FTC Pursues False Advertising Claims Related to Privacy Certifications | Practical Law

FTC Pursues False Advertising Claims Related to Privacy Certifications | Practical Law

The Federal Trade Commission (FTC) has settled charges with three companies that violated the Federal Trade Commission Act by deceiving consumers about their privacy standards. The companies falsely claimed that they participate in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system.

FTC Pursues False Advertising Claims Related to Privacy Certifications

Practical Law Legal Update w-006-5885 (Approx. 4 pages)

FTC Pursues False Advertising Claims Related to Privacy Certifications

by Practical Law Commercial Transactions
Published on 24 Feb 2017USA (National/Federal)
The Federal Trade Commission (FTC) has settled charges with three companies that violated the Federal Trade Commission Act by deceiving consumers about their privacy standards. The companies falsely claimed that they participate in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system.
The Federal Trade Commission (FTC) has settled charges with three companies that violated the Federal Trade Commission Act (FTC ACT) by falsely representing that each participated in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system. The settlements include:
The APEC CBPR system facilitates privacy-respecting data transfers between APEC member economies through a voluntary, enforceable mechanism. APEC's CBPR system is based on nine data privacy principles:
  • Preventing harm.
  • Notice.
  • Collection limitation.
  • Uses of personal information.
  • Choice.
  • Integrity of personal information.
  • Security safeguards.
  • Access and correction.
  • Accountability.
To participate in this voluntary, self-regulatory program, a company must receive certification from an APEC-recognized accountability agent that the company meets APEC standards. Although all three companies claimed on their websites that they participated in the APEC CBPR system, the FTC found that none of the companies had ever been certified to participate.
In addition, Sentinel Labs claimed on its SentinelOne site that it also received a TRUSTe Privacy Seal. However, the FTC complaint alleged that TRUSTe never reviewed SentinelOne's privacy policy and practices. TRUSTe is a third-party privacy certification company that provides the right to use its privacy seal if a company complies with its privacy requirements.
Under the settlements, the companies are prohibited from misrepresenting their participation, membership, or certification in any privacy or security program sponsored by a government or by a self-regulatory or standard-setting organization.
The FTC regularly pursues false advertising claims about how a company protects consumers' privacy. If a company claims that it participates in a voluntary organization to help protect consumers' privacy and personal data, that representation, like other objective claims, must be truthful. Companies should periodically review their claims about protecting consumer privacy in both their privacy policies and advertising to ensure that any promises or claims they make are truthful and not deceptive.
For more information on the FTC's enforcement regarding advertising claims, see Practice Note, FTC Enforcement of Advertising Claims.