• Defend Privacy. Support EPIC.

    Defend Privacy. Support EPIC.

    EPIC is on the front lines of the major privacy and civil liberties debates. In 2019, EPIC will work to protect democratic institutions, promote algorithmic transparency, and defend the right to privacy. We need your support. And EPIC is a top-rated non-profit - Charity Navigator (Four Star) and Guidestar (Gold). Please donate to EPIC today.

    Defend Privacy. Support EPIC. »

Top News

Equifax Breach "Entirely Preventable": House Oversight Committee

In a report released today, the House Committee on Oversight declared that the Equifax breach, which affected 148 million U.S. consumers, was "entirely preventable." The breach, one of the largest in U.S. history, compromised the authenticating details, including dates of birth and social security numbers, of more than half of American consumers. The House report concluded that Equifax "failed to fully appreciate and mitigate" the cybersecurity risks and placed corporate growth over data security. Despite several agencies, such as the CFPB and the FTC, pledging to take action against Equifax, none have done so. The House Committee recommended that Equifax "provide more transparency to consumers" about data use and security practices and reduce the use of social security numbers as identifiers, longstanding priorities of EPIC. Following the Equifax data breach in 2017, EPIC President Marc Rotenberg testified before the Senate Banking Committee and recommended free credit freezes and other consumer safeguards to mitigate the risk of identity theft.


In Facebook Case, Ninth Circuit Ignores Privacy Risks of Visits to Healthcare Websites

In a surprisingly brief opinion, the Ninth Circuit has upheld a decision to dismiss a privacy suit against Facebook concerning the collection of sensitive medical data. In Smith v. Facebook, users alleged that the company tracked their visits to healthcare websites, in violation of the websites' explicit privacy policies. In a little less than five pages, the Ninth Circuit decided that Facebook was not bound by the promises made not to disclose users' data to Facebook because Facebook has a provision, buried deep in its own policy, that allows Facebook to secretly collect such data. The court actually wrote that searches for medical information are not sensitive because the "data show only that Plaintiffs searched and viewed publicly available health information..." EPIC filed an amicus brief in the case, arguing that "consent is not an acid rinse that dissolves common sense." In 2011 Facebook settled charges with the FTC that it routinely changed the privacy settings of users to obtain sensitive personal data. The consent order resulted from detailed complaints brought by EPIC and several other consumer organizations.


EPIC to DHS Privacy Advisory Committee: End Facial Recognition

In response to a public notice by the Data Privacy and Integrity Advisory Committee, EPIC submitted comments urging the CBP to halt implementation of the biometric border program. EPIC stressed the need for federal regulation to safeguard privacy and prevent the misuse of facial recognition technology. EPIC called for a public rulemaking for the federal entry/exit program. EPIC also criticized the Committee's draft recommendations for facial recognition. EPIC said that the transfer of personal data from the State Department to the CBP was unlawful and that the opt-opt procedures were ignored in practice. Documents EPIC previously obtained in a FOIA lawsuit against CBP revealed that facial scanning did not perform operational matching at a "satisfactory" level.


EPIC Celebrates 70th Anniversary of UDHR »

Facebook Documents Raise New Questions About Consent Order Compliance »

Senator Markey Insists on Privacy, Safety for Self-Driving Vehicles »

EPIC Urges European Commission to Address Security Risks of Connected Cars »

EPIC Supports Extension of Children's Privacy Reporting Requirements »

Trump-Russia Records at Issue in Mueller Probe, EPIC v. IRS »

EPIC news Archive »

EPIC's Work

Open Government image

Open Government »

EPIC v. FTC: Seeking disclosure of Facebook assessments, reports, and related records required by the 2012 FTC Consent Order.

Appellate Advocacy image

Appellate Advocacy »

In re: OPM Data Security Breach Litigation: Whether the government's failure to safeguard sensitive personal data from a breach violated individuals' constitutional right to informational privacy and caused a cognizable injury under Article III.

US Capitol

EPIC Policy Project »

EPIC provides expertise to shape strong privacy and open government laws at both the state and federal level.

PrivacyNow!

Privacy Campaigns »

EPIC has launched a new project promoting PrivacyNow!, including updates to U.S. privacy laws.