Just as companies may be catching their breath after sprinting to get ready for GDPR in time for its recent implementation date, the FTC has now entered the enforcement fray. It has stated that, where companies are choosing to apply GDPR protections to American consumers, the FTC may enforce any failures to abide by those commitments. What does this mean for US companies? As many implemented compliance with GDPR, a number of companies stated publicly that they would be providing some -or all- of the same protections to their other customers. It made sense for the companies – once they were reconfiguring their policies and systems to meet the GDPR requirements for European customers, why not offer the same protections to individuals outside the EU? It was comparatively easy to do and it was good consumer PR. But now the FTC plans to hold them to it.

Putting it Into Practice:  Making sure companies keep their promises is central to the FTC’s mission. This is no different. Think carefully about what you commit to when describing your privacy practices to consumers. Once you make a commitment, make sure you keep it, or the FTC could come calling.