On July 2, 2018, the Federal Trade Commission announced that California company ReadyTech Corporation (“ReadyTech”) agreed to settle FTC allegations that ReadyTech misrepresented it was in the process of being certified as compliant with the EU-U.S. Privacy Shield (“Privacy Shield”) framework for lawfully transferring consumer data from the European Union to the United States. The FTC finalized this settlement on October 17, 2018.
To join the Privacy Shield, companies must self-certify to the U.S. Department of Commerce compliance with the Privacy Shield Principles and related requirements. The FTC’s administrative complaint against ReadyTech alleged that ReadyTech, which provides online and instructor-led training, falsely claimed on its website to be in the process of complying with the Privacy Shield. The reality, according to the FTC, is that ReadyTech had begun but failed to complete the process.
This is the FTC’s fourth case enforcing the Privacy Shield. ReadyTech’s settlement agreement provides, in part, that ReadyTech will not misrepresent its participation in any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization.