Live Up to Privacy Shield or Face Suits, FTC Blog Advises Self-Certifiers
If an American company self-certifies with the EU-U.S. Privacy Shield, ​it can be sued for not living up to the principles established under the trans-Atlantic data transfer program, said the FTC in a blog post giving advice about compliance. The…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
commission will pursue enforcement actions for misleading consumers about the participation in the framework or other international certification programs like it did under the old safe harbor agreement, wrote Guilherme Roschke, counsel-International Consumer Protection, and Hugh Stevenson, deputy director, Office of International Affairs. They said Thursday that companies should be careful about adopting a template or industry sample to create a privacy policy and make sure all of the framework's requirements are covered. "You're making promises you need to keep," they wrote, adding firms constantly must reassess their practices, review their privacy policies and check that their certifications don't lapse. "The FTC has sued companies that failed to maintain their annual certification, but still claimed to participate," they added. The Department of Commerce said Wednesday the Swiss-U.S. Privacy Shield framework started to accept applications (see 1704130005).