FTC Finalizes Settlement with Data Center Company over Allegations it Deceived Consumers about its Participation in the EU Privacy Shield

The Federal Trade Commission finalized a settlement with a data storage services company that allegedly deceived consumers about its participation in the EU-U.S. Privacy Shield (Privacy Shield) framework.

The FTC alleged that NTT Global Data Centers Americas, Inc. (NTT), formerly known as RagingWire Data Centers, Inc., claimed in its online privacy policy and marketing materials that the company participated in the Privacy Shield framework and complied with the program’s requirements. In fact, the FTC alleged, the company’s certification lapsed in January 2018 and it failed to comply with certain Privacy Shield requirements while it was a participant in the framework.

Under the settlement, the company, among other things, is prohibited not just from misrepresenting its compliance with or participation in the Privacy Shield framework, but also any other privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization. The company also must continue to apply the Privacy Shield requirements or equivalent protections to personal information it collected while participating in the framework or return or delete the information.

Although the European Court of Justice invalidated the Privacy Shield framework in July 2020, that decision does not affect the validity of the FTC’s decision and order relating to NTT’s misrepresentations about its participation in and compliance with the framework. The framework allowed participants to transfer data legally from the European Union to the United States.

After receiving two comments on the settlement, the Commission voted 3-1-1 to finalize the settlement with the company and send responses to the two commenters. Commissioner Rebecca Kelly Slaughter did not participate, and Commissioner Rohit Chopra voted no and issued a dissenting statement.