September 23, 2023

Volume XIII, Number 266
Advertisement

0

New Articles
Bottom Row Image
Advertisement

September 22, 2023

Subscribe to Latest Legal News and Analysis

September 21, 2023

Subscribe to Latest Legal News and Analysis

Article By

Sheila A. Millar
Tracy P. Marshall

Keller and Heckman LLP
Consumer Protection Connection

Related Practices & Jurisdictions
Advertisement

FTC Finalizes Settlement with Service Provider over Alleged Privacy Shield Misrepresentations

Wednesday, December 2, 2020

The EU-U.S. Privacy Shield Framework, which provided a mechanism to legally transfer personal information from the EU to the United States, was invalidated on July 16, 2020, but the Federal Trade Commission (FTC) has made it clear that companies that claimed to be participants must still make good on their word. A case in point is the FTC’s recent settlement with NTT Global Data Centers Americas, Inc. (NTT) over charges that the company misrepresented its participation in the EU-U.S. Privacy Shield Framework after its certification had lapsed in January 2018. Businesses that transfer personal information from the EU to the United States rely on representations by service providers such as NTT that they comply with established privacy principles and that an approved adequacy mechanism is in place to facilitate such transfers.

The settlement terms bar NTT from misrepresenting in any way its participation in or adherence to any privacy or data security program. They also require NTT to apply Privacy Shield or equivalent protections to all personal information the company collected during its membership in the framework or return or delete that information. The FTC has taken similar action against other companies over the years, and this decision reaffirms the importance of ensuring that claims about participation in the Privacy Shield, or any other privacy program, are made only when an application has been approved and a certification is current. All references to certification must be promptly deleted from privacy policies and other materials if a certification has lapsed.

The Commission vote to finalize the settlement with NTT was 3-1-1. Commissioner Rebecca Kelly Slaughter did not take part, and Commissioner Rohit Chopra voted no and issued a statement in which he pressed the Commission to impose monetary fines on companies that mislead consumers about their participation in privacy programs.

Whether the FTC imposes heavier sanctions down the road or not, damage to reputation can cost a company dearly. The FTC’s settlement with NTT is also a reminder of the importance of “trust but verify.” The U.S. Department of Commerce’s Privacy Shield list provides a way to double check that an organization’s representations about compliance are true. The vast majority of Privacy Shield participants take their obligations seriously. The FTC’s focus on the few organizations that do not remain current in their Privacy Shield commitments enhances the reliability of the Privacy Shield even as discussions continue on possible alternative adequacy mechanisms to address data transfers from the EU to the United States.

© 2023 Keller and Heckman LLPNational Law Review, Volume X, Number 337
Advertisement
Advertisement
Advertisement

About this Author

Sheila Millar Consumer Protection Law Keller Heckman
Sheila A. Millar
Partner

Sheila leads our firm’s consumer protection regulatory practices and brings deep experience to a range of public policy and regulatory matters, including advertising and promotions, connected products, privacy and cybersecurity, and product safety. She counsels international and domestic businesses on compliance questions and processes, represents them in regulatory enforcement matters, and advocates on their behalf before federal and state legislative and regulatory bodies.

Sheila represents clients in enforcement investigations by the Federal Trade Commission (FTC), Consumer...

[email protected]
202-434-4646
www.khlaw.com
www.consumerprotectioncxn.com
Tracy P. Marshall
Tracy Marshall, Keller Heckman, regulatory attorney, for-profit company lawyer
Partner

Tracy Marshall assists clients with a range of business and regulatory matters.

In the business and transactional area, Ms. Marshall advises for-profit and non-profit clients on corporate organization, operations, and governance matters, and assists clients with structuring and negotiating a variety of transactions, including purchase and sale, marketing, outsourcing, and e-commerce agreements.

In the privacy, data security, and advertising areas, she helps clients comply with privacy, data security, and consumer protection laws, including laws governing telemarketing and...

[email protected]
202-434-4234
www.khlaw.com
www.consumerprotectioncxn.com