Privacy Shield Framework

Written By ESR News Blog Editor Thomas Ahearn

On September 3, 2019, the Federal Trade Commission (FTC) – a government agency that protects consumers and promotes competition – announced that five companies reached settlements with the FTC over allegations they falsely claimed participation in the EU-U.S. Privacy Shield Framework that allows the legal transfer of consumer data from the European Union (EU) to the United States (U.S.), according to an FTC press release.

The FTC alleged in separate actions that five companies – DCR Workforce, Inc.; Thru, Inc.; LotaData, Inc.; 214 Technologies, Inc.; and EmpiriStat, Inc. – falsely claimed they were certified under the framework. The FTC alleged LotaData also falsely claimed participation in the Swiss-U.S. Privacy Shield and EmpiriStat falsely claimed it was a current participant in Privacy Shield after allowing its certification to lapse in 2018.

In addition, the FTC alleged EmpiriStat falsely claimed compliance with Privacy Shield Principles when it failed to verify its published policy was accurate and completely implemented as required under the framework, and failed to abide by the requirement that companies that stop participation affirm to the U.S. Department of Commerce that they will continue to apply certain protections to consumer data.

As part of the proposed settlements with the FTC, all five companies are prohibited from misrepresenting participation in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization and must comply with FTC reporting requirements. EmpiriStat must continue to apply Privacy Shield protections to the personal data it collected while participating in the program.

The FTC enforces Privacy Shield participation. In July 2018, a company agreed to settle FTC charges of falsely claiming to comply with the EU-U.S. Privacy Shield after stating on its website it was “in the process of certifying that we comply with the U.S.-E.U. Privacy Shield Framework.”  In September 2017, three companies agreed to settle FTC charges that they misled consumers about their participation in the EU-U.S. Privacy Shield.

In June 2019, the FTC reached a settlement with a background screening company over an alleged false claim of participation in the EU-U.S. Privacy Shield program and also sent warning letters to more than a dozen companies for falsely claiming participation in other privacy agreements. In its complaint, the FTC claimed the background screening company falsely claimed on its website that it participated in the program.

The EU-U.S. Privacy Shield Framework – which officially launched on August 1, 2016 – replaced a previous international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The framework includes seven commonly recognized privacy principles combined with 16 supplemental principles. To learn more, visit www.privacyshield.gov.

Employment Screening Resources® (ESR) has received notification from the Department of Commerce’s International Trade Administration (ITA) that ESR’s annual submission for its self-certification of adherence to the Privacy Shield Framework was approved and ESR is an Active Participant. ESR was one of the first adopters with an original certification date of August 12, 2016. To learn more, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.