On July 14, 2016, the Federal Trade Commission (FTC) announced that it had issued warning letters to 28 companies regarding their claim of participation in the Asia Pacific Economic Cooperation Cross Border Privacy Rule (APEC CBPR) system. The APEC CBPR system is a voluntary, enforceable mechanism that certifies a company’s compliance with the principles in the APEC CBPR and facilitates privacy-respecting transfers of data among APEC member economies.
The warning letter states the FTC’s records do not indicate these companies have taken the requisite steps to be able to claim participation in the APEC CBPR system, such as undergoing a review by an APEC-recognized Accountability Agent, which certifies companies that meet the standards. Under Section 5 of the Federal Trade Commission Act, a company that falsely claims APEC CBPR system participation may be subject to an enforcement action based on the FTC’s deception authority. In the warning letter, the FTC asks these 28 companies to (a) immediately remove their representations that could be construed as a claim of APEC CBPR participation from their website, privacy policy statement, and any other public document and (b) contact the FTC within 45 days to confirm the removal of such representations.
The FTC recently approved its final order prohibiting Vipvape, a manufacturer of hand-held vaporizers, from misrepresenting Vipvape is a member of, adheres to, complies with, is certified by, is endorsed by, or otherwise participates in any privacy or security program sponsored by a government or any self-regulatory or standard-setting organization, including APEC CBPR. In the announcement of the final order regarding the settlement with Vipvape, the FTC reported the FTC Chairwoman Edith Ramirez’s commitment to vigorously enforcing cross boarder privacy commitment.
Read more about the Vipvape final order.
