FTC Finalizes Settlements with Five Companies Over Privacy Shield Participation

EU-U.S. Privacy Shield framework

Written By ESR News Blog Editor Thomas Ahearn

On January 16, 2020, the Federal Trade Commission (FTC) – a government agency promoting competition while protecting and educating consumers – announced it had finalized settlements with five companies over allegations they falsely claimed certification under EU-U.S. Privacy Shield framework that enables companies to transfer consumer data legally from European Union (EU) countries to the United States (U.S.).

In separate actions, the FTC alleged that the five companies all falsely claimed in statements on their websites that they were certified under the EU-U.S. Privacy Shield framework. The FTC alleged that one company also falsely claimed that it was a certified participant in the Swiss-U.S. Privacy Shield framework that establishes a data transfer process with Switzerland similar to the EU-U.S. framework.

Under the settlements, all five companies are prohibited from misrepresenting their participation in the EU-U.S. Privacy Shield framework, any other privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization. More information about the settlements is available on the FTC website at Settlement #1, Settlement #2, Settlement #3, Settlement #4, and Settlement #5.

The Department of Commerce administers the frameworks, while the FTC enforces the promises companies make when joining the programs. The FTC has brought a total of 21 enforcement actions related to the EU-U.S. Privacy Shield framework since it was established in 2016. In 2019 alone, the FTC settled with a company in July, five companies in September, a company in November, and four companies in December.

The EU-U.S. Privacy Shield framework – which officially launched on August 1, 2016 – replaced a previous international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The framework includes seven commonly recognized privacy principles combined with 16 supplemental principles. To learn more, visit www.privacyshield.gov.

Employment Screening Resources® (ESR) – a leading global background check provider with capabilities in more than 240 countries and territories – has received notification from the International Trade Administration (ITA) that its annual self-certification of adherence to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks was finalized and effective as of September 17, 2019. To learn more about ESR, visit www.esrcheck.com.

Organizations must self-certify to the ITA annually their adherence to the Privacy Shield frameworks. Employment Screening Resources® (ESR) was one of the first adopters of the EU-U.S. Privacy Shield Framework with an original certification date of August 12, 2016, less than two weeks the framework officially launched. ESR’s Active Privacy Shield Participant page on the list of certified companies is available here.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2020 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.