FTC Brings First Action Involving the APEC Cross-Border Privacy Rules System

05/09/2016
Client Alert

Many companies have wondered if the Federal Trade Commission (FTC) would enforce public promises regarding compliance with privacy frameworks other than the U.S.-E.U. Safe Harbor. On May 4, 2016, the FTC answered that question by announcing that it had settled charges that Very Incognito Technologies, Inc., doing business as Vipvape, deceived consumers about its participation in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system.

The APEC CBPR system is an initiative designed to facilitate the protection of consumer data transferred across the APEC region[1] (At present, only four member economies, United States, Mexico, Japan and Canada, are participating in the CBPR system). In order to participate, a company must undergo a review by an APEC-recognized accountability agent, which certifies the company’s compliance with the system’s standards. A company’s promises in connection with such certification can be enforced by privacy authorities in participating member economies. Only 13 companies have certified to date.

The FTC’s complaint alleged that Vipvape, a hand-held vaporizer company, represented on its website that it was a participant in the APEC CBPR system when it was not, nor ever had been, certified. The FTC alleged that this misrepresentation was deceptive, in violation of Section 5 of the FTC Act.

The settlement prohibits Vipvape from misrepresenting its participation, membership, or certification in any privacy or security program sponsored by a government or self-regulatory or standard-setting organization.

Although this is the FTC’s first enforcement action related to the APEC CPBR, the agency has brought similar charges against a number of companies for allegedly misrepresenting their adherence to the Safe Harbor privacy framework. At the end of the day, all of these actions—including the Vipvape action—reinforce the fundamental message the FTC has been sending companies for years: if you make a representation about any of your privacy practices, the representation must be true.



[1] The 21 member economies of APEC are: Australia; Brunei Darussalam; Canada; Chile; People's Republic of China; Hong Kong, China; Indonesia; Japan; Republic of Korea; Malaysia; Mexico; New Zealand; Papua New Guinea; Peru; The Philippines; The Russian Federation; Singapore; Chinese Taipei; Thailand; United States of America; and Viet Nam.



Contact Us
Contact our world-class privacy and data security lawyers.


Follow us on Twitter @MoFoPrivacy.

Cyber Crime Firm of the Year
Cyber Crime Firm of the Year

Email Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

©1996-2019 Morrison & Foerster LLP. All rights reserved.