July 17, 2019

July 16, 2019

Subscribe to Latest Legal News and Analysis

July 15, 2019

Subscribe to Latest Legal News and Analysis

FTC Settles Privacy Shield Misrepresentation Claims

What’s Happening?

The Federal Trade Commission recently entered into settlement agreements with four companies regarding claims that the companies misrepresented their compliance with the EU-U.S. Privacy Shield Framework.  Each company indicated on its website that it actively participated in the EU-U.S. Privacy Shield.  The FTC found such statements misleading as at least one company failed to complete the initial certification process and three others allowed their certifications to lapse without completing the annual re-certification requirements.  The FTC also noted that two of the companies failed to meet EU-U.S. Privacy Shield requirements when they stopped participating in the program and failed to affirm to the U.S. Department of Commerce that they would continue to apply Privacy Shield protections to personal information collected while such entities were participants in the program.

What Should I Do?

To avoid FTC misrepresentation claims regarding your organization’s EU-U.S. Privacy Shield participation, be sure to:

  • Successfully complete all steps in the initial certification process.
  • Monitor annual re-certification deadlines and re-certify on a timely basis.
  • Affirm to the U.S. Department of Commerce that you will continue to honor the EU-U.S. Privacy Shield Principles as it relates to personal information you collected during your participation in the program should you decide to forgo further participation in the program.
© Polsinelli PC, Polsinelli LLP in California


About this Author

Jarno Varno, Privacy Attorney, Polsinelli Law FIrm

Jarno Vanto's strengths lie in his ability to intimately understand each client’s specific industry technology and his awareness of the complex international environment. His extensive international experience allows him to provide a differentiated perspective to clients on privacy, cyber security, intellectual property, and corporate matters. 


Prior to joining Polsinelli, Allison spent several years serving as in-house counsel to privately held and publicly traded companies that operated in highly regulated industries including health care and financial services. While in-house she served on a variety of executive-sponsored strategic planning committees tasked with implementing initiatives such as information technology transformation, business process improvement, and compliance with the EU’s General Data Protection Regulation (“GDPR”). Allison’s experience working closely with business leaders influences her approach to providing legal guidance – an approach which is centered around identifying practical solutions that enable business growth and development. Her practice consists of negotiating complex licensing and technology transactions and providing guidance regarding privacy and data security matters. In addition, she provides product counseling for offerings that leverage data analytics.   

Licensing and Technology Transactions

Allison’s experience negotiating a wide variety of sophisticated intellectual property transactions allows her to efficiently negotiate similar transactions for different clients while achieving desired levels of risk mitigation and revenue generation on behalf of those clients.