Data Center Company Settles FTC Privacy Shield Case

Data Center Company Settles FTC Privacy Shield Case

WASHINGTON, D.C. — An operator of secure data centers has settled Federal Trade Commission allegations that it misled consumers about its participation in the EU-U.S. Privacy Shield framework and failed to adhere to the program’s requirements before and after allowing its certification to lapse.

As part of the proposed settlement, NTT Global Data Centers, Inc., formerly known as RagingWire Data Centers, Inc. (RagingWire), must hire a third-party assessor to verify that it is adhering to its Privacy Shield promises if it plans to participate in the framework. The Privacy Shield framework allows participants to transfer data from European Union countries to the U.S. in compliance with EU law.

In a complaint filed in November 2019, the FTC alleged that, between January 2017 and October 2018, RagingWire claimed in its online privacy policy and marketing materials that the company participated in the Privacy Shield framework and complied with the program’s requirements. In fact, the FTC alleged, the company’s certification lapsed in January 2018 and it failed to comply with certain Privacy Shield requirements while it was a participant in the program. The FTC also alleged that, upon allowing its certification to lapse, RagingWire failed to take the necessary steps to confirm that it would comply with its continuing obligations relating to data received pursuant to the framework.

READ:  Pennsylvanians Urged to Report Unemployment Benefits Fraud

The proposed settlement also prohibits the company from misrepresenting its participation in the EU-U.S. Privacy Shield framework, any other privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization. If its certification of participation in the Privacy Shield framework lapses in the future, the company also must continue to apply the Privacy Shield protections to personal information it collected while participating in the program, or return or delete the information.

After counsel for the Commission reached a settlement agreement with the company on April 16, 2020, the matter was withdrawn from administrative litigation for the purpose of allowing the Commission to consider the consent agreement.

The Commission vote to accept the proposed consent agreement was 3-1-1. Commissioner Rebecca Kelly Slaughter did not participate, while Commissioner Rohit Chopra voted no and issued a dissenting statement. Chairman Joe Simons along with Commissioners Noah Joshua Phillips and Christine S. Wilson issued a separate statement.

READ:  Working Virtually: Use a Virtual Private Network to Secure Remote Locations

The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final. Instructions for filing comments will appear in the published notice. Once processed, comments will be posted on Regulations.gov.

Thanks for visiting! MyChesCo brings reliable information and resources to Chester County, Pennsylvania. Please consider supporting us in our efforts. Your generous donation will help us continue this work and keep it free of charge. Show your support today by clicking here and becoming a patron.

Buy Us a Cup of Coffee