[For privacy reasons, please do not display my postal code. UK postal codes identify the actual house]. Dear FTC enforcement team, I oppose the use of a light touch consent order in the case of DDC Labs. While light touch consent orders may play a useful role in other cases, this particular case raises different issues. DDC Labs is a large DNA testing / paternity testing provider. They have a significant European market presence. The information they collect is highly sensitive. Even a visit to their website might have privacy implications for an individual if the visit leaves a trail. For such a company to make a false claim of Safe Harbor membership is very troubling. Privacy, trust and legal compliance are all essential in the health sector. The proposed consent order includes no sanctions for DDC Labs and no remedies for existing clients. It merely requires the company to comply with a framework that it should have already been applying in its daily work. The consent order should be strengthened by the inclusion of appropriate standards or it should be replaced by a different enforcement tool. In the EU, DNA and paternity information would be subject to additional care and safeguards, including additional enforcement measures. In the APEC Privacy Framework there is a requirement that "remedial measures should be proportionate to the likelihood and severity of the harm threatened by the collection, use and transfer of personal information." It is important for the FTC to show that it understands the additional risks posed by the collection of DNA / paternity information during a period when the company was making a false claim about its membership of a privacy framework. At the very least, the sanctions should include a requirement that EU customers of DDC Labs are informed of the false claim.