Written By ESR News Blog Editor Thomas Ahearn
On March 23, 2020, the Federal Trade Commission (FTC) – a U.S. government agency protecting consumers – announced it gave final approval to a settlement with a background check firm over allegations the company misrepresented participation in and compliance with the EU-U.S. Privacy Shield Framework that enables companies to transfer consumer data legally from European Union (EU) countries to the United States (U.S.).
The FTC alleged in a complaint that the background check firm continued to claim participation in the EU-U.S. Privacy Shield after its certification lapsed. In addition, the company failed to verify annually that statements about its Privacy Shield practices were accurate and failed to affirm that it would continue to apply protections to personal information collected while participating in the program.
As part of the settlement, the background check firm is prohibited from misrepresenting its participation in the EU-U.S. Privacy Shield Framework or any other privacy or data security program sponsored by the government. In addition, the company is required either to continue to apply the Privacy Shield protections to personal information it collected while participating in the program or to return or delete the information.
The U.S. Department of Commerce administers both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, while the FTC enforces the promises companies make when joining the programs. In 2019, the FTC settled cases with a company in July, five companies in September, a company in November, and four companies in December. In 2020, the FTC settled cases with five companies in January and four companies in February.
The EU-U.S. Privacy Shield Framework – which officially launched on August 1, 2016 – replaced a previous international agreement called “Safe Harbor” that was invalidated by a European Court of Justice ruling on October 6, 2015. The framework includes seven commonly recognized privacy principles combined with 16 supplemental principles. To learn more, visit www.privacyshield.gov.
Organizations must self-certify to the International Trade Administration (ITA) annually their adherence to the Frameworks. Employment Screening Resources® (ESR) was one of the first adopters of EU-U.S. Privacy Shield Framework with an original certification date of August 12, 2016, less than two weeks it officially launched. ESR’s active participant page on the list of certified Privacy Shield companies is here.
Employment Screening Resources® (ESR) – a leading global background check provider with capabilities in more than 240 countries and territories – received notification from the ITA that its annual submission for self-certification of adherence to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks had been finalized and was effective as of September 17, 2019. To learn more, visit www.esrcheck.com.
NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.
© 2020 Employment Screening Resources® (ESR) – Making copies of or using any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.