Online Privacy Policies

For the fourth time, the Federal Trade Commission (FTC) has reached a consent agreement with a company for alleged misrepresentations regarding Privacy Shield certification. A California-based company, ReadyTech Corporation, agreed to a settlement whereby it is “prohibited from misrepresenting its participation in any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization, including but not limited to the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework.” Privacy Shield is one of a few mechanisms that are available to U.S. companies for the lawful transfer of personal data from the European Union and Switzerland to the United States pursuant to applicable data protection laws including the new General Data Protection Regulation (GDPR). As part of the process, companies must self-certify with the Department of Commerce (DoC) and then annually re-certify that the company is Privacy Shield compliant.

Continue Reading A Privacy Shield Enforcement Action: More to Come?

On February 22, 2017, the FTC announced that it had reached a settlement with three companies over charges that the companies had falsely represented their involvement in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (APEC CBPR) in their online privacy policies. Continue Reading Keep Your Promises: FTC Settles Misrepresentation Claims With Three Tech Companies