April 29th, 2015
FTC Pursues Companies for Privacy Certification Misrepresentations
The FTC recently filed complaints alleging two US businesses that claimed to be in compliance with the US-EU Safe Harbor Framework were, in fact, no longer compliant. The two cases, which settled, serve as a reminder to all companies making representations about the security of their data: if you're going to participate in a government or self-regulatory data security program, you have to renew your certifications and otherwise comply.
Background. The US-EU Safe Harbor Framework is a voluntary international privacy program administered by the Department of Commerce that lets companies transfer data from the EU to the USin compliance with EU law. To participate in the Safe Harbor Framework, a company must annually certify that it abides by seven principles: notice, choice, onward transfer, security, data integrity, access, and enforcement. Saying you have a valid Safe Harbor certification - but failing to self-certify once a year - is a deceptive practice in violation of the FTC Act
The complaints. The FTC's complaints against TES Franchising, LLC, a business coaching service, and American International Mailing, Inc., a mail and freight shipping company, alleged that both companies' websites indicated they were currently certified under the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework, when in fact their certifications had lapsed years earlier. In addition, the complaint against TES alleged that TES told consumers that Safe Harbor-related disputes would be settled by an arbitration agency in Connecticut and costs would be split between the consumer and TES. However, the FTC alleged that in TES's Safe Harbor certification filing, TES said it would process Safe Harbor-related disputes through the EU data protection authorities (which do not require in-person attendance), at no cost to consumers. The FTC also alleged that TES deceptively claimed to be a licensee of the TRUSTe Privacy program, when it was not.
The settlements. Under the proposed settlement agreements, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization. The settlement with TES further prohibits the company from misrepresenting participation in, or the terms of, any alternative dispute resolution process or service.
Thus far, the FTC has brought 26 law enforcement actions to make sure companies honor their obligations under privacy and data security self-certification programs. If your company claims to be certified or wishes to be certified under the US-EU Safe Harbor Framework, the US-Swiss Safe Harbor Framework, TRUSTe, or any other voluntary privacy program, you should confirm your company is up to date on its certifications. For more information on the US-EU and US-Swiss Safe Harbor Frameworks, consult the Department of Commerce website here, and the FTC website here. For more detailed and company-specific guidance, please contact S. Gregory Boyd, Esq., CIPP/US at (212) 826-5581 or email@example.com, Jeremy Goldman, Esq., CIPP/US at (212) 705 4843 or firstname.lastname@example.org, Jessica Smith, Esq., at (212) 705-4876 or email@example.com, or any other member of Frankfurt Kurnit's Privacy & Data Security Group.
New York Readies Dramatic New Harassment Rules – What Are the Changes, and Are You Prepared to Comply?
The New York State Senate and Assembly recently passed a bill adding substantial additional protections for employees. The new law will provide additional protections for employees who allege sexual harassment; remove certain employer defenses; alter non-disclosure agreements; extend the statute of limitations for sexual harassment claims; and make changes to the laws governing sexual harassment policies and training. Read more.
July 9 2019
June 2019 Sports Industry News
Here’s what’s happening at the intersection of sports, marketing, and entertainment law as Summer rolls along. Read more.
June 30 2019
Supreme Court Says “Scandalous” Trademarks May be Registered
Here’s some news for brands, creators, and other entities developing nonconforming names or entertainment content. Yesterday, the Supreme Court ruled that FUCT and other profane, “scandalous” or “immoral” words may be registered as trademarks. Read more.
June 26 2019