Written By ESR News Blog Editor Thomas Ahearn
On June 30, 2020, the Federal Trade Commission (FTC) – a government agency that protects consumers and promotes competition – announced that the FTC settled allegations that an operator of secure data centers misled consumers about its participation in the EU-U.S. Privacy Shield Framework that allows participants to transfer data from European Union (EU) countries to the United States (U.S.) in compliance with EU law.
As part of the proposed settlement, the data center company – which failed to adhere to Privacy Shield requirements before and after allowing its certification to lapse – must hire a third-party assessor to verify that it is adhering to its Privacy Shield promises if it plans to participate in the framework. The proposed settlement also prohibits the company from misrepresenting its participation in the EU-U.S. Privacy Shield Framework.
The proposed settlement also prohibits the company from misrepresenting participation in the Privacy Shield, any privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization. If its certification lapses in the future, the company must still continue to apply protections to personal information collected while participating in the program, or return or delete the information.
A blog posted on the FTC website about the proposed settlement titled “FTC settlement focuses on those other Privacy Shield Framework requirements” claimed that the enforcement actions of the FTC sent “an important compliance message for companies that claim participation in the EU-U.S. Privacy Shield framework” that “they must keep their certification current and they must live up to what the Framework requires.”
The U.S. Department of Commerce administers the EU-U.S. Privacy Shield frameworks while the FTC enforces the promises companies make when joining the program. In 2019, the FTC settled cases with a company in July, five companies in September, a company in November, and four companies in December. In 2020, the FTC settled cases with five companies in January, four companies in February, and a company in March.
The EU-U.S. Privacy Shield Framework – which officially launched on August 1, 2016 – replaced a previous international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The framework includes seven commonly recognized privacy principles combined with 16 supplemental principles. To learn more about the Privacy Shield, visit www.privacyshield.gov.
Organizations must self-certify to the International Trade Administration (ITA) annually their adherence to the Frameworks. Employment Screening Resources® (ESR) was one of the first adopters of EU-U.S. Privacy Shield Framework with an original certification date of August 12, 2016, less than two weeks it officially launched. ESR’s active participant page on the list of certified Privacy Shield companies is here.
Employment Screening Resources® (ESR) – a leading global background check provider with capabilities in more than 240 countries and territories – received notification from the ITA that its annual submission for self-certification of adherence to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks had been finalized and was effective as of September 17, 2019. To learn more about ESR, visit www.esrcheck.com.
NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.
© 2020 Employment Screening Resources® (ESR) – Making copies of or using any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.