In comments to the Irish Data Protection Commission, EPIC proposed guidance for Data Protection Impact Assessments. The EU General Data Protection Regulation requires organizations to carefully assess the collection and use of personal data. EPIC explained that Data Protection Impact Assessments require the disclosure of the reason for the processing of personal data. EPIC also urged the Irish Privacy Commission to protect individuals against profiling and tracking by minimizing the collection of sensitive data. EPIC supports "Algorithmic Transparency" and brought FTC consumer complaints to promote accountability over secret algorithms. EPIC has also advised the UK Information Commissioner's Office on Data Protection Impact Assessments and GDPR implementation.