WASHINGTON, D.C. — The federal government has reached a settlement with four companies accused of falsely claiming participation in the EU-U.S. Privacy Shield, with two of the companies allegedly failing to abide by the Privacy Shield requirements.
According to the Federal Trade Commission (FTC), IDmission, LLC, MResource LLC DBA Loop Works LLC, SmartStart Employment Screening Inc. and VenPath, Inc., falsely claimed certification under the EU-U.S. Privacy Shield, a certification that shows compliance with EU law and allows companies to transfer consumer data from the European Union countries to the U.S.
In the separate complaints, the FTC alleges IDmission, applied for their Privacy Shield certification but did not complete the certification process, yet said it complies with the Privacy Shield framework. The FTC also alleges VenPath and MResource obtained the Privacy Shield certification but let it lapse. According to the FTC, VenPath and SmartStart did not stop participation in the Privacy Shield while waiting for the Department of Commerce to affirm their certification, which is required.
“Companies need to know that if they fail to honor their Privacy Shield commitments, or falsely claim participation in the Privacy Shield framework, we will hold them accountable,” FTC’s Bureau of Consumer Protection director Andrew Smith said in a statement.
The settlement includes all four companies being prohibited from misrepresenting the extent of the participation in any privacy or data security program sponsored by the government or self regulatory, standard-setting organization, the FTC said.