By: Linda L. Goodman
Three U.S. companies have agreed to settle Federal Trade Commission charges that they deceived consumers about their participation in the Asia-Pacific Economic Cooperation (“APEC”) Cross-Border Privacy Rules (“CBPR”) system by false representations in their privacy policies.
In separate but similar complaints, the FTC charged that Sentinel Labs, Inc., which provides endpoint protection software to enterprise customers; SpyChatter, Inc., marketer of the SpyChatter private message app; and Vir2us, Inc., which distributes cyber security software; falsely represented in their online privacy policies that they participated in the APEC CBPR system.
The APEC CBPR system facilitates privacy-respecting data transfers between APEC member economies through a voluntary, enforceable mechanism, which certifies companies as being compliant with APEC CBPR program requirements. The APEC CBPR system is based on nine data privacy principles: preventing harm, notice, collection limitation, use choice, integrity, security safeguards, access and correction, and accountability. Companies that participate in the APEC CBPR system must undergo a review by an APEC-recognized accountability agent, which certifies companies that meet the standards. Although the Companies claimed in their respective privacy policies that they had been certified, they were not and had never been certified, according to the complaints.
New Acting Chairman Ohlhausen in announcing the action stated “Cross-border commerce is an important driver of economic growth, and our cross-border privacy commitments help enable U.S. companies to compete around the world. Companies, however, must live up to the promises they make to protect consumer data.”
The complaints allege that the companies violated the FTC Act by making deceptive statements that they participated in the APEC CBPR. SentinelOne also falsely claimed that it was a participant in a TRUSTe privacy program.
Under the terms of the settlement with the FTC, the three companies are prohibited from misrepresenting their participation membership or certification in any privacy or security program sponsored by a government or self-regulatory or standard-setting organization, have agreed to come into compliance and place themselves under a 20 year review and report demands by the FTC.
There was no monetary fine imposed. Consider this a warning shot…
______________________________________________________________________
This article is a publication of The Goodman Law Firm and is intended to provide information on recent legal developments. This article does not create an attorney-client relationship, nor should it be construed as legal advice or an opinion on specific situations. This may constitute “Attorney Advertising” under the Rules of Professional Conduct and under the law of other jurisdictions.
Linda L. Goodman is the founder of The Goodman Law Firm, concentrating its practice in internet business and law. Her firm’s clients include Advertisers, Affiliates, Affiliate Networks, and ISP’s.
© 2017 TGLF, A.P.C.