The Federal Trade Commission has settled with five companies over allegations they claimed protection under the EU-U.S. Privacy Shield when they were not certified to receive it. The vote was 5-0.
The shield provides a process for sharing consumer data between EU countries and the U.S. It replaced the safe harbor agreement that a European Union court invalidated in October 2015 over concerns about the U.S. being able to hold up its end of the agreement given the government surveillance revealed by the Edward Snowden leaks. The voluntary framework requires companies to provide notice of what personal information is being collected and stored, the purposes it is used for, and an "opt out" mechanism.
Related: FTC Cracks Down on Alleged Privacy Shield Pretenders
The FTC had alleged that 214 Technologies, Thru, LotaData, and DCR Workforce had applied for the shield status, but did not complete the necessary steps to get Department of Commerce Certification. It said a fifth company, EmpiriStat, Inc., let its certification lapse and in any event had not demonstrated that its policy was completely implemented, as required under the shield.
All five companies agreed not to misrepresent their privacy/data security programs.
