For the fourth time, the Federal Trade Commission (FTC) has reached a consent agreement with a company for alleged misrepresentations regarding Privacy Shield certification. A California-based company, ReadyTech Corporation, agreed to a settlement whereby it is “prohibited from misrepresenting its participation in any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization, including but not limited to the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework.” Privacy Shield is one of a few mechanisms that are available to U.S. companies for the lawful transfer of personal data from the European Union and Switzerland to the United States pursuant to applicable data protection laws including the new General Data Protection Regulation (GDPR). As part of the process, companies must self-certify with the Department of Commerce (DoC) and then annually re-certify that the company is Privacy Shield compliant.
On July 5, 2017, the FTC announced a settlement with Blue Global Media, LLC (“Blue Global”) and its CEO Christopher Kay over allegations that the company solicited consumers to provide sensitive information based on false pretenses and then shared that information with potential buyers without any regard for the protection or security of that information. The settlement provides key insights into the FTC’s current position on the processing of sensitive information. Continue Reading Data for Sale . . . at a Price – FTC Imposes $104 Million Judgment against Company over Alleged Unlawful Sharing of Consumers’ Sensitive Information
On February 22, 2017, the FTC announced that it had reached a settlement with three companies over charges that the companies had falsely represented their involvement in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (APEC CBPR) in their online privacy policies. Continue Reading Keep Your Promises: FTC Settles Misrepresentation Claims With Three Tech Companies