EPIC Executive Director Alan Butler testified this week in support of HB 307, the Internet Privacy & Safety Act. The bill includes two key provisions that make a strong privacy bill: (1) data minimization rules limiting the data companies can collect and how they can use and transfer that data and (2) a private right … Continued
Every time you step into a grocery store, you step into a machinery of data that tracks, analyzes, shares, and influences your shopping behavior. Based on shopping history and data shared from data brokers—including internet browsing history and online purchases—grocery stores may infer your age, gender, race, economic status, family makeup, health conditions, or other lifestyle characteristics.
Over the past week, the Trump administration and associates of Elon Musk have escalated their existential attack on the Consumer Financial Protection Bureau (CFPB), effectively shutting down a vital federal agency that protects consumers from harmful business and personal data practices by banks and other financial companies. EPIC condemns this coordinated assault on consumers, which undermines one of the most effective champions for the public interest anywhere in government.
On February 5, a §1983 case alleging violation of the Fourth Amendment for the City of Norfolk’s use of Flock to indiscriminately track residents’ movement around town survived a baseless standing challenge and motion to dismiss for failure to state a claim.
“It is a catastrophic privacy and information security violation for a band of some government and some nongovernment personnel to barge into an agency and take over systems that contain personal information,” said John Davisson, director of litigation at Electronic Privacy Information Center and one of the country’s foremost authorities on the Privacy Act. Breaking … Continued
Civil liberties advocates told The Intercept the program had grave speech implications under the current administration. “While surveillance programs like this under any administration are a concerning privacy and free speech violation and I would fight to stop them, the rhetoric of the Trump administration makes this practice especially terrifying,” said Calli Schroeder, senior counsel … Continued
The lawsuit filed by the Electronic Privacy Information Center and an anonymous federal worker alleges that DOGE has violated the Federal Information Security Modernization Act (FISMA), which requires agencies to deploy protections “commensurate with the risk and magnitude of the harm resulting from unauthorized access [or] use” of information systems. Read more here.
A leading data privacy group is suing the Trump administration’s new Department of Government Efficiency and other federal agencies over what the group claims is “the largest and most consequential data breach in U.S. history.” The Electronic Privacy Information Center seeks to stop DOGE’s collection of data from millions of federal workers and members of … Continued
EPIC, Democracy Forward, and a federal worker filed suit today against the so-called “Department of Government Efficiency” (DOGE) over its illegal seizure of personnel records and payment system data—actions which constitute the largest data breach in American history
In the lawsuit filed in the U.S. District Court in the Eastern District of Virginia, the Electronic Privacy Information Center echoes a slew of lawsuits against Trump and DOGE, claiming they — along with the U.S. Department of the Treasury, the U.S. Digital Service, and the Office of Personnel Management — have perpetrated what it … Continued
Filed by the Irish Council on Civil Liberties and the Washington, DC–based Electronic Privacy Information Center, the complaint takes direct aim at Google’s “Real Time Bidding” (RTB) system that dominates online advertising. RTB, the complaint shows, is blasting out data about people’s health conditions, debts, gambling habits, sexuality, or politics—including “extraordinarily sensitive” material about active … Continued
As world leaders and industry executives prepare for the AI Action Summit in Paris on Feb. 10 and 11, a hundred civil society organizations, including EPIC, call for them to urgently acknowledge the true environmental harms of AI. EPIC has frequently published about the real-world harms of AI, from discrimination to privacy violations to threats to democracy. … Continued
Hype about AI research and development is driving companies to buy people’s data where they otherwise weren’t and, conversely, to sell people’s (including customers’ and users’) data where they otherwise wouldn’t. These practices are harmful already. And their acceleration by the AI craze is poised to rapidly increase data-sharing, -selling, and -monetization threats to privacy in the coming years. This enables the repeat exploitation of people’s data and causes especially pronounced harm to vulnerable people and communities.
On February 4, Google announced an overhaul of the company’s Responsible AI principles. These principles were developed in 2018 in response to outcry against Google’s contract with the Department of Defense on Project Maven at the time. Google did not renew its contract and made commitments not to develop weapons, certain surveillance systems, or technologies … Continued
Trump’s comments came as Musk moved to put the US Agency for International Development (USAID) “into the wood chipper,” as the billionaire put it on his social media site, and his Department of Government Efficiency (DOGE) gained access to the Treasury Department’s payment system, alarming legal and security experts. “It’s an absolute nightmare,” as Alan … Continued
Alan Butler, a lawyer and executive director of the Electronic Privacy Information Center, argues that DOGE’s access likely constitutes an egregious violation of the Privacy Act, which prohibits unauthorized disclosures of personal data. “It’s very clear that DOGE has more than just access,” Butler says, citing Musk’s recent posts on X highlighting records of specific … Continued
“Trying to decimate federal expenditures by stopping payments that have been approved by other federal agencies would not be a routine, permissible use,” John Davisson, the director of litigation at the Electronic Privacy Information Center and who is not involved in the lawsuit, said in an interview. Read more here.
The Electronic Privacy Information Center (EPIC) is likewise unimpressed overall with state efforts on data privacy. In its recent “State of the Privacy” report, EPIC said new state laws, “…fail to protect consumers.” Of the 19 states that have passed consumer privacy legislation packages, nearly half got F grades from EPIC; only California got a … Continued
Days ago, the Department of Government Efficiency (DOGE)—an organization led by Elon Musk that advises President Trump—directed the Treasury Department and Office of Personnel Management to disclose their vast stores of personal information to unauthorized individuals. This included “full access” to the government’s critical payment systems, which contains sensitive personal information of millions of Americans … Continued
John Davisson, senior counsel at the Electronic Privacy Information Center, cheered news of the current investigation. “It’s encouraging to see the CFPB scrutinizing Meta’s advertising practices — especially with respect to financial products,” he said, adding that consumers’ financial data can be particularly sensitive. Read more here.
Legal and security experts are particularly exercised by Musk’s move to shutter the U.S. Agency for International Development and take control of the Treasury Department’s central payments database. “The scale here is unprecedented in terms of the risk to sensitive personal and financial information,” said Alan Butler of the Electronic Privacy Information Center. “It’s an … Continued
The Electronic Privacy Information Center (EPIC), a legal and constitutional watchdog group, was marshaling legal resources to fight DOGE’s accessing of the Treasury and OPM systems on Monday. “We haven’t made any decisions yet, but we’re looking at many pieces of this, and what the legal implications are,” John Davisson, EPIC’s director of litigation, told … Continued
On February 3, EPIC joined over 26 civil society organizations in demanding that Congress re-double its oversight activities to ensure that the Privacy and Civil Liberties Oversight Board (PCLOB) retains its independence and continues its work free from White House interference.
On the one hand, the decisions give new freedom to insurance companies, agencies, quote-comparison sites and others that engage in telemarketing and robocalls to reach out to consumers. On the other hand, the action is likely to mean an uptick in annoying telemarketing calls to small businesses, including insurance agencies, that may want to keep … Continued
On January 23, 2025, President Trump signed an executive order overturning the Biden Executive Order on safe AI development and use and calling on agencies to undo any policies or procedures complying with the order. This move is emblematic of the all-gas, no-brakes approach to AI supported by the tech leaders close to the President. … Continued
Jeramie Scott, Senior Counsel at EPIC and Director of EPIC’s Project on Surveillance Oversight, will testify today at a Maryland Senate Judicial Proceedings hearing on Maryland Senate Bill 0381.
Williams’s presentation urged lawmakers to prohibit algorithmic discrimination, ensure their legislation contains broad definitions without loopholes, and include robust enforcement mechanisms, including a private right of action.
On January 17, 2025, EPIC offered video testimony during the Federal Trade Commission’s hearing on its Rule on Impersonation of Government, Businesses, and Individuals.
EPIC, joined by the Center for Democracy and Technology, Electronic Frontier Foundation, Privacy Rights Clearinghouse, and Public Knowledge filed amicus briefs earlier this month in support of the Federal Communications Commission’s enforcement actions against T-Mobile and Sprint, challenged in the D.C. Circuit, and against Verizon, challenged in the Second Circuit. These enforcement actions were long-awaited … Continued
On January 24, 2025, the Eleventh Circuit vacated the Federal Communications Commission’s Rule requiring individualized consent to send consumers robocalls.
Russian hackers posted on the dark web in early January with a news-making claim: they had breached notorious location data broker Gravy Analytics. On top of leaking a sample of phone pings in the White House, the Kremlin, and Vatican City, the hackers revealed another troubling possibility: the broker extracting data from a host of pregnancy and reproductive health apps.
EPIC calls on the White House to immediately nominate a Chair and full bipartisan slate of Board Members, subject to the advice and consent of the Senate and consultation with Congressional leadership as required by the law. EPIC also calls on members of the Senate Judiciary and Intelligence Committees to hold consideration of other Intelligence Community nominations until the PCLOB Member nominations have been submitted.
However, other privacy experts argue that DeepSeek’s data collection policies are no worse than those of its American competitors—and worry that the company’s rise will be used as an excuse by those firms to call for deregulation. In this way, the rhetorical battle over the dangers of DeepSeek is playing out on similar lines as … Continued
Washington Representative Shelley Kloba has introduced the People’s Privacy Act, a strong bill that includes meaningful privacy protections to protect Washingtonians.
Nearly half of states that have passed consumer privacy laws get a failing grade for protecting consumers’ data, according to The State of Privacy, an updated scorecard from the Electronic Privacy Information Center (EPIC) and U.S. PIRG Education Fund. Of the 19 states with laws, eight received Fs, and none received an A.
In a hearing yesterday on NetChoice’s second motion for a preliminary injunction against California’s Age-Appropriate Design Code (CAADC), Judge Beth Labson Freeman appeared far more skeptical of the trade association’s First Amendment arguments than the first time she ruled on the constitutionality of the law.
The board requires at least three members to perform its oversight duties. Experts are concerned that if the ousted members are not quickly replaced, it could affect the ability of the data privacy framework to function. “A non-functioning PCLOB could undermine the Framework’s functioning and thus its adequacy and cause real headaches for companies like … Continued
Last night, the U.S. District Court for the Eastern District of New York held that warrantless queries of Americans’ communications collected under Section 702 of the Foreign Intelligence Surveillance Act violated the Fourth Amendment. This landmark decision is a critical victory against warrantless surveillance of Americans.
Mr. Trump and his allies have been harshly critical of F.B.I. and spy agency power, and the Privacy and Civil Liberties Board has sometimes been aligned with that point of view. In 2023, its Democratic members annoyed the Biden White House by recommending that Congress require the F.B.I. to get court orders before looking for Americans’ private … Continued
We need protections from all tech companies, not just TikTok, and we can only achieve that through a strong, comprehensive federal privacy law, vigorous antitrust enforcement, and other regulatory measures that apply to all companies exploiting our personal data. But overexpansive First Amendment interpretations pushed by the tech industry are a dangerous obstacle to the types of laws necessary to truly protect Americans’ privacy rights. In taking a more cautious First Amendment stance, the Supreme Court signaled the general viability of privacy and online safety laws.
On January 16, 2025, FCC Chairwoman Rosenworcel released a Declaratory Ruling and Notice of Proposed Rulemaking (NPRM) “Protecting the Nation’s Communications Systems from Cybersecurity Threats”,
Numerous Massachsuetts legislators introduced strong comprehensive privacy bills this week. Representative Tricia Farley-Bouvier introduced HD2135, the Massachusetts Consumer Data Privacy Act. The legislation is based on EPIC and Consumer Reports’ model state privacy bill. It builds on existing state laws and includes data minimization provisions that meaningfully limit the collection and use of personal data. … Continued
While the law is still based on the industry-favored Connecticut Data Privacy Act, New Jersey legislators closed some loopholes and granted limited rulemaking authority to the state’s Attorney General
Today, January 16, 2025, the Federal Trade Commission referred a complaint against Snap, Inc. to the Department of Justice over concerns that Snap’s “My AI” chatbot poses a risk of harm to children. The FTC explained that its investigation “uncovered reason to believe Snap is violating or is about to violate the law.” It did … Continued
The Electronic Privacy Information Center (EPIC) applauds today’s action by the Federal Trade Commission to strengthen and modernize the Children’s Online Privacy Protection Rule. Approved by a unanimous 5-0 vote, the updated COPPA Rule illustrates the Commission’s strong, bipartisan commitment to protecting kids’ privacy and safety online.
Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by EPIC and Enforce. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.
The FTC announced the January hearing date in December 2024. The purpose of the hearing is to address amending the existing rule to include an individual impersonation ban and allow interested parties an opportunity to provide oral statements. There are nine parties participating in the hearing, including: the Abundance Institute, Andreesen Horowitz, the Consumer Technology … Continued
EPIC joined the Brennan Center, Demand Progress, and the Surveillance Technology Oversight Project in comments to the National Telecommunications and Information Administration (NTIA) regarding “Ethical Guidelines for Research Using Pervasive Data.”