Although the U.S. – E.U. Privacy Shield Framework has been intensely criticized by E.U. authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies.
On July 2, 2018, the FTC issued a press release stating that it has settled its complaint against ReadyTech, a California-based online training company for “falsely” claiming that it was in the process of Privacy Shield certification when it was not.
According to the FTC, ReadyTech initiated a Privacy Shield application with the Department of Commerce (DOC) in October 2016, but never finished the application nor received confirmation of certification by the DOC. Nonetheless, ReadyTech held itself out as a company that was in the process of obtaining Privacy Shield certification in marketing materials. The FTC alleged thatReadyTech’s false claim that it was in the process of Privacy Shield certification violated the FTC Act as a deceptive act or practice.
The settlement requires ReadyTech to stop misrepresenting its participation in the Privacy Shield Framework and comply with standard reporting and compliance requirements.
The Consent Agreement will be published in the Federal Register and comments to it may be submitted through August 1, 2018.
This settlement is a strong reminder for companies to determine whether they have applied for Privacy Shield certification, how they are portraying certification in marketing or website materials, and to renew certification on a timely basis.