U.S. says 12 companies, including BitTorrent and NFL teams, broke EU privacy rules

The Federal Trade Commission on Tuesday announced that a dozen U.S. companies, including sports teams like the Atlanta Falcons and peer-to-peer service BitTorrent, have breached treaty rules that allow them to hold data of EU citizens.

In a press release, the agency explained that the companies, which in some cases hold sensitive health and employment data, had violated the “U.S.-EU Safe Harbor” treaty, which requires U.S. firms to comply with the EU’s strict privacy laws. The companies in question represent a cross-section of industries, including  data brokers, debt collection, and information security (full list below).

The FTC said it will announce further details about the violations in coming days, but also suggested that the offenses might be technical in nature rather than “substantive violations” of the privacy principles. In particular, the agency says the US companies had been deceiving people by using out-of-date certification marks — voluntary symbols that companies use to confirm they are complying with the rules.

As a result of the FTC’s investigation, the companies will enter so-called “consent agreements” which require them to promise to comply with certain obligations or face further penalties. The agreements will be subject to a 30-day comment period before they are final.

The news comes at a sensitive time for the U.S. cloud computer industry in the wake of the ongoing NSA surveillance scandal. In particular, EU parliamentarians have recommended suspending the Safe Harbor treaty over America’s treatment of EU data. Meanwhile, there have been rumors of new industry contracts in which UK and Canadian firms are demanding that counter-parties pledge not to store data on U.S. servers.

The FTC announcement may be a gesture on the part of the U.S. government to reassure the European Union that it is committed to privacy and upholding the terms of the treaty.

The full list of companies are: