For the fourth time, the Federal Trade Commission (FTC) has reached a consent agreement with a company for alleged misrepresentations regarding Privacy Shield certification. A California-based company, ReadyTech Corporation, agreed to a settlement whereby it is “prohibited from misrepresenting its participation in any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization, including but not limited to the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework.” Privacy Shield is one of a few mechanisms that are available to U.S. companies for the lawful transfer of personal data from the European Union and Switzerland to the United States pursuant to applicable data protection laws including the new General Data Protection Regulation (GDPR). As part of the process, companies must self-certify with the Department of Commerce (DoC) and then annually re-certify that the company is Privacy Shield compliant.
In one of its final acts in office, on January 17, 2017, the Obama Administration released a report on privacy entitled “Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation.”
The report recounts key actions taken by the administration over the past eight years to protect consumer privacy, including:
- redesigning the FTC Identify.gov website to provide resources to victims of identity theft;
- supporting the FCC in issuing broadband consumer privacy rules that require broadband providers to obtain affirmative consent from customers to use and share sensitive proprietary information;
- publishing best practices for operating drones that take into account privacy considerations;
- helping the FTC modernize COPPA regulations in order to address changes in technology and protect children’s interests; and
- working with ed-tech companies to limit the collection and sharing of student data.