On October 28, 2020, the Federal Trade Commission finalized a settlement based on a company’s failure to comply with the requirements of the EU-US Privacy Shield framework.
One month after the initial publication of the settlement with NTT Global Data Centers in June 2020 with an invitation to the public to comment, the European Court of Justice invalidated the Privacy Shield framework. When announcing the final settlement, the FTC emphasized that the ECJ’s decision “does not affect the validity of the FTC’s decision and order,” which remains effective until October 28, 2040.
In a dissent from the FTC’s final approval of the NTT settlement, Commissioner Rohit Chopra argued that the settlement did not go far enough, noting that it does not help businesses that relied on NTT’s promises regarding the Privacy Shield and asserting that it does little to hold NTT accountable for those promises. Commissioner Chopra added that “[t]he Commission’s vote to finalize another data protection settlement – with no money, no help for victims, and no admission or findings of liability – is a setback for the FTC’s privacy enforcement program. I am hopeful we will change course.”