United States of America: Federal Trade Commission issued final settlement order in its investigation into GoDaddy for alleged misrepresentations of cybersecurity vulnerabilities in web-hosting services

On 21 May 2025, the Federal Trade Commission (FTC) finalised an order with web hosting provider GoDaddy, resolving allegations that the company misled consumers by failing to implement adequate data security protections, resulting in multiple breaches. The FTC's complaint, initially issued on 15 January 2025, alleged that GoDaddy lacked standard security measures such as multi-factor authentication, threat monitoring, and secure data connections, despite advertising "award-winning security," and falsely claimed compliance with the EU-US and Swiss-US Privacy Shield Frameworks. The final order prohibits misrepresentations regarding security practices, mandates a comprehensive information security programme, and requires independent third-party assessments of its safeguards. The FTC voted 3-0 to approve the order after reviewing public comments.