The Federal Trade Commission finalized a settlement with a data storage services company that allegedly deceived consumers about its participation in the EU-U.S. Privacy Shield (Privacy Shield) framework.
Under the settlement, the company, among other things, is prohibited not just from misrepresenting its compliance with or participation in the Privacy Shield framework, but also any other privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization. The company also must continue to apply the Privacy Shield requirements or equivalent protections to personal information it collected while participating in the framework or return or delete the information.
Although the European Court of Justice invalidated the Privacy Shield framework in July 2020, that decision does not affect the validity of the FTC’s decision and order relating to NTT’s misrepresentations about its participation in and compliance with the framework. The framework allowed participants to transfer data legally from the European Union to the United States.
After receiving two comments on the settlement, the Commission voted 3-1-1 to finalize the settlement with the company and send responses to the two commenters. Commissioner Rebecca Kelly Slaughter did not participate, and Commissioner Rohit Chopra voted no and issued a dissenting statement.
The Federal Trade Commission works to promote competition and to protect and educate consumers. You can learn more about consumer topics and report scams, fraud, and bad business practices online at ReportFraud.ftc.gov. Like the FTC on Facebook, follow us on Twitter, get consumer alerts, read our blogs, and subscribe to press releases for the latest FTC news and resources.