In the wake of the determination by the European Commission that the EU-US Safe Harbor Framework was insufficient to protect EU citizens’ personal information, the Privacy Shield Framework was implemented by the Department of Commerce.
Companies who apply for Privacy Shield certification are required to file an application, which requires the companies to attest to certain things that they are doing to protect personal data of individuals before personal information of EU citizens are transferred to the U.S.
Although the Department of Commerce administers the Privacy Shield Framework, the Federal Trade Commission (FTC) enforces it, which recently settled with four companies it alleged falsely claimed that they participated in Privacy Shield.
According to the FTC, IDMission, LLC, mResource LLC d/b/a Loop Works, LLC, SmartStart Employment Screening, Inc. and VenPath, Inc. falsely claimed that they were Privacy Shield certified. The allegations included that the companies listed participation in the Privacy Shield Framework on their websites and they either failed to complete their applications and certification, or failed to renew their certification.
The settlements require the companies to stop misrepresenting Privacy Shield status on their websites and comply with FTC reporting requirements.
These settlements are an important reminder to companies participating in the Privacy Shield Framework to monitor the status of their certification and not allow it to lapse, as well as keeping their websites accurate about certification. The FTC has been open about the fact that it continuously monitors company websites about Privacy Shield Certification.