In August, the FTC took action against false claims of participating to the EU-US Privacy Shield Framework. These are the first cases addressing the Privacy Shield Framework introduced on July 12, 2016. Allegedly, the companies under investigation started the application for the EU-U.S. Privacy Shield but never completed it; yet they falsely claimed to be participants. See here.
In September 2018, the FTC reached settlements with four other companies that falsely claimed participation in the EU-U.S. Privacy Shield.
As part of the proposed settlements with the FTC, the companies are “prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization and must comply with FTC reporting requirements.” See here.
The Department of Commerce administers the Privacy Shield framework, while the FTC enforces the promises companies make when joining the framework.
For more information on how privacy to implement privacy policies in your business, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli.