The US Federal Trade Commission has approved the final regulatory orders on several security companies after they misrepresented themselves by telling customers that they abided by rules set out by a US-Asia privacy agreement.
Sentinel Labs, SpyChatter and Vir2us were charged with claiming to participate in the Asia-Pacific Economic Cooperation Cross Border Privacy Rules (APEC CBPR) by the FTC and were charged in February. The rules provide a framework for international data flows between the US and countries in the Asia Pacific region, while, according to the document “establishing meaningful protection for the privacy and security of personal information.” A European analogue of such an agreement can be found in EU-US Privacy Shield.
The settlement with the FTC, which governs consumer protection in the US, stipulates that the companies can no longer misrepresent themselves as participants in any privacy programme sponsored by a government or regulatory organisation.
These three companies are to be made an example of, according to a letter from Donald S Clark, secretary of the FTC. He writes that the action “will deter other companies from engaging in similar conduct.”
If the orders are violated, continues the letter, SpyChatter, for example could have incurred civil penalties of up to US$ 40,654 (£31,644) “per violation per day”.