New Legal Requirements Regarding Behavioral Advertising
Be Careful in the EU
European Union (EU) countries are extremely protective when it comes to data privacy and, therefore, US companies doing business in the EU must be extra careful if they collect online personal information from persons in the EU. However, there is a method for US companies to transfer personal data outside the European Union in a way that is consistent with the EU requirements. Specifically, a US company can self-certify to the US Department of Commerce that it complies with EU standards. Indeed, many businesses include a statement in their privacy policies making this claim. However, the FTC has aggressively gone after companies that claimed to be certified under the US – EU Safe Harbor Framework (or the US- Swiss Safe Harbor Framework), but were not actually certified. For example, on May 29, 2015, the FTC announced that it had approved Final Orders resolving the FTC’s complaints against TES Franchising, LLC and American International Mailing, Inc. when, in fact, their certifications had lapsed years earlier.
Jay S. Newman is a Principal in the Washington, D.C., office of Fish & Richardson, focused on advertising, sweepstakes, contests and privacy law, with extensive experience before the Federal Communications Commission, Federal Trade Commission, Food and Drug Administration and...