Recent Updates

The Consumer Financial Protection Bureau has published new guidance warning financial institutions that they must provide “specific and accurate reasons” for credit application denials even when relying on “complex algorithms”—and that failing to do so violates the anti-discrimination requirements of the Equal Credit Opportunity Act. “The law gives every applicant the right to a specific … Continued

By Sara Geoghegan, EPIC Law Fellow On May 19, the Federal Trade Commission unanimously voted to approve a Children’s Online Privacy Protection Act (COPPA) policy statement that warns against surveillance as a condition of accessing educational tools. The statement explains that “Children should not have to needlessly hand over their data and forfeit their privacy … Continued

An American Civil Liberties Union (ACLU) report last year on the “Identity Crisis” posed by a shift to digital IDs pointed out a slew of potential threats to privacy that should be considered, including police access to people’s phones, user control over data, and even longer-term issues like potential expansions in the information contained or … Continued

John Davisson, director of litigation and senior counsel for the Electronic Privacy Information Center, called the issue “a regulatory failure, pure and simple.” But he said he’s encouraged by the Federal Trade Commission recently warning edtech vendors about their obligations to protect children’s privacy. Last week, the FTC announced plans to crack down on companies illegally surveilling … Continued

Yesterday, President Biden signed an executive order with the aim to reform law enforcement. The executive order directs the Equitable Data Working Group to create a Working Group on Criminal Justice Statistics to consult with civil rights and data privacy organizations and to report on law enforcement data practices and use of surveillance tools. Also … Continued

The Federal Trade Commission has ordered Twitter to pay a $150 million penalty for violating its 2011 Consent Order and to cease profiting from deceptively collected data. According to the complaint filed yesterday by the Department of Justice, from at least 2013 to 2019, Twitter asked users to provide a phone number or email address … Continued

EPIC joined the Leadership Conference on Civil and Human Rights, the Lawyers’ Committee for Civil Rights Under Law, and 56 groups on a letter urging Congressional leadership to pass comprehensive consumer privacy legislation this session that prohibits data-driven discrimination and ensure that everyone has the right to equal opportunity on the internet. “Privacy rights are … Continued

“The goal at the commission is to get companies that market software and systems that are used in the classroom to wake up and realize that there are potentially significant penalties around the corner if they don’t comply with the provisions of COPPA,” said John Davisson, director of litigation and senior counsel at the Electronic Privacy … Continued

Post-graduation plans: Moving to Washington, D.C. to start a legal fellowship with the Electronic Privacy Information Center (EPIC) to combat A.I. bias in government benefits programs. Favorite HLS class: This is a tough one, but I’d say two classes tie for my favorite HLS class: Governing Digital Technologies or Administrative Law. Governing Digital Technologies was the first … Continued

A federal appeals court has ruled that the Los Angeles Department of Transportation may track e-scooter rides throughout the city without a warrant. The case hinged on whether people who ride e-scooters have a reasonable expectation in privacy in the location data generated by the scooters, which is then collected by the e-scooter company and … Continued

In a public letter signed by Access Now, Mijente, Electronic Privacy Information Center, and others, the groups said that “AWS is directly facilitating the creation of an invasive biometrics database that will supercharge surveillance and deportation, risking human rights violations.” The letter to AWS CEO Adam Selipsky notes that the technology could be used for … Continued

EPIC and a coalition of 38 organizations sent a letter to Adam Selipsky, Chief Executive Officer of Amazon Web Services, calling on the company to “end its agreement to host HART.” The DHS HART database is currently under construction and once finalized “will be the largest biometric database in the U.S., initially holding and sharing … Continued

In comments on the Federal Reserve’s January 2022 discussion paper, “The U.S. Dollar in the Age of Digital Transformation,” EPIC urged the Fed to take a careful approach to designing and implementing a central bank digital currency (CBDC) that prioritizes privacy and does not repeat or exacerbate the privacy invasions in the current digital payments … Continued

EPIC was pleased to today present the EPIC International Privacy Champion Award to Forbrukerrådet (the Norweigian Consumer Council) for its outstanding and influential work crafting substantive reports on the scope and impact of surveillance advertising and online data collection. Forbrukerrådet’s reports have played a prominent role in driving surveillance advertising and online data collection reform globally … Continued

EPIC signed onto a coalition letter urging Congress to increase the FTC’s budget so that the agency has the resources it needs to fulfill its mandate to protect consumers and promote competition. EPIC has previously encouraged Congress to provide the FTC funding to strengthen the agency’s power to halt discriminatory and abusive data practices. EPIC … Continued

The Federal Trade Commission today unanimously approved a policy statement that prioritizes enforcement of the Children’s Online Privacy Protection Act (COPPA) against education technology providers and warns companies not to make surveillance a condition of accessing educational tools. The use of edtech expanded dramatically during the COVID-19 pandemic. “Children should not have to needlessly hand … Continued

Alan Butler, the executive director and president of the Electronic Privacy Information Center (EPIC), a nonprofit research center based in Washington, D.C., agrees with Dixon.  “Typically, apps that individuals might use to track fertility or for other personal health uses that are not billed as part of a medical service, which most of them are … Continued

COPPA requires certain websites, apps, and online services that are child-oriented (including digital assets that may be attractive to children) or knowingly collect the personal information of children to notify and obtain the consent of a child’s parent or legal guardian before collecting, using, or disclosing personal information from children under 13. Last year, the FTC … Continued

In a letter to Federal Trade Commission (FTC), Senators Ron Wyden, Ed Markey, Alex Padilla, and Cory Booker urged Chair Lina Khan to “investigate evidence of deceptive statements made by ID.me — a provider of identity verification services widely used by federal and state government agencies — about its use of facial recognition.” The Senators … Continued

Alan Butler, the executive director and president of the Electronic Privacy Information Center (EPIC), a nonprofit research center based in Washington, D.C., agrees with Dixon.  “Typically, apps that individuals might use to track fertility or for other personal health uses that are not billed as part of a medical service, which most of them are … Continued

EPIC and a coalition of twelve organizations led by the National Consumer Law Center (NCLC) urged the Federal Communications Commission (FCC) to restrict how the Department of Health and Human Services (HHS) can use automated texts and prerecorded voice calls to remind consumers about enrollment in health insurance programs. The Telephone Consumer Protection Act (TCPA) … Continued

Privacy Rulemaking. The Biden Administration has encouraged the FTC to establish rules on “corporate surveillance” and the accumulation of data.  In late 2021, the FTC officially announced interest in crafting a trade regulation rule under Section 18 of the FTC Act “to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result … Continued

The greatest benefit of these documents, said Ben Winters with the Electronic Privacy Information Center, is that it tells companies that the DOJ and EOCC are paying attention and articulating the sort of responsibility that companies have, including liability for discrimination wrought by the software of a third-party vendor. “It puts employers on notice that … Continued

EPIC Executive Director Alan Butler joined Wisconsin Public Radio to discuss the risks in a post-Roe America posed by the lack of a U.S. privacy law. Listen here.

As part of an effort to understand and respond to disability discrimination facilitated by algorithms, the Equal Employment Opportunity Commission (EEOC) and the Department of Justice Civil Rights (DOJ) both released documents today offering guidance to employers to promote compliance with civil rights laws. The EEOC’s technical guidance document, “The Americans with Disabilities Act and … Continued

EPIC and a coalition led by Fight For the Future called on videoconferencing company Zoom to halt plans to develop and incorporate emotion tracking software into its platform. The software claims to be able to identify the emotions an individual is experiencing based on their face and voice. The coalition argued that emotion recognition is harmful because it is … Continued

The U.S. Senate has confirmed Professor Alvaro Bedoya to the Federal Trade Commission. President Biden nominated Bedoya, the founding director of the Georgetown Center on Privacy & Technology, to serve as member of the FTC last year. EPIC and coalition of organizations called for Bedoya to be confirmed in November. As a legal scholar and advocate, Bedoya has exposed the harms … Continued

Connecticut Governor Ned Lamont signed the Connecticut Data Privacy Act today, making Connecticut the fifth state since 2018 to enact a consumer data privacy law. Connecticut’s law will allow residents of that state to opt-out of the processing of their personal data for purposes of (1) targeted advertising; (2) the sale of personal data; and … Continued

The Senate Commerce Committee today advanced S. 4145, the Consumer Protection Remedies Act of 2022, filed by Senator Maria Cantwell. The bill explicitly authorizes the Federal Trade Commission to seek monetary relief for injured consumers in federal court and to require bad actors to return money obtained through illegal actions. The amendment to the FTC … Continued

More than 25 human and digital rights organizations including the American Civil Liberties Union, Electronic Privacy Information Center and Fight for the Future sent a letter to Zoom demanding the company end any plans to incorporate emotion AI features in its meeting software. Read the full story here.

EPIC Global Privacy Counsel Calli Schroeder was interviewed on Marketplace Tech regarding the settlement in a lawsuit between the ACLU and Clearview AI. Read more here or listen below.

“It raises a flag that the DOJ is going to move towards funding more automation,” said Ben Winters, a lawyer with the rights group the Electronic Privacy Information Center (EPIC), which submitted a cautionary comment to the DOJ. It urged the government to study the “very limited utility of chatbots, the potential dangers of over-reliance, and collateral … Continued

Sen. Ron Johnson, a Republican from Wisconsin and ranking member of the Permanent Subcommittee on Investigations, sent a letter to the Centers for Disease Control seeking further information about the CDC’s tracking of millions of Americans during the pandemic. The letter was sent in response to a recent Vice report that the CDC spent $420,000 … Continued

“It raises a flag that the DOJ is going to move towards funding more automation,” said Ben Winters, a lawyer with the rights group the Electronic Privacy Information Center (EPIC), which submitted a cautionary comment to the DOJ. It urged the government to study the “very limited utility of chatbots, the potential dangers of over-reliance, and collateral … Continued

Megan Iorio, a senior counsel with Electronic Privacy Information Center (EPIC) said the scope of the tracking was alarming: “The most shocking part was the extent to which the CDC was tracking the cell phones of children of native people and of religious groups,” she said. Iorio is concerned at how fast the data collection … Continued

“The settlement is an important win for privacy,” said Jeramie Scott, senior counsel at the nonprofit Electronic Privacy Information Center. Scott added that the agreement would prevent potential harms that could result from letting Clearview provide access to its facial recognition database to private companies and individuals. Read the full story here.

A legal settlement filed in ACLU v. Clearview AI will prohibit Clearview from selling access to its facial recognition database to companies and private individuals. The case was brought under Illinois Biometric Information Privacy Act (BIPA), which allows private right of actions. EPIC previously filed an amicus brief before the 9th Circuit defending an individual’s right to … Continued

EPIC staff urged the California Privacy Protection Agency to adopt strong, privacy-protective regulations under the state’s new data protection law during a series of stakeholder sessions held this week. EPIC Counsel Ben Winters recommended a broad definition of “automated decision making technology” covered by the California Privacy Rights Act and a risk-tiered approach to regulating … Continued

In a worst-case scenario, “even a search for information about a clinic could become illegal under some state laws, or an effort to travel to a clinic with an intent to obtain an abortion,” as Alan Butler, the executive director and president of the Electronic Privacy Information Center, told The Washington Post. Read the full article.

EPIC Senior Counsel Megan Iorio is quoted about how the CDC used location data for COVID research. Read the article at Law360.

Crunching all that data isn’t easy, and law enforcement agencies have plenty of “lower-hanging fruit” to pursue, says Alan Butler, the executive director and president of the Electronic Privacy Information Center. Those more traditional methods include checking credit card records, collecting data from cellphone towers, and talking to friends and family members. But it is … Continued

In a letter to the New Orleans City Council, EPIC and a coalition led by Fight for the Future urged the Councilors not to overturn a 2020 city ordinance banning law enforcement from using facial recognition, most automated license plate reader systems, cell-site simulators, and characteristic tracking software. New Orleans adopted the ordinance after the city police department admitted to hiding … Continued

Crunching all that data isn’t easy, and law enforcement agencies have plenty of “lower-hanging fruit” to pursue, says Alan Butler, the executive director and president of the Electronic Privacy Information Center. Those more traditional methods include checking credit card records, collecting data from cellphone towers, and talking to friends and family members. But it is … Continued

The draft opinion of the U.S. Supreme Court in Dobbs v. Jackson Women’s Health Organization, if adopted, would go against more than 50 years of precedent defending the constitutional right to privacy. Privacy is a fundamental right. The Court has long recognized this right as “implicit in the concept of ordered liberty.” The right to … Continued

EPIC has submitted written feedback for a consultation by the UK Information Commissioner’s Office (ICO) regarding draft guidance on research provisions on the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018). The draft guidance is intended to assist organizations in understanding key terms, evaluating whether research provisions apply … Continued

On April 23, 2022, the European Parliament and EU member states agreed on a political deal regarding the Digital Services Act (DSA). The agreement on the broad topics allows the DSA to move forward with formal adoption by EU co-legislators and publication in the Official Journal of the European Union. The DSA is expected to … Continued

The White House has launched the Declaration for the Future of the Internet. The United States, along with 60 other countries, signed the document, which is a political commitment to advance the following principles: protecting human rights and fundamental freedoms, promoting the free flow of information, advancing inclusive and affordable connectivity, promoting trust by protecting … Continued

In comments for an upcoming meeting of the Privacy and Civil Liberties Oversight Board, EPIC urged the Board to investigate the use of facial recognition, aerial surveillance, fusion centers, and location data purchased from data brokers in domestic terrorism investigations. EPIC also urged the Board to review and critique the classification of “domestic terrorism” as separate from other forms … Continued

The investigative effort has faced pushback from the nonprofit Electronic Privacy Information Center, which sued USPS for failing to put together and publish a formal Privacy Impact Assessment before using social media surveillance tools and facial recognition technology.  EPIC argued that such an assessment is required by a federal law that regulates the government’s use of technology. … Continued

Depending on the specific technology being used, that glimpse of someone’s personality and aptitude might be processed by an algorithm that cobbles together a profile, using indirect cues—such as facial expressions, clothing, or background images—explained Ben Winters, counsel at the Electronic Privacy Information Center. The “software might yield that you are not dependable or not … Continued