Privacy Shield Framework

Written By ESR News Blog Editor Thomas Ahearn

On November 5, 2019, the Federal Trade Commission (FTC) – a government agency that protects consumers and promotes competition – sued a data storage services company over allegations that it misled consumers about participation in the EU-U.S. Privacy Shield framework that allows the legal transfer of consumer data from the European Union (EU) to the United States (U.S.) under EU law, according to a press release from the FTC.

In the complaint, the FTC alleged that Nevada-based RagingWire Data Centers, Inc. claimed in its online privacy policy that the company participated in the Privacy Shield framework and complied with the program’s requirements between January of 2017 and October of 2018 even though it had allowed its certification to lapse in January of 2018. The company failed to recertify until it was contacted by the FTC in October of 2018.

The U.S. Department of Commerce – which administers the Privacy Shield framework – warned Raging Wire twice to either remove the claims or take steps to recertify its participation in the Privacy Shield program. The FTC enforces the promises companies make when joining the program and also claimed that RagingWire failed to comply with the following requirements while a participant of the Privacy Shield program:

  • To verify annually that it had made accurate statements about its Privacy Shield privacy practices;
  • To maintain a dispute resolution process for consumers who had privacy-related complaints about the company; and
  • To abide by the Privacy Shield requirement that companies that stop participation in the framework affirm to the Department of Commerce that they will continue to apply the Privacy Shield protections to personal information collected while participating in the program.

The complaint – which the EEOC issues when it has “reason to believe” the law has been or is being violated – included a proposed order prohibiting RagingWire from misrepresenting participation in the EU-U.S. Privacy Shield framework, any privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization and would require the company to comply with FTC reporting requirements.

This is not the first time the FTC has taken action against companies over Privacy Shield participation. In September of 2019, five companies reached settlements with the FTC over allegations they falsely claimed participation in the EU-U.S. Privacy Shield Framework. In June of 2019, the FTC reached a settlement with a background screening company over an alleged false claim of EU-U.S. Privacy Shield participation.

The EU-U.S. Privacy Shield Framework – which officially launched on August 1, 2016 – replaced a previous international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The EU-U.S. Privacy Shield Framework includes seven commonly recognized privacy principles combined with 16 supplemental principles. To learn more, visit www.privacyshield.gov.

Employment Screening Resources® (ESR) – a leading global background check provider with capabilities in more than 240 countries and territories – has received notification from the International Trade Administration (ITA) that ESR’s annual submission for its self-certification of adherence to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks has been finalized and is effective as of September 17, 2019.

Organizations must self-certify to the ITA annually their adherence to the Frameworks in order to remain on the Privacy Shield List. ESR was one of the first adopters of Privacy Shield with an original certification date of August 12, 2016, less than two weeks after the EU-U.S. Privacy Shield Framework officially launched on August 1, 2016. ESR’s Active Participant page on the list of certified Privacy Shield companies is available here.

Employment Screening Resources® (ESR) – a leader in background check compliance – is accredited by the Professional Background Screening Association (PBSA), undergoes annual SSAE 18 SOC 2® Type 2 audits, adheres to the Privacy Shield Framework, complies with the General Data Protection Regulation (GDPR), and has award-winning background screening technology. To learn more about ESR, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) reminds readers that allegations alone made in lawsuits are not proof that a business or person violated any law, rule, or regulation.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.