FTC Settles Data Shield Complaint

The Federal Trade Commission (FTC) settled with an operator of secure data centers over allegations that it misled clients about its compliance with the EU-U.S. Privacy Shield Framework. According to the proposed settlement, NTT Global Data Centers, Inc., formerly known as RagingWire Data Centers, Inc., must contract a third-party examiner to confirm its adherence to Privacy Shield’s requirements. The framework enables “participants to transfer data from European Union countries to the U.S. in compliance with EU law.”

This settlement follows the FTC’s November 2019 complaint against RagingWire, alleging that it falsely “claimed in its online privacy policy that the company participated in the Privacy Shield framework and complied with the program’s requirements, even though it had allowed its certification to lapse in January 2018.” RagingWire was warned twice by the Department of Commerce to remove the claims or to recertify its participation in the framework but made no changes until the FTC contacted it in October 2018.

In yesterday’s press release, the FTC explained that the settlement “prohibits the company from misrepresenting its participation in the EU-U.S. Privacy Shield framework.” Furthermore, if its program certification lapses again in the future, NTT “must continue to apply the Privacy Shield protections to personal information it collected while participating in the program, or return or delete the information.”

The vote to accept the FTC’s proposed consent agreement was 3-1-1. A description of the agreement package will soon enter the Federal Register, and will subsequently be “subject to public comment for 30 days after publication…after which the Commission will decide whether to make the proposed consent order final.”