSA was spying on European charities, regulators, governments, and phone records. Shortly before the FTC took action over these breaches, the European Parliament's civil liberties committee drafted a report that suggested the US-EU Safe Harbor framework should be suspended.