Company Settles FTC Allegations of Privacy Shield Misrepresentation
Time 2 Minute Read

On November 19, 2019, the Federal Trade Commission announced that Medable, Inc. (“Medable”) agreed to settle allegations that the company had misrepresented its participation in the EU-U.S. Privacy Shield program. The FTC alleged that, from December 2017 to October 2018, Medable falsely claimed in its online privacy policy that it was a certified participant in the EU-U.S. Privacy Shield framework and adhered to the framework’s principles. According to the complaint, although Medable did initiate an application with the Department of Commerce in December 2017, the company never completed the steps necessary to participate in the framework.

As part of the proposed settlement with the FTC, Medable is prohibited from misrepresenting its participation in any privacy or data security program sponsored by the government or any self-regulatory or standard-setting organization and must comply with FTC reporting requirements. The proposed settlement agreement will be published in the Federal Register and subject to public comment for 30 days, after which the FTC will make a determination regarding whether to make the proposed consent order final.

The EU-U.S. Privacy Shield framework allows companies to transfer personal data lawfully from the EU to the U.S. Since the framework was established in 2016, the FTC has brought a total of 17 enforcement actions related to the Privacy Shield.


Subscribe Arrow

Recent Posts




Jump to Page