The Federal Trade Commission announced today a settlement with three companies that misrepresented their participation in the Privacy Shield arrangement. The Privacy Shield allows companies to transfer the personal data of European consumers to the United States based on a system of industry self-certification. The FTC settlement prohibits the companies from making future false claims about compliance with Privacy Shield, but does not impose any penalty. The FTC settlement also fails to provide any remedy to the EU consumers whose personal data was wrongfully obtained, nor does it require the companies to disgorge the data they fraudulently obtained. EPIC and consumer organizations in the US and Europe have criticized Privacy Shield for failing to establish basic privacy protection and lacking effective remedies. The FTC is now soliciting public comments on the proposed settlements, and the deadline to file a comment is October 10, 2017.
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.