Assessing the Assessments
The unchecked collection of personal data and use of automated decision systems threaten our privacy and civil rights. Robust risk assessments are a way to ensure the transparency and accountability of the businesses that process our data.
On June 25, 2025, EPIC published Assessing the Assessments: Maximizing the Effectiveness of Algorithmic & Privacy Risk Assessments. The report lays out the ideal elements of a risk assessment framework and engages with the California Privacy Protection Agency (CPPA)’s development of risk assessment rules under the California Consumer Privacy Act. It is the culmination of EPIC’s project launched in 2023, with the support of the Rose Foundation, to ensure that risk assessments are as effective as possible at protecting consumer rights.
The report illustrates the privacy harms that result from the unchecked collection of personal data, including in behavioral advertising and surveillance pricing, as well as the opaque deployment of automated decision systems in employment, healthcare, law enforcement, housing, and education. These systems can have a profound impact on consumers’ lives, even as consumers are kept in the dark about how such systems make decisions, whether those decisions are fair and accurate, and how to challenge erroneous outcomes.
Risk assessments are a critical way to make businesses show their work and ensure that their data practices are not putting consumers at risk. The report lays out the components of an ideal risk assessment framework that would provide transparency and accountability for consumers and an analysis of California’s proposed regulations on automated decision systems and risk assessments.
Risks and Risk Assessments Panel Discussion
On June 16, EPIC hosted a panel discussion, Risks and Risk Assessments: Reporting Out on California’s Proposed AI & Privacy Regulations. EPIC Senior Counsel Sara Geoghegan moderated the virtual discussion panel featuring Consumer Federation of America’s Ben Winters, TechEquity’s Swati Chintala, Eticas.ai’s Dr. Gemma Galdón-Clavell, and EPIC Law Fellow Mayu Tobin-Miyaji. The panelists discussed how effective risk assessments can address the harms from unchecked collection of personal data and automated decision systems, California’s risk assessment rulemaking process, and other regulatory frameworks and tools that will strengthen consumer privacy.