FTC Finalizes Settlements with Four Companies Over Privacy Shield Allegations

Privacy Shield Framework

Written By ESR News Blog Editor Thomas Ahearn

On January 29, 2020, the Federal Trade Commission (FTC) – a government agency promoting competition while protecting and educating consumers – announced it had finalized settlements with four companies over allegations they made false claims in connection with the EU-U.S. Privacy Shield framework that enables companies to transfer consumer data legally from European Union (EU) countries to the United States (U.S.).

In separate actions, the FTC alleged that two companies falsely claimed to participate in the EU-U.S. Privacy Shield framework and the EU-U.S. and Swiss-U.S. Privacy Shield framework, which establishes a process for companies to transfer consumer data in compliance with Switzerland (Swiss) law. The FTC also alleged that two other companies continued to claim participation in EU-U.S. framework after allowing their certifications to lapse.

Under the settlements, all four companies are prohibited from misrepresenting their participation in the frameworks, as well as any other privacy or data security program sponsored by any government or any self-regulatory or standard-setting organization. More information about the settlements is available on the FTC website at Settlement #1, Settlement #2, Settlement #3, and Settlement #4.

The U.S. Department of Commerce administers both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, while the FTC enforces the promises companies make when joining the programs. In 2019 alone, the FTC settled with a company in July, five companies in September, a company in November, and four companies in December. Earlier in January of 2020, the FTC finalized settlements with five companies.

The EU-U.S. Privacy Shield Framework – which officially launched on August 1, 2016 – replaced a previous international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The EU-U.S. Privacy Shield Framework includes seven commonly recognized privacy principles combined with 16 supplemental principles. To learn more, visit www.privacyshield.gov.

Organizations must self-certify to the International Trade Administration (ITA) annually their adherence to the Frameworks. Employment Screening Resources® (ESR) was one of the first adopters of the EU-U.S. Privacy Shield Framework with an original certification date of August 12, 2016, less than two weeks it officially launched. ESR’s Active Privacy Shield Participant page on the list of certified Privacy Shield companies is here.

Employment Screening Resources® (ESR) – a leading global background check provider with capabilities in more than 240 countries and territories – has received notification from the ITA that its annual submission for self-certification of adherence to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks had been finalized and was effective as of September 17, 2019. To learn more, visit www.esrcheck.com.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2020 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.