Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Jimmy H. Koo
Three companies accused of falsely claiming certification to take part in the European Union-U.S. Privacy Shield reached no-fault settlements with the Federal Trade Commission, the agency announced Sept. 8 in its first Privacy Shield enforcement action.The action comes ahead of the FTC’s upcoming first annual review of the crucial data transfer pact and may serve to reassure EU officials that the U.S. is serious about meeting its privacy obligations under the pact—something critical to ensuring the program’s continuation.
The Privacy Shield is used by nearly 2,400 U.S. companies that certify to the U.S. Commerce Department their compliance with EU-approved privacy principles in order to legally transfer personal data out of the EU. Tens of thousands of EU companies rely on those certifications to transfer data to the U.S. The FTC is in charge of compliance oversight and enforcement.
According to the FTC, human resources software company Decusoft LLC, printing services company Tru Communication Inc., and real estate lease management company Md7 LLC settled allegations that they falsely told consumers that they were certified to participate in a trans-Atlantic data transfer framework. The companies failed to complete the Privacy Shield certification process, and Decusoft also falsely represented that it participated in the parallel Swiss-U.S. Privacy Shield framework, the FTC said.
The consent agreements prohibit the three companies from misrepresenting their compliance with any privacy or data security program, including the Privacy Shield.
Jon Harris, owner of Tru Communication, doing business as TCPrinting.net, told Bloomberg BNA Sept. 8 that for small businesses, the Privacy Shield-certification process can be confusing. “We didn’t know what we were getting into,” he said.
The FTC, Decusoft, and Md7 didn’t immediately return Bloomberg BNA’s email requests for comments.
Because the Privacy Shield is a self-certifying program, having the FTC take enforcement actions “is critical for the framework to work,” Justin Antonipillai, CEO of data privacy management company WireWheel.io, told Bloomberg BNA Sept. 8. The action demonstrates the agency’s commitment to “real enforcement,” Antonipillai, who as the former acting undersecretary at Commerce lead the U.S. team that negotiated the Privacy Shield agreement, said.
Liisa M. Thomas, partner and chair of privacy and data security practice at Winston & Strawn LLP in Chicago and London, told Bloomberg BNA Sept. 8 that the timing of the FTC’s announcement before the Privacy Shield annual review “is likely not a coincidence.”
The Privacy Shield was adopted in 2016 as a replacement for the U.S.-EU Safe Harbor data transfer program. The EU’s highest court invalidated Safe Harbor, finding that it didn’t adequately protect the privacy of data of EU citizens transferred to the U.S. The annual review process for the Privacy Shield grew out of such concerns.
The first review of the Privacy Shield is scheduled to begin Sept. 18 in Washington in meetings between an EU delegation led by the European Commission, the EU’s executive arm, and U.S. officials.
Despite assurances from officials on both sides of the Atlantic that they are committed to the Privacy Shield, some EU lawmakers have said it is unclear whether the Trump administration will stand by commitments the Obama administration made to limit government surveillance and acknowledge protections for EU citizens.
Norma M. Krayem, senior policy adviser at Holland & Knight LLP in Washington and co-chair of the firm’s cybersecurity and privacy team, told Bloomberg BNA Sept. 8 that companies need to understand that the Privacy Shield has “real requirements that have both teeth and must be demonstrable to spot checks and audits.”
To contact the reporter on this story: Jimmy H. Koo in Washington at email@example.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Full text of the FTC's announcement is available at http://src.bna.com/snI.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)