Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Companies that updated their privacy policies to give U.S. consumers some protections under the European Union’s new regime may have to deal with data security regulators on both sides of the Atlantic.
Many companies that collect and use consumer data changed their policies to comply with the EU’s General Data Protection Regulation, which took effect May 25. Microsoft Corp. and Facebook Inc., for example, decided to provide some of the GDPR’s protections, including increased data use transparency, clear and concise consent policies, and easier access to privacy tools, to their customers.
Those moves may trigger unintended consequences for companies that fail to live up to newly promised protections—scrutiny from the Federal Trade Commission as well as EU data protection regulators.
“If a company chooses to implement some or all of GDPR across their entire operations, and as a result makes promises to U.S. consumers about their specific practices,” they must live up to those commitments, FTC spokeswoman Juliana Gruenwald Henderson told Bloomberg Law. In appropriate situations, “the FTC could initiate an enforcement action if the company does not comply with” the EU data protection promises for U.S. customers.
“If the company claims that it is compliant with EU law, it better be right, because the FTC will be looking for companies that are non-compliant but say otherwise,” David Vladeck, former director of the FTC’s bureau of competition under President Barack Obama from 2009-2012, told Bloomberg Law.
The FTC has brought actions against companies that didn’t live up to EU privacy and data transfer promises.
“There is no surprise in what the FTC has announced,” said Vladeck, currently faculty director of Georgetown Law’s Center on Privacy and Technology, told Bloomberg Law.
The agency brought enforcement actions against companies that claimed they were in compliance with the now-invalidated U.S.-EU Safe Harbor data transfer framework, Vladeck said. Similar actions were brought against companies that inaccurately touted compliance with the EU-U.S. Privacy Shield data transfer framework, he said.
Some in the tech sector believe that applying GDPR-style privacy protections for their customers will boost consumer trust and provide extra layers of security.
Facebook is offering European privacy protections to many users around the world, a company spokesperson confirmed to Bloomberg Law.
The social media giant saw GDPR as an opportunity to go beyond obligation and improve users’ privacy.
Microsoft didn’t immediately respond to Bloomberg Law’s email request for comment.
Privacy lawyers said U.S. companies are taking a risk if they blindly adopt GDPR-like privacy policies.
“Statements about adherence to the GDPR are representations to the consumer” and are likely material enough to launch an agency investigation, Chris Hoofnagle, faculty director at the Berkeley Center for Law & Technology, told Bloomberg Law.
Company promises of GDPR-style protections to their customers may invite FTC scrutiny, Katherine Armstrong, information privacy counsel at DrinkerBiddle in Washington, told Bloomberg Law.
“If a company represents that it complies with GDPR, that is an express representation that is either true or false,” said Armstrong, previously an adviser to Republican-appointed FTC Chair Janet Steiger. The agency may bring enforcement actions “based on deception if an entity claims to be GDPR compliant and was not,” she said.
The FTC “will be looking at what sort of claims companies are making about their GDPR compliance,” Armstrong said.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)