Flo Health pitched its Flo Period & Ovulation Tracker as a way for millions of women to “take full control of [their] health.” But according to the FTC, despite express privacy claims, the company took control of users’ sensitive fertility data and shared it with third parties – a broken promise that left consumers feeling “outraged,” “victimized,” and “violated.” Read on for details, including a notable feature in the proposed settlement.
Blog Posts Tagged with Privacy Shield
The FTC’s administrative litigation against NTT Global Data Centers Americas, Inc., just ended with a proposed settlement – and an important compliance message for companies that claim participation in the EU-U.S. Privacy Shield framework.
They say hindsight is 20/20, but what about foresight? We’re not ones to prognosticate, but a look at notable FTC cases and initiatives from the past year suggests some topics likely to be top of mind in months to come. Here is a non-exhaustive list of issues in our 2019 rearview mirror and likely visible through the 2020 windshield.
There are foundational consumer protection principles that bear repeating whenever the opportunity arises. The FTC’s just-announced decision in the Cambridge Analytica case offers just such an opportunity.
Want to be your company’s Privacy Shield hero? Four proposed FTC settlements suggest actions you can take to keep your business Privacy Shield-compliant.
For businesses that choose to participate, the EU-U.S. Privacy Shield framework establishes a process to allow them to transfer consumer data from European Union countries to the United States in compliance with EU law. In return, companies must follow the framework’s requirements.
The data that Facebook collects about its users could reveal a lot about users’ personalities. A company named Cambridge Analytica sure thought so. The FTC alleges Cambridge Analytica used false and deceptive tactics to harvest personal information from tens of millions of Facebook users – data later used to profile and target U.S. voters.
Phileas Fogg was famous for going around the world in 80 days, but when it comes to global commerce, consumers can manage the same feat with just one click. Recent FTC actions touch on the international implications of consumer protection.
Looking to take a deep dive into the breadth and depth of the FTC’s approach to consumer privacy and data security in the past year? The FTC’s website, including the Business Center, has what you need. But what if you or your clients prefer an at-your-fingertips digest of developments in 2018? We’re got that covered, too.
Steely Dan may be one of the best duos of the rock era. (Sorry, Donnie and Marie fans.) Their song “Hey Nineteen” reminds us to mention some FTC consumer protection developments that could be of interest to your company or clients in 2019. As “Any Major Dude Will Tell You,” when you’re “Reelin’ in the Years” – or at least recapping the past one – consider this non-exhaustive and in-no-particular-order case compilation.
Four companies just entered into proposed agreements with the FTC to settle charges that they made misrepresentations about their participation in the EU-U.S. Privacy Shield. The cases reflect the FTC’s continuing commitment to enforcing the framework. Two of the complaints also focus on a Privacy Shield obligation that may be worth more of your company’s attention.
A proposed FTC settlement with California-based employee training company ReadyTech Corporation reminds businesses that if you make claims about EU-U.S. Privacy Shield participation, you have an obligation to live up to those promises. The case also serves as further confirmation of the FTC’s commitment to the framework.
The EU-U.S. Privacy Shield Framework has been in place for more than a year and the Swiss-U.S. Privacy Shield went into effect in April 2017. Self-certification programs like Privacy Shield offer benefits to business and protections for consumers. The FTC enforces the promises companies make when they join the frameworks, as well as false claims of participation.
Commercial cross-border data flows continue to grow in our internet-enabled economy. These data flows, often involving personal data, support innovative new business services and consumer products. At the same time, they raise questions of how to protect privacy across borders. Various mechanisms help both businesses and consumers with this challenge. One in which the FTC plays a key role is the EU-U.S. Privacy Shield.
The privacy framework for transatlantic exchanges of personal data between the EU and the United States has been in the headlines lately. But are you and your clients staying on top of your obligations on the Pacific side? If your company certifies its compliance with the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules, a proposed FTC settlement with Very Incognito Technologies serves as a reminder to honor those promises.
At the Federal Trade Commission, we’ve been very public about how we feel about privacy: we want consumers to enjoy the benefits of innovation in the marketplace, confident that their personal information – online and offline – is being handled responsibly.
An app developer, a medical waste company, a skateboard event sponsor, a stock car racing school, and a bagel purveyor. That’s either the strangest answer to a Jeopardy! question – or a partial list of companies that just settled FTC charges that they falsely claimed they were certified members of the U.S.-EU or U.S.-Swiss Safe Harbor Framework.
Does your company participate in the U.S.-EU Safe Harbor Framework? It’s a voluntary international privacy program administered by the Department of Commerce that lets companies transfer data from the EU to the U.S. in compliance with EU law. Of course, data security and privacy are everyday obligations for companies, but are you honoring one particular once-a-year provision? And what about promises you make regarding how you resolve consumer disputes?
If your company transfers consumer data from the European Union to the U.S., you’ll want to know about the U.S.-EU Safe Harbor Program, a voluntary international privacy framework that lets companies transfer data from the EU to the U.S. in a way that complies with EU law.