Four companies have settled Federal Trade Commission allegations that they falsely claimed to participate in a cross-border data program.
The separate settlements, announced Dec. 3, highlight the risks companies face for misrepresenting their involvement in the EU-U.S. Privacy Shield program. Thousands of U.S. companies rely on the trans-Atlantic pact to lawfully move personal data from the EU to the U.S. The FTC enforces the commitments companies make when joining the framework.
The FTC reached settlements with Click Labs Inc., a tech solutions provider; Global Data Vault LLC, a data backup and recovery services company; Incentive Services Inc., a human resource consultancy; and TDArx Inc., a professional IT services firm.
“We will hold companies accountable” when they fail to keep Privacy Shield promises, Andrew Smith, director of the FTC’s consumer protection bureau, said in a statement.
Click Labs and Incentive Services also allegedly misrepresented that they participated in the Swiss-U.S. Privacy Shield framework, according to the FTC. Global Data Vault and TDArx allegedly also claimed to participate in the EU-U.S. Privacy Shield program after their certifications lapsed, the FTC said.
Representatives from Click Labs, Incentive Services, Global Data Vault, and TDArx didn’t immediately respond to requests for comment.
The settlements prevent the four companies from misrepresenting their participation in the data transfer framework or any other government-sponsored privacy or data security program. Global Data Vault and TDArx, as part of their settlements, also must continue to apply Privacy Shield protections to the personal data they collected while they were in the program or “return or delete” the information, the FTC said.