Consumer Electronics Daily was a Warren News publication.

Live Up to Privacy Shield or Face Suits, FTC Blog Advises Self-Certifiers

If an American company self-certifies with the EU-U.S. Privacy Shield, ​it can be sued for not living up to the principles established under the trans-Atlantic data transfer program, said the FTC in a blog post giving advice about compliance. The commission will pursue enforcement actions for misleading consumers about the participation in the framework or other international certification programs like it did under the old safe harbor agreement, wrote Guilherme Roschke, counsel-International Consumer Protection, and Hugh Stevenson, deputy director, Office of International Affairs. They said Thursday that companies should be careful about adopting a template or industry sample to create a privacy policy and make sure all of the framework's requirements are covered. "You're making promises you need to keep," they wrote, adding firms constantly must reassess their practices, review their privacy policies and check that their certifications don't lapse. "The FTC has sued companies that failed to maintain their annual certification, but still claimed to participate," they added. The Department of Commerce said Wednesday the Swiss-U.S. Privacy Shield framework started to accept applications (see 1704130005).