Three Companies Agree to Settle FTC Charges They Falsely Claimed Participation in EU-US Privacy Shield Framework

Coverage Type: 

Three US companies have agreed to settle Federal Trade Commission charges that they misled consumers about their participation in the European Union-United States Privacy Shield framework, which allows companies to transfer consumer data from EU member states to the United States in compliance with EU law.

In separate complaints, the FTC alleges that human resources software company Decusoft, LLC, printing services company Tru Communication, Inc. (doing business as TCPrinting.net), and Md7, LLC, which manages real estate leases for wireless companies, violated the FTC Act by falsely claiming that they were certified to participate in the EU-US Privacy Shield. The FTC also alleged that Decusoft falsely claimed participation in the Swiss-U.S. Privacy Shield framework. Despite these claims, all three companies failed to complete the certification process for the Privacy Shield, according to the FTC complaints. The actions against the three companies are the first cases the FTC has brought to enforce the EU-U.S. Privacy Shield framework, which was put in place in 2016 to replace the U.S.-EU Safe Harbor framework. The FTC brought 39 enforcement actions against companies under the U.S.-EU Safe Harbor framework. Like the Safe Harbor, the Privacy Shield is aimed at providing companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring consumer data between the EU and the United States. These cases join the four enforcement actions the FTC has brought related to the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system.


Three Companies Agree to Settle FTC Charges They Falsely Claimed Participation in EU-US Privacy Shield Framework FTC cases affirm commitment to Privacy Shield (FTC blog)