Privacy & Information Security Law Blog

On March 9, 2015, the Federal Trade Commission announced that it has entered into a Memorandum of Understanding (the “Memorandum”) with the Dutch Data Protection Authority (the “Dutch DPA”).

The Memorandum, which does not create legally binding obligations on the FTC or the Dutch DPA, focuses on the following five objectives:

• cooperating when enforcing applicable privacy laws such as the FTC Act and the Dutch Data Protection Act, including sharing relevant information about complaints;
• facilitating research and education about how to protect personal information;
• aiding the mutual exchange of knowledge and expertise between the two entities via training programs and staff exchanges;
• promoting the understanding of economic and legal conditions and theories that impact the enforcement of applicable privacy laws; and
• informing each other of privacy-related developments in their respective countries.

The Memorandum describes specific procedures that the FTC and the Dutch DPA will take to achieve these objectives and notes that each country has the discretion to decide whether to provide assistance to the other on a given privacy-related matter. The Memorandum also discusses protective measures for transmitting information related to a request for assistance on a privacy-related matter, such as encryption or maintaining materials in secured, restricted locations.

In announcing the Memorandum, FTC Chairwoman Edith Ramirez emphasized the importance of cross-border cooperation and stated that “[t]his arrangement with our Dutch counterpart will strengthen FTC efforts to protect the privacy of consumers on both sides of the Atlantic.” Similarly, her counterpart, Chairman of the Dutch DPA Jacob Kohnstamm, noted that entering into the Memorandum marked a great step in efforts to increase cooperation among “data protection and privacy authorities across the globe” which is especially important “[i]n this day and age of increasing cross-border data flows.”

The Memorandum is similar to those previously entered into by the FTC with the UK Information Commissioner’s Office in March 2014 and the Office of the Data Protection Commissioner of Ireland in June 2013.