Privacy Shield Framework

Written By ESR News Blog Editor Thomas Ahearn

On December 3, 2019, the Federal Trade Commission (FTC) – a government agency promoting competition while protecting and educating consumers – announced that it reached settlements with four companies that allegedly misrepresented their participation in the EU-U.S. Privacy Shield framework that enables companies to transfer consumer data legally from European Union (EU) countries to the United States (U.S.).

The FTC settled cases against Click Labs, Inc., a website and mobile app services provider, Incentive Services, Inc., a developer of service award and incentive programs for employers, Global Data Vault, LLC, a provider of data storage and recovery services, and TDARX, Inc., an IT services provider. The FTC also alleged Click Labs and Incentive Services falsely claimed participation in the Swiss-U.S. Privacy Shield.

“The Privacy Shield Framework is critical to facilitating transatlantic commerce and assuring our European partners of our commitment to data protection,” Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, stated in the press release. “Enforcement of the Privacy Shield framework is a priority of the FTC, and we will hold companies accountable where, as here, they fail to keep their Privacy Shield promises.”

All four companies are prohibited from misrepresenting participation in the EU-U.S. Privacy Shield, as well as any other government sponsored privacy or data security program, or any self-regulatory or standard-setting organization. Global Data Vault and TDARX are required to continue to apply the framework protections to personal information they collected while participating in the program, or return or delete the data.

The Department of Commerce administers both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, while the FTC enforces the promises companies make when joining the programs. The FTC has brought a total of 21 enforcement actions related to the EU-U.S. Privacy Shield framework since it was established in 2016. Each violation of a consent order on a final basis issued by the FTC may result in a civil penalty of up to $42,530.

The EU-U.S. Privacy Shield framework – which officially launched on August 1, 2016 – replaced a previous international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The framework includes seven commonly recognized privacy principles combined with 16 supplemental principles. To learn more, visit www.privacyshield.gov.

Employment Screening Resources® (ESR) – a leading global background check provider with capabilities in more than 240 countries and territories – has received notification from the International Trade Administration (ITA) that ESR’s annual submission for its self-certification of adherence to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks has been finalized and is effective as of September 17, 2019.

Organizations must self-certify to the ITA annually their adherence to the Frameworks in order to remain on the Privacy Shield List. ESR was one of the first adopters of the EU-U.S. Privacy Shield framework with an original certification date of August 12, 2016, less than two weeks after the program officially launched. ESR’s Active Participant page on the list of certified Privacy Shield companies is here.

In addition, ESR is accredited by the Professional Background Screening Association (PBSA), undergoes annual SOC 2® data audits, won the 2018 TekTonic Award from HRO Today Magazine for innovation and disruption in HR and recruiting technology, and was named to the 2019 HRO Today Magazine’s Baker’s Dozen Customer Satisfaction Ratings for Pre-Employment Screening. To learn more about ESR, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.