FTC Settles Allegations of Falsely Claimed Participation in Privacy Shield Framework

Weiner Brodsky Kider PC
Contact

Weiner Brodsky Kider PC

The FTC has recently announced settlements with six companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework in violation of Section 5 of the FTC Act.  The EU-U.S. Privacy Shield establishes a process to allow companies to transfer consumer data from European Union countries to the U.S. in compliance with EU law. 

In one case, the FTC settled charges against a company that performs pre-employment background screening for falsely claiming to be in compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.  According to the FTC complaint, although the company initiated an application to EU-U.S. Privacy Shield certification, and added language at the bottom of its webpage that its application was pending, the company did not complete the steps necessary to participate in the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield frameworks within the timeframes established by the U.S.  Department of Commerce.  Nevertheless, the company held itself out to be in compliance with both privacy shields until July 2018.  After FTC staff contacted the company regarding this matter, the company completed the steps necessary to participate in the frameworks and received its certification on August 31, 2018.  According to the settlement, the company is prohibited from misrepresenting its participation in any privacy or security program sponsored by a government, self-regulatory, or standard-setting organization, including the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks.  It also must comply with reporting and compliance requirements.

Similarly, the FTC settled with a management software provider for allegedly falsely claiming in statements on its website that it was certified under the EU-U.S. Privacy Shield framework.  According to the complaint, the provider’s EU-U.S. Privacy Shield certification lapsed, but it continued to claim its participation in the EU-U.S. Privacy Shield framework.  As a result of the settlement with the FTC, the company is prohibited from misrepresenting the extent to which it participates in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization and must comply with FTC reporting requirements.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC
Contact
more
less

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.