U.S. Companies Settle FTC Charges that They Deceived Consumers About International Privacy Program Participation

Courts Privacy/Cyber Risk & Data Security FTC APEC CBPR

On February 22, the FTC announced that it had reached settlements with three U.S. companies over charges that the companies falsely represented their participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR) system in their online privacy policies. Participation requires an official review and certification, a process none of the three companies underwent according to the three complaints. The complaints alleged violations of the FTC Act due to deceptive statements made by the companies that they participated in the APEC CBPR system. The settlement terms bar the defendants from “misrepresenting their participation, membership or certification in any privacy or security program sponsored by a government or self-regulatory or standard-setting organization.”