April 14, 2017

The FTC has approved final orders with three companies resolving allegations that they deceived consumers by misrepresenting their participation in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system. The APEC CBPR system facilitates privacy-respecting data transfers between APEC member economies through a voluntary, enforceable mechanism, which certifies companies as being compliant with APEC CBPR program requirements. Like the EU-U.S. and Swiss-U.S. Privacy Shield frameworks that also facilitate privacy-respecting data transfers between different countries, the APEC CBPR system is backstopped by FTC enforcement. In separate complaints, the FTC charged that Sentinel Labs, Inc., which provides endpoint protection software to enterprise customers, SpyChatter, Inc., marketer of the SpyChatter private message app, and Vir2us, Inc., which distributes cyber security software, falsely represented in their online privacy policies that they participated in the APEC CBPR system. FTC