Software trainer settles with FTC over EU privacy claimsPosted On: Jul. 3, 2018 11:05 AM CST
An Oakland, California-based online software training company has reached a settlement with the Federal Trade Commission for allegedly falsely claiming on its website that it was in the process of certifying its compliance with the EU-U.S. Privacy Shield Framework, although it will not have to pay any fines under the agreement, according to the FTC.
The framework establishes a process to allow companies to transfer consumer data from European Union countries to the United States in compliance with European Union law, the FTC said Monday in a statement.
In July 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law, according to the International Trade Administration, whose website is managed by the U.S. Department of Commerce.
Observers also have said that the Privacy Shield permits U.S. companies to comply with requirements regarding the transfer of data out of the European Union under the EU’s General Data Privacy Regulation, which took effect May 25.
The FTC said in Monday’s statement that while Oakland, California-based ReadyTech Corp. initiated an application to the U.S. Commerce Department in October 2016, it did not complete the steps necessary to participate in the Privacy Shield framework. It said the company’s false claim that it is in the process of certification violates the FTC Act’s prohibition against deceptive acts or practices.
The FTC said as part of the settlement ReadyTech is prohibited from misrepresenting its participation in any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization and must comply with standard reporting and compliance requirements.
“Today’s settlement demonstrates the FTC’s continuing commitment to vigorous enforcement of the Privacy Shield,” FTC Chairman Joe Simons said in the statement. “We believe Privacy Shield is a critical tool for ensuring transatlantic data flows and protecting privacy that benefits both companies and consumers.”
A ReadyTech spokesman could not be reached for comment.
The commission voted 5-0 to issue the administrative complaint in the case. The agreement will be subject to public comment through Aug. 1, after which the commission will decide whether to make the proposed consent order final. Each violation of such an order may result in a civil penalty of up to $41,484, said the FTC.
The FTC said this is the fourth case enforcing Privacy Shield, and there have been a total of 47 cases enforcing it as well as the predecessor Safe Harbor frameworks and the Asia Pacific Economic Cooperation Cross Border Privacy Rules framework.