In the wake of the determination by the European Commission that the EU-US Safe Harbor Framework was insufficient to protect EU citizens’ personal information, the Privacy Shield Framework was implemented by the Department of Commerce.

Companies who apply for Privacy Shield certification are required to file an application, which requires the companies to attest to certain things that they are doing to protect personal data of individuals before personal information of EU citizens are transferred to the U.S.

Although the Department of Commerce administers the Privacy Shield Framework, the Federal Trade Commission (FTC) enforces it, which recently settled with four companies it alleged falsely claimed that they participated in Privacy Shield.

According to the FTC, IDMission, LLC, mResource LLC d/b/a Loop Works, LLC, SmartStart Employment Screening, Inc. and VenPath, Inc. falsely claimed that they were Privacy Shield certified. The allegations included that the companies listed participation in the Privacy Shield Framework on their websites and they either failed to complete their applications and certification, or failed to renew their certification.

The settlements require the companies to stop misrepresenting Privacy Shield status on their websites and comply with FTC reporting requirements.

These settlements are an important reminder to companies participating in the Privacy Shield Framework to monitor the status of their certification and not allow it to lapse, as well as keeping their websites accurate about certification. The FTC has been open about the fact that it continuously monitors company websites about Privacy Shield Certification.

View Original Source
Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.