Three decisions by the Foreign Intelligence Surveillance Court (FISC) were made public this week. The Court identified serious “compliance and implementation issues” related to the Section 702 ("PRISM") surveillance program. The FISC found that the NSA did not purge personal data as required by minimization procedures, and also that the FBI failed to exclude attorney-client communications. In 2012, EPIC testified before Congress and recommended the publication of FISC opinions to facilitate public oversight.
EPIC has filed an amicus brief urging a federal appeals court to overturn a decision that limits the ability of data breach victims to sue. The plaintiffs sued a payroll company after their Social Security Numbers and other identifying information were exposed. A lower court dismissed the case because fraudulent transactions had not yet occurred. EPIC argued that data breach victims can sue without having to wait for specific damages. EPIC cataloged the epidemic of data breaches in the US, and explained why companies should be liable when they fail to protect the consumer data they collect. EPIC regularly files briefs defending consumer privacy.
The European Parliament finalized a historic reform of EU data protection legislation, which will have legal force in July 2018. "The new General Data Protection Regulation will enable people to regain control of their personal data in the digital age," said Parliament Member Jan Philipp Albrecht. The rules include data breach notification, coordinated enforcement, enhanced penalties, strengthened consent, and new measures to promote privacy innovation. EPIC and EU and US consumer groups have supported the European law, stating that it provides "important new protections for the privacy and security of consumers."
