FTC Finalizes First Asia-Pacific Cross-Border Privacy Case

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

June 29 — The Federal Trade Commission June 29 finalized its first ever Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system enforcement action ( In re Very Incognito Tech., Inc., F.T.C., No. 162 3034, final order, 6/29/16 ).

APEC's Cross Border Privacy Rules data transfer system requires business entities in participating economies to develop internal rules on cross-border data privacy procedures (14 PVLR 1691, 9/14/15). The rules must comply with minimum requirements based on the APEC Privacy Framework and must be verified by an independent public or private sector accountability agent. TRUSTe is the only company approved by APEC to certify data collectors under the system.

Governmental enforcement is a required backstop under the system and actions such as that by the FTC in this case are seen as crucial to the program's success.

The action highlights potential enforcement risks companies may face when promoting privacy standards on their products and websites. The case also heightens the need to stay abreast of requirements for privacy and data security certifications.

The FTC's May 4 complaint alleged that San Francisco-based Very Incognito Technologies Inc.—doing business as Vipvape—deceptively promoted that it abides by the APEC cross border rules in violation of Section 5 of the FTC Act. Vipvape didn't undergo any review by an approved public or private sector accountability agent (15 PVLR 954, 5/9/16).

Under the no-fault consent order, Vipvape is “prohibited from misrepresenting its participation, membership or certification in any privacy or security program sponsored by a government or self-regulatory organization.”

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Donald G. Aplin at daplin@bna.com

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law Privacy and Data Security