The Federal Trade Commission has issued warning letters to 28 companies that claim certified participation in the Asia-Pacific Economic Cooperative’s Cross-Border Privacy Rules system on their websites but do not appear to have met the requirements to make that claim.
The APEC privacy system is a self-regulatory initiative to enhance the protection of consumer data that moves among the APEC member economies through a voluntary but enforceable code of conduct implemented by participating businesses. Under the system, companies can be certified as compliant with APEC CBPR program requirements based on the following nine data privacy principles: preventing harm, notice, collection limitation, use choice, integrity, security safeguards, access and correction, and accountability.
The companies that received the letters must remove the claims regarding APEC CBPR from their websites immediately and inform FTC staff that they have done so, or provide information proving they are actually certified. The letter notes that companies falsely claiming certification in the system may be in violation of the FTC Act.
The FTC recently settled its first case related to a deceptive claim of certification in the APEC CPBR system.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.