The Federal Trade Commission (FTC) has finalized an order with GoDaddy, a web hosting provider, addressing allegations of misleading consumers about its data security practices. The FTC's investigation revealed that GoDaddy failed to implement essential security measures, despite its claims of offering 'award-winning security.'

In January 2025, the FTC alleged that GoDaddy did not utilize standard data security tools, such as multi-factor authentication, nor did it monitor for security threats or secure connections to customer data. These shortcomings led to multiple data breaches, allowing unauthorized access to customers' websites and sensitive information.

Additionally, the FTC accused GoDaddy of deceiving users regarding its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, further undermining consumer trust.

The finalized order prohibits GoDaddy from making false representations about its security measures and compliance with privacy programs. It also mandates the company to establish a comprehensive information-security program to safeguard the security, confidentiality, and integrity of its services. Furthermore, GoDaddy is required to engage an independent third-party assessor to review its information-security practices.

Following the receipt of three comments from the public, the Commission voted unanimously to finalize the order, although Commissioner Melissa Holyoak expressed a dissenting opinion on one aspect of the complaint.