Our Work

Digital Library

Sort By

Judge in California Age-Appropriate Design Code Case Gets the First Amendment Wrong—Again

March 14, 2025

Yesterday, a federal judge issued a second preliminary injunction against California’s Age-Appropriate Design Code (“CAADC”). The judge's First Amendment analysis flouted directions from the Ninth Circuit and the Supreme Court to more critically examine Big Tech’s demands for broad relief from regulation. The decision erroneously questions the constitutionality of every law giving kids special protections online—including the long-standing Children’s Online Privacy Protection Act (“COPPA”).
- Age Assurance
- Children's Privacy
- Data Protection
- Platform Accountability & Governance
- Platform Governance Laws & Regulations
- Privacy Laws
- The First Amendment
- U.S. State Privacy Laws
- Analysis
In Hearing, Judge Seemed Torn on NetChoice’s Renewed First Amendment Attack on California’s Age-Appropriate Design Code

January 24, 2025

In a hearing yesterday on NetChoice’s second motion for a preliminary injunction against California’s Age-Appropriate Design Code (CAADC), Judge Beth Labson Freeman appeared far more skeptical of the trade association’s First Amendment arguments than the first time she ruled on the constitutionality of the law.
- Age Assurance
- Platform Accountability & Governance
- Platform Governance Laws & Regulations
- Privacy Laws
- Section 230
- The First Amendment
- U.S. State Privacy Laws
- Analysis
The State Data Privacy Act: A Proposed Model State Privacy Bill

September 25, 2024

In our State Data Privacy Act, we set forth a compromise bill built on existing state laws that meaningfully protects privacy while encouraging innovation.
- Consumer Privacy
- Data Minimization
- Privacy Laws
- U.S. State Privacy Laws
- Analysis
Update: Tracking of Real Algorithmic Harms in California as CCPA Enforcement Begins

August 8, 2024

As part of our project Assessing the Assessments—supported by the Rose Foundation—EPIC has continued to track instances of specific AI harms to consumers relevant to enforcement of the California Consumer Privacy Act. These examples are listed below with the setting and application of the system, a real illustration of the harm that occurred, and what types of harm are done to consumers. EPIC has previously tracked these types of harms under its ongoing Assessing the Assessments project and will continue to track them in the future.
- Artificial Intelligence and Human Rights
- Commercial AI Use
- Consumer Privacy
- Privacy Laws
- U.S. State Privacy Laws
- Analysis
Far From a Punt, SCOTUS’s NetChoice Decision Crushes Big Tech’s Big Litigation Dreams

July 16, 2024

The Supreme Court's decision in the NetChoice cases is a huge blow to Big Tech’s litigation strategy of requesting the broadest possible relief from regulation based on nothing more than vibes.
- Children's Privacy
- Data Protection
- Platform Accountability & Governance
- Platform Governance Laws & Regulations
- Privacy Laws
- The First Amendment
- U.S. State Privacy Laws
- Analysis
Data minimization is the key to a meaningful privacy law

May 9, 2024

This is the sixth blog post in EPIC’s series on Data Minimization. We have previously discussed data minimization as a framework to curb harmful commercial surveillance practices, harms that stem from out of context secondary data uses, data minimization as a pillar of data security, data minimization as a tool to protect health data privacy, and data minimization as a way to regulate surveillance advertising. This post discusses existing data minimization rules in state and federal laws.
- Consumer Privacy
- Data Brokers
- Data Minimization
- Privacy Laws
- U.S. Privacy Laws
- U.S. State Privacy Laws
- Analysis
Congress Re-enters the Debate on Data Minimization with APRA

April 9, 2024

This week a new federal privacy bill, the American Privacy Rights Act of 2024, was announced by Senate Commerce Committee Chair Maria Cantwell (D-WA) and House Energy and Commerce Committee Chair Cathy McMorris-Rodgers (R-WA).
- Consumer Privacy
- Data Minimization
- Privacy Laws
- Proposed U.S. Legislation
- U.S. State Privacy Laws
- Analysis
Alive and Kicking: Washington State’s My Health My Data Act Goes into Effect Today

April 1, 2024

Today Washington State’s landmark My Health My Data Act (MHMD) goes into effect, marking a new chapter in state regulation of health data. In an age where more and more of our health-related data is being managed through apps, devices, and online services, MHMD imposes strict privacy obligations on companies and creates a private right of action to bolster enforcement.
- Cybersecurity
- Data Protection
- Data Security
- Health and Reproductive Privacy
- Privacy Laws
- U.S. State Privacy Laws
- Analysis
NetChoice v. Bonta: An exacting level of scrutiny no privacy law could survive

January 15, 2024

The AADC should have passed First Amendment scrutiny. But the judge in Bonta said that none of its challenged provisions did. Whatever test the judge applied is a poor fit for assessing the speech interests at issue in the case.
- Children's Privacy
- Data Protection
- Privacy Laws
- Proposed U.S. Legislation
- U.S. State Privacy Laws
- Analysis
Tracking Real Algorithmic Harms in California as CCPA Obligations Near

October 31, 2023

As part of our project Assessing the Assessments—supported by the Rose Foundation—EPIC will endeavor to track instances of specific AI harms relevant to enforcement of the California Consumer Privacy Act. These instances are listed below with the setting and application of the system, a real example of that harm happening, and what types of harm are done.
- Artificial Intelligence and Human Rights
- Commercial AI Use
- Consumer Privacy
- U.S. State Privacy Laws
- Analysis

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.

Donate