Recent FTC Enforcement Action Should Serve as Warning to Other Software Companies Claiming Privacy Shield Compliance
If your company has either pursued Privacy Shield certification, or publicly claimed to be in pursuit of Privacy Shield certification, recent enforcement action by the Federal Trade Commission (“FTC”) should put your company on notice that failure to maintain your certification may render you subject to FTC enforcement activity if you continue to make representations on the Internet or in advertising materials related to Privacy Shield.
The FTC has just announced settlements with four companies, IDmission, LLC, mResource LLC (doing business as Loop Works LLC), SmartStart Employment Screening, Inc., and VenPath, Inc. on allegations related to EU-U.S. Privacy Shield compliance.
The FTC’s complaint against IDmission, LLC, which is a cloud-based technology platform, focuses on the company’s website representations of compliance with the EU-U.S. Privacy Shield framework despite the company’s failure to actually complete the certification process. In contrast, FTC’s complaints against mResource, SmartStart, and VenPath, which are companies providing talent management and recruiting services, employment and background screening services, and data analytics services respectively, all focus on the companies’ website representations of Privacy Shield certification despite failing to maintain the certification.
The settlements now render these four companies subject to direct FTC oversight and monitoring with respect to their advertising and compliance activities going forward.
From this enforcement action, it is clear that the FTC is on the lookout for companies who are making claims about the EU-U.S. Privacy Shield that they are not actually meeting, and that the FTC is prepared to exercise its enforcement authority against any company that fails to meet its representations as they pertain to Privacy Shield.
So, software companies, the FTC is putting you on notice: you need to self-monitor your Privacy Shield certification and ensure that you maintain the certification at all times, and to ensure that you are compliant with certification requirements, particularly if you are making advertising-related representations related to Privacy Shield. The FTC is watching.