The FTC recently announced what appears to be the first spotlight shined on somebody pretending to be Safe Harbor certified when they actually are not.
The FTC release states: "The FTC also charged the defendants with deceiving consumers about their participation in a program in which U.S. companies assure customers in the European Union that they secure the customers’ personal information, as required by European law. Known as the EU/U.S. Safe Harbor program, it is administered by U.S. Department of Commerce. The complaint alleges that although the defendants claimed to participate in the EU/U.S. Safe Harbor program, they did not."
What is Safe Harbor? The US Government's Export.gov website explains: "The safe harbor -- approved by the EU in 2000 -- is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organizations know that your company provides "adequate" privacy protection, as defined by the Directive."
Lots of companies sending mail from the US into the EU, including e-commerce service providers and email service providers, can end up needing to be safe harbor certified, to minimize the risk of running afoul of European privacy legislation.
(H/T: Dennis Dayman)