EPIC has sent demand letters to Oracle and TikTok warning both of their legal obligation to protect the privacy of TikTok users if the companies enter a partnership. Last week, following President Trump's threat to effectively ban TikTok from the United States, Oracle reached a tentative agreement to serve as TikTok's U.S. partner and to "independently process TikTok's U.S. data." But the deal, which would pair one of the largest brokers of personal data with a social network of 800 million users, presents grave privacy and legal risks. "Absent strict privacy safeguards, which to our knowledge Oracle has not established, [the] collection, processing, use, and dissemination of TikTok user data would constitute an unlawful trade practice," EPIC wrote. EPIC warned Oracle and TikTok that unless they "adequately protect the privacy of TikTok users"—for example, by committing not to sell TikTok user data or merge it with Oracle products—EPIC intends to bring a lawsuit against both companies under the D.C. Consumer Protection Procedures Act. EPIC previously used the same law to force AccuWeather to stop deceptively gathering users' location data. EPIC and a coalition of consumer groups recently filed a Federal Trade Commission complaint against TikTok for violating the Children's Online Privacy Protection Act.
The Justice Department, as part of an open government lawsuit brought by EPIC, has released another round of previously unpublished material from the Mueller Report. The newly disclosed passages are listed in the "Redaction" column of a DOJ spreadsheet—though outside of their original context from the Mueller Report. The spreadsheet was originally drafted to answer questions from Judge Reggie B. Walton, who is conducting an "in camera" review of the complete Mueller Report after determining that Attorney General Bill Barr's redactions may have been "self-serving." Among the newly disclosed material is an excerpt from an Internet Research Agency document that describes the Russian government's goal of "spread[ing] distrust towards the candidates and the political system in general" and states that "All the primaries are purchasable." The DOJ previously released new passages from the Mueller Report in June, and the court is expected to decide soon whether additional material must be published. EPIC's Freedom of Information Act case—the first in the nation for the disclosure of the Mueller Report—is EPIC v. DOJ, No. 19-810.
Senators Roger Wicker, John Thune, Marsha Blackburn, and Deb Fischer have introduced the “SAFE DATA Act,” which relies on the outdated notice-and-choice model that allows companies to diminish the rights of consumers and use personal data to benefit the company but not the individual. "Senator Wicker’s SAFE DATA Act allows companies to collect any personal data it pleases as long as it discloses it in its privacy policy,” said EPIC Policy Director Caitriona Fitzgerald. "And it prohibits states from adopting or enforcing any data privacy or data security laws. The SAFE DATA Act is very weak compared to Senator Gillibrand’s Data Protection Act, Senator Brown’s discussion draft, and the Online Privacy Act introduced in the House.” EPIC's recent report on federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline, federal legislation and the creation of a data protection agency.
