On September 27, the Federal Trade Commission reached settlements with four companies over allegations related to the EU-US Privacy Shield.
As outlined in the FTC’s press release, the companies falsely claimed to be certified under the EU-US Privacy Shield. One of the four companies applied for self-certification with the framework in 2017 but never completed the remaining steps. The other three companies (one of which provides background screening services) all obtained certification in 2016 but then allowed their certifications to lapse. The framework requires any company that can no longer meet the program’s requirements to inform the U.S. Department of Commerce and remove mention of certification from their website.
All four companies are prohibited from misrepresenting their participation in this framework or other privacy or data security programs. Two of the companies are required to continuing providing protections afforded under the framework to personal information collected while participating in the program (or timely delete the information).
The Privacy Shield framework was developed by the U.S. Department of Commerce and the European Commission and Swiss Administration after an October 2015 decision by the European Court of Justice invalidated the previously effective Safe Harbor Framework. Asurint has self-certified compliance with both the EU-US and Swiss-US Privacy Shield Frameworks. Employers that conduct background checks in the European Union or Switzerland should ensure their screening provider understands and complies with the various data privacy laws that may impact background screening.
As outlined in the FTC’s press release, the companies falsely claimed to be certified under the EU-US Privacy Shield. One of the four companies applied for self-certification with the framework in 2017 but never completed the remaining steps. The other three companies (one of which provides background screening services) all obtained certification in 2016 but then allowed their certifications to lapse. The framework requires any company that can no longer meet the program’s requirements to inform the U.S. Department of Commerce and remove mention of certification from their website.
All four companies are prohibited from misrepresenting their participation in this framework or other privacy or data security programs. Two of the companies are required to continuing providing protections afforded under the framework to personal information collected while participating in the program (or timely delete the information).
The Privacy Shield framework was developed by the U.S. Department of Commerce and the European Commission and Swiss Administration after an October 2015 decision by the European Court of Justice invalidated the previously effective Safe Harbor Framework. Asurint has self-certified compliance with both the EU-US and Swiss-US Privacy Shield Frameworks. Employers that conduct background checks in the European Union or Switzerland should ensure their screening provider understands and complies with the various data privacy laws that may impact background screening.