Alpine Law Fintech & Cryptocurrency No Comments

Federal Trade Commission enforcing E.U. – U.S. Privacy Shield

A proposed FTC settlement with California-based employee training company ReadyTech Corporation reminds businesses that if make claims about EU-U.S. Privacy Shield participation, there is an obligation to live up to those promises. 

The case and settlement confirms the FTC’s commitment to the frameworkPrivacy Shield gives companies a way to transfer personal data from the EU to the United States, consistent with EU data protection requirements. To participate in Privacy Shield (or the corresponding Swiss-U.S. Framework), companies must apply to the U.S. Department of Commerce and follow the program’s self-certification requirements. 

ReadyTech said in its Privacy Policy: “ReadyTech is in the process of certifying that we comply with the U.S.-E.U. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries.” According to the FTC, although ReadyTech began the Privacy Shield application process in October 2016, it didn’t follow through with the necessary steps. 

The FTC alleged that ReadyTech’s statement in its Privacy Policy was false or misleading. To settle the case, the company has agreed not to misrepresent its participation in or compliance with any privacy or security program sponsored by a government, a self-regulatory group, or a standard-setting organization. The FTC is accepting comments about the proposed settlement until August 1, 2018.

Deceptive claims about Privacy Shield participation are actionable under the FTC Act. If it says it’s “in the process of certifying that we comply with the U.S.-E.U. Privacy Shield framework,” it must be actively taking the steps necessary to complete the process.

 If a company claims to participate in Privacy Shield, but has not finished the process or the certification has lapsed, there are two choices: 1) complete the process; or 2) remove the false statement. 

Contributed by Magdalena A K Muir

Sources:

In the Matter of ReadyTech Corporation, a corporation. FTC Matter/File Number: 182 3100 https://www.ftc.gov/enforcement/cases-proceedings/182-3100/readytech-corporation-matter

application/pdf iconAgreement Containing Consent Order (20.8 KB)

application/pdf iconComplaint (24.98 KB)

application/pdf iconAnalysis of Proposed Consent Order to Aid Public Comment (38.75 KB)

application/pdf iconDecision and Order (31.8 KB)

https://www.ftc.gov/news-events/blogs/business-blog/2018/07/live-your-privacy-shield-promises?utm_source=govdelivery

https://www.ftc.gov/news-events/press-releases/2018/07/california-company-settles-ftc-charges-related-privacy-shield

https://www.ftc.gov/enforcement/cases-proceedings/182-3100/readytech-corporation-matter

https://www.ftc.gov/public-statements/2016/07/letter-chairwoman-edith-ramirez-vera-jourova-commissioner-justice

Previous Article
Next Article

About Author

Alpine Law PLLC is an online business law firm specializing in startup law, international business formation, cross – border transactions, fintech and cryptocurrency, securities, healthcare, corporate immigration, trademarks & copyright, and tax strategies. We distinguish ourselves by providing multilingual legal services tailored to your business needs. Specializing in serving domestic and international companies in US, China, Canada, and Europe.