About Us - Galexia News
Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016
Data Protection Leader, Volume 13, Issue 11 (November 2016) - Regulators fight back against privacy fraud
Chris Connolly, Director at Galexia, summarises the key lessons to be learnt from recent enforcement action involving ‘privacy fraud.’
Privacy fraud has traditionally been viewed as a niche issue, but in recent years it has emerged as a mainstream privacy compliance matter, and now attracts significant attention from data protection regulators. It typically occurs where a company claims it belongs to a specific privacy compliance?scheme or that it has been certified?in a privacy trustmark scheme. The?claim is designed to assure consumers that it meets a high level for privacy assurance, or that its practices have been assessed and certified by a?trusted third party. In a growing number of instances, these claims are false.?Data protection experts have been aware of this problem for many years. Consumer protection regulators, trust- mark operators and consumer advocates spend a significant amount of time and resources contacting companies and asking them to remove false claims. Consumer protection regulators (including some data protection regulators) can threaten to use their legal powers in relation to ‘misleading and deceptive’ conduct. Trustmark operators can threaten to use their trademark protection powers to seek the removal of false claims. Consumer advocates?can threaten to refer the company to?the relevant regulator or to the media.
The vast majority of this work takes place ‘behind the scenes’ and it is?only in recent years that formal, public enforcement action has been taken on privacy fraud. Since 2009, there have been 39 public enforcement actions related to privacy fraud, with the bulk of them occurring in the last three years.
Read the complete article » - including
- The Ashley Madison case - Privacy fraud may be so significant that it invalidates consent?
- False Safe Harbor claims - Privacy fraud may occur where a?false claim is the result of ‘lapsed’ membership of a privacy scheme (various Safe Harbor cases 2009-2015);
- Trustmark scheme false claims - Privacy fraud may extend to the privacy trustmarks schemes themselves (TRUSTe 2015);
- APEC CBPRs false claims - Privacy fraud may occur where?a company falsely claims it is a member of a scheme it has never applied to join (some Safe Harbor cases in 2009 and 2015, and the APEC CBPRs cases 2016);