EPIC has submitted extensive comments on proposed guidance for Data Protection Impact Assessments. The new European Union privacy law - the "GDPR" — requires organizations to carefully assess the collection and use of personal data. In comments to UK privacy commissioner, EPIC said that disclosure of the technique for decision making is a core requirement for Data Protection Impact Assessments. EPIC supports "Algorithmic Transparency". EPIC has pursued criminal justice FOIA cases, and FTC consumer consumer complaints to promote transparency and accountability. EPIC has warned Congress of the risks of "citizen scoring."