Interactive Counsel

Arent Fox's interactive media law blog - latest news and trends in advertising, data security & privacy, and IP.

Interactive Counsel

FTC and 3 Companies Settle Enforcement Charges Regarding False Privacy Shield Claims

alert

FTC and 3 Companies Settle Enforcement Charges Regarding False Privacy Shield Claims

Just as the Sword in the Stone could only be used by its rightful owner, the Privacy Shield can only be claimed by the rightfully certified entities. If not, false representations may stir Federal Trade Commission action. The FTC recently announced their first enforcement actions involving the EU-US Privacy Shield framework, settling complaints with three US companies.

What’s New?

Picking up where they left off under the now-defunct US-EU Safe Harbor framework, under which the FTC brought 39 enforcement actions, the FTC alleged that Decusoft, LLC (human resources software), Tru Communication, Inc. (printing services), and Md7, LLC (real estate leases for wireless companies) violated the FTC Act by falsely claiming they were certified to participate in the EU-US Privacy Shield. Decusoft was also accused of violating the Swiss-US Privacy Shield. According to the FTC, none of the companies completed the steps required for certification, and are now prohibited from “misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization and must comply with FTC reporting requirements.” [If you’d like to read more about the EU-US Privacy Shield and Swiss-US Privacy Shield, we wrote about each here and here.]

Looking Ahead

We recently covered privacy statements and the importance of consumer consent and options in related agreements. Privacy statements must also accurately reflect statements about your organization’s current privacy certifications or compliance status. The FTC has made it clear that they are committed to aggressively enforcing the Privacy Shield and other privacy issues, and companies are advised to conduct a thorough review of current privacy policies and certifications and how those are represented and advertised. Companies intending to become Privacy Shield-compliant must monitor their application status and respond to follow up requests from the US Department of Commerce until their status is fully confirmed.
 
Arent Fox’s Privacy, Cybersecurity & Data Protection group monitors issues involving data transfer. For more information, please contact Sarah L. Bruno, Eva J. Pulliam, Lourdes M. Turrecha, or the Arent Fox professional who regularly handles your matters.

SUBSCRIBE

Add this blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.

ABOUT ARENT FOX LLP

Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.