For the fourth time, the Federal Trade Commission ("FTC") has reached a consent agreement with a company for alleged misrepresentations regarding Privacy Shield certification. A California-based company, ReadyTech Corporation, agreed to a settlement whereby it is “prohibited from misrepresenting its participation in any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization, including but not limited to the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework.”
The first privacy shield enforcement action since September 8, 2017, this action comes only a little more than a month after GDPR went into effect on May 25th. It also comes only two months after the FTC’s empty commissioner seats were finally filled by President Trump, and new chairman Joseph Simons was sworn in. Since the Privacy Shield framework is one of the few mechanisms whereby companies may lawfully engage in international data transfer under the GDPR, this case should serve as another important warning to companies that the FTC is continuing to look at these issues closely.
See our Focus on the Data blog for a more detailed analysis.