Late last year, the Federal Trade Commission (“FTC”) settled another enforcement action over false claims under the EU-U.S. Privacy Shield framework (the “Privacy Shield”). The FTC alleges that Ready Tech Corporation, a provider of online and instructor led training (“Ready-Tech”), falsely claimed in its privacy policy on its website that it was in the process of certifying its compliance under the Privacy Shield. Although Ready-Tech initiated an application in October 2016, it did not complete the steps necessary to participate in the Privacy Shield framework. As part of the settlement, Ready-Tech is prohibited from misrepresenting its participation in any privacy or security program sponsored by the government or any self-regulatory or standard-setting organization, including but not limited to, the Privacy Shield.

TAKEAWAY: Advertisers who wish to tout compliance with the Privacy Shield must ensure that in addition to applying for self-certification, they must also undertake steps including: (i) developing a compliant privacy policy statement consistent with Privacy Shield principles, (ii) designating a contact for the handling of questions, complaints, access requests and other issues arising under the Privacy Shield, and (iii) identifying an independent recourse mechanism to investigate unresolved consumer complaints at no cost to the consumer. Annual re-certification with the U.S. Department of Commerce is also required.