There were two recent noteworthy developments related to Privacy Shield from both sides of the Atlantic.
European Parliament non-binding resolution criticizes US on Privacy Shield steps
On July 5, the European Parliament adopted a resolution calling for the suspension of the EU-US Privacy Shield Agreement if the U.S. fails to comply in full by September 1, 2018.
The non-binding resolution criticizes the U.S. for not taking sufficient steps to ensure it provides data protection equivalent to that in the EU, as well as the Commission and U.S. authorities for not addressing the concerns raised by the WP29 following its review in December 2017. As noted in our December post on this topic, the resolution concludes that the Privacy Shield doesn’t provide the adequate level of protection required by Union data protection law. It recommends that unless the U.S. is fully compliant by September 1, the Commission suspend the Privacy Shield until the U.S. authorities comply with its terms.
FTC Privacy Shield Settlement
On July 2, ReadyTech Corporation, agreed to settle FTC allegations that it falsely claimed it was in the process of being certified as compliant with the Privacy Shield.
ReadyTech, a California company, provides online and instructor-led training. According to the FTC’s complaint, ReadyTech falsely represented that it was actively in the process of certifying compliance with the EU-US Privacy Shield, when it was not doing so. In fact, according to the complaint, ReadyTech never completed the necessary steps to finalize its application, and was not certified to participate in the EU-US Privacy Shield Framework.
The FTC’s order prohibits ReadyTech from making misrepresentations about its membership in any privacy or security program sponsored by the government or any other self-regulatory or standard-setting organization. FTC Chairman Joe Simons stated that the agency is committed to “vigorous enforcement” of Privacy Shield and that it believes that “Privacy Shield is a critical tool for ensuring transatlantic data flows and protecting privacy that benefits both companies and consumers.”
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.