Congress has passed the Foundations for Evidence-Based Policymaking Act of 2018. The legislation, championed by House Speaker Paul Ryan (R-WI) and Senator Patty Murray (D-WA), includes new requirements for federal agencies to establish senior leaders for program evaluation and data coordination to help agencies produce and use evidence, strengthens privacy protections for confidential data, and directs government to make secure access to data more available to generate evidence. In a statement to Congress last year, EPIC expressed support for the findings of the Commission on Evidence-Based Policymaking — Congress established the Commission to study how data across the federal government could be combined to improve public policy while protecting privacy. EPIC filed comments with the Commission urging adoption of Privacy Enhancing Techniques, such as anonymization, that minimize or eliminate the collection of personal data. The National Academies of Sciences released a report last year that examined how disparate federal data sources can be used for policy research while protecting privacy.
The D.C. Attorney General filed a complaint against Facebook under the D.C. Consumer Protection Procedures Act, making D.C. the first U.S. jurisdiction to take action against the company for the mishandling of user data that led to Cambridge Analytica. The AG's complaint alleges that Facebook failed to monitor third-party use of personal data and failed to ensure users’ data was deleted. The D.C. lawsuit seeks financial penalties, and an injunction to ensure Facebook puts in place protocols and safeguards to protect users’ data and easier for users to control their privacy settings. AG Karl Racine said: “Facebook put users at risk of manipulation by allowing companies like Cambridge Analytica and other third-party applications to collect personal data without users’ permission. Today’s lawsuit is about making Facebook live up to its promise to protect its users’ privacy.” EPIC filed a D.C. Consumer Protection Procedures Act lawsuitchallenging the unlawful collection, use, and disclosure of personal location data by AccuWeather through its mobile iOS app.
A New York Times investigation revealed that Facebook had deals with companies giving them access to personal data without meaningful user consent. These companies include Amazon, Sony, Microsoft, Yahoo, Spotify, and Netflix, as well as two companies considered security threats to the U.S.: Chinese smartphone manufacturer Huawei and Russian search engine Yandex. The deals Facebook made gave companies broad access to user data, including the the ability to read users’ private messages and access friend lists. EPIC and several consumer privacy organizations helped establish the 2011 consent order against Facebook, following a public campaign, and extensive complaints in 2009 and 2010. In March 2018, the FTC said it would reopen the Facebook investigation, but there is still no report, no findings and no fine. In response to EPIC's Freedom of Information Act lawsuit, the FTC has released agency emails about the 2011 Facebook Consent Order. Several related EPIC complaints regarding Facebook are also pending at the FTC, including facial recognition.
