FALSE EU-U.S. PRIVACY SHIELD CLAIMS

RagingWire Data Centers, a subsidiary of NTT has been charged with False Claim of Participation in the EU-US Privacy Shield by US Federal Trade Commission (FTC).

As announced by the FTC, RagingWire is alleged to have misled consumers about its participation in the EU-US Privacy Shield data protection framework and failed to adhere to the program’s requirements before allowing its certification to lapse.

In a complaint, the FTC alleges that between January 2017 and October 2018, RagingWire claimed in its online privacy policy that the company participated in the Privacy Shield framework and complied with the program’s requirements, “even though it had allowed its certification to lapse in January 2018”.

In terms of role playing, the EU-U.S. Privacy Shield framework establishes a process to allow companies to transfer consumer data from European Union countries to the United States in compliance with EU law. On the other hand, the Department of Commerce administers the framework, while the FTC enforces the promises companies make when joining the program.

The Department of Commerce is said to have warned Raging Wire twice to either remove the claims on its website or take steps to recertify its participation in the Privacy Shield program. The company, however, “failed to recertify until it was contacted by the FTC in October 2018”.

The FTC also alleges that while RagingWire was a participant of the Privacy Shield program, the company failed to comply with the three following Privacy Shield requirements:

  • To verify annually that it had made accurate statements about its Privacy Shield privacy practices.
  • To maintain a dispute resolution process for consumers who had privacy-related complaints about the company.
  • To abide by the Privacy Shield requirement that companies that stop participation in the framework affirm to the Department of Commerce that they will continue to apply the Privacy Shield protections to personal information collected while participating in the program.

RagingWire has so far not publicly commented on the case, but its website still reports the company adheres to the Privacy Shield framework.

If its certification of participation in the Privacy Shield framework lapses in the future, the complaint includes a proposed order that RagingWire also would be required to continue to apply the Privacy Shield protections to personal information it collected while participating in the program, or return or delete the information.

NTT acquired the firm in 2014 and the company’s data center network is expanding across major US markets like California, Illinois, Texas and Virginia. RagingWire also plans to rebrand fully as NTT in few months.