Five companies have reached settlements with the Federal Trade Commission over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework, which establishes a process to allow companies to transfer consumer data from European Union countries to the United States in compliance with EU law.
In separate actions, the FTC alleges that management software provider DCR Workforce, Inc.; cloud-based file transfer software provider Thru, Inc.; LotaData, Inc., which provides analysis of mobile users’ data; and facial recognition software provider 214 Technologies, Inc.all falsely claimed in statements on their websites that they were certified under the EU-U.S. Privacy Shield framework. The FTC alleges that LotaData, Inc. also falsely claimed that it was a certified participant in the Swiss-U.S. Privacy Shield framework, which establishes a data transfer process similar to the EU-U.S. Privacy Shield framework.
The FTC alleges that while 214 Technologies, Thru, LotaData, and DCR Workforce each submitted applications under the Privacy Shield, all four companies failed to complete the necessary steps to obtain certification from the Department of Commerce, which administers the Privacy Shield frameworks. The FTC enforces the promises companies make when joining the frameworks.
