The Federal Trade Commission has warned more than a dozen companies it says have falsely claimed to be participating in international privacy agreements, and reached a settlement with one company over allegations it falsely claimed to be part of the EU/U.S. Privacy Shield program.
The settlement came with background screening firm SecurTest, which applied to be part of the Privacy Shield but did not finish the process for certification.
The privacy shield replaced the safe harbor agreement that a European Union court invalidated in October 2015 over concerns about the U.S. being able to hold up its end of the agreement given the government surveillance revealed by the Edward Snowden leaks. The voluntary framework requires companies to provide notice of what personal information is being collected and stored, the purposes it is used for, and an "opt out" mechanism.
Warning letters went to a baker's dozen companies--the FTC did not identify them--that claimed to be part of either the EU/U.S. Safe Harbor or the Swiss-U.S. Privacy Shield, both of which have been replaced by the 2016 EU-U.S. Privacy Shield.
Finally, the FTC warned two companies claiming to be in the Asia-Pacific Economic Cross-Border Privacy Rules, even though they are not certified members.
The vote for the settlement and warnings was 5-0.