October 21, 2019

October 21, 2019

Subscribe to Latest Legal News and Analysis

Privacy Shield: If You Got It – Flaunt It; If Not – Don’t

One of the EU’s chief complaints against US privacy practices is the lack of enforcement of the EU-U.S. Privacy Shield Framework (Privacy Shield). Last week we saw a US enforcement action that may allay this concern. The US Federal Trade Commission (FTC) is putting companies on notice through Privacy Shield enforcement actions and warning letters.

The FTC announced a settlement with background check provider SecurTest, Inc. (SecurTest) for falsely claiming compliance through self-certification with the U.S. Department of Commerce under the Privacy Shield. The FTC alleged that SecurTest falsely claimed participation in the Privacy Shield on its website.

Companies that are compliant with the Privacy Shield can transfer consumer data from European Union countries and Switzerland to the United States in accordance with EU and Swiss law. SecurTest began the Privacy Shield application process in September 2017 with the U.S. Department of Commerce, but did not complete the necessary steps to become certified. Despite not being certified, they made representations on their website to the contrary. The FTC and SecurTest entered into a settlement, which include spreading awareness to SecurTest stakeholders of their noncompliance, and providing the FTC compliance reports.

The FTC also issued thirteen warning letters to businesses over similar alleged inaccurate statements about compliance with cross-border privacy and data security transfer programs like Privacy Shield. While the FTC did not name the recipients of these letters, it is clear that they are taking this misrepresentation seriously.

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.


About this Author

Theodore Claypoole, Intellectual Property Attorney, Womble Carlyle, private sector lawyer, data breach legal counsel, software development law
Senior Partner

As a Partner of the Firm’s Intellectual Property Practice Group, Ted leads the firm’s IP Transaction Team, as well as data breach incident response teams in the public and private sectors. Ted addressed information security risk management, and cross-border data transfer issue, including those involving the European Union and the Data Protection Safe Harbor. He also negotiates and prepares business process outsourcing, distribution, branding, software development, hosted application and electronic commerce agreements for all types of companies.


Dominic Dhil Panakal Womble Atlanta

Dominic is a member of the firm’s IP Transactions, FinTech, and Privacy and Cybersecurity practices.

Dominic advises clients on international and domestic data privacy laws.  He also assists in drafting Software as a Service agreements, privacy policies, terms of use, and licensing contracts.