Companies found to be in violation of EU-US Privacy Shield

The US Federal Trade Commission (FTC) filed, on 24 July, an administrative complaint against data analytics company, Cambridge Analytica, which also states that the company falsely claimed that it was a participant in the EU-US Privacy Shield. In fact, its certification had lapsed in May 2018. Earlier in July, the FTC reached a settlement with a background screening company SecurTest over allegations that it falsely claimed to be a participant in the EU-US and Swiss-US Privacy Shield Frameworks.

But the Electronic Privacy Information Center (EPIC) criticised the decision saying that while the settlement requires SecurTest to halt misrepresentations and submit to compliance monitoring, it provides no remedy to those EU citizens who used the service.

EPIC and other commentators have pointed at the absence of a comprehensive US federal privacy law and a data protection authority. The Third Annual Review by the EU Commission on the functioning of the EU-US Privacy Shield is due to take place in October.


Date for your diary: 14 November 2019

Privacy Laws & Business Conference: New Era for US Privacy Laws: California and More
Host: Latham & Watkins, London
Registration: Open soon