U.S. based companies that have updated their privacy policies to reflect increased consumer privacy protections intending to match the European Union’s GDPR protections may have unknowingly opened themselves up to added scrutiny from the Federal Trade Commission, according to FTC spokesperson Juliana Gruenwald Henderson.
Several organizations that collect consumer data on a large scale, including Facebook and Microsoft, have taken it upon themselves to increase personal data use transparency for their consumers through clearer privacy policies. This increase in transparency is designed, in part, to increase trust among their users, as well as potentially staying one step ahead of future U.S. regulation. That domestic regulation, however, might be coming sooner than anticipated.
The FTC’s Statement
Gruenwald Henderson explained, “If a company chooses to implement some or all of GDPR across their entire operations, and as a result makes promises to U.S. consumers about their specific practices they must live up to those commitments.” She added that this enforcement, although broad in nature, would only by applied towards specific and appropriate situations and “the FTC could initiate an enforcement action if the company does not comply with the EU data protection promises for U.S. customers.”
The FTC’s statement shows the government takes seriously companies’ privacy promises to their consumers. “If the company claims that it is compliant with EU law, it better be right, because the FTC will be looking for companies that are non-compliant but say otherwise,” said David Vladeck, former director of the FTC’s Bureau of Competition. Continue reading FTC to Enforce Voluntary GDPR Compliance Statements