Recent Updates

  • CFPB Requires Firms to Protect Consumers from Black-Box Algorithmic Credit Models
    The Consumer Financial Protection Bureau has published new guidance warning financial institutions that they must provide “specific and accurate reasons” for credit application denials even when relying on “complex algorithms”—and that failing to do so violates the anti-discrimination requirements of the Equal Credit Opportunity Act. “The law gives every applicant the right to a specific … Continued
  • Schoolwork Without Surveillance: The FTC’s Crackdown on Ed Tech Privacy Abuses
    By Sara Geoghegan, EPIC Law Fellow On May 19, the Federal Trade Commission unanimously voted to approve a Children’s Online Privacy Protection Act (COPPA) policy statement that warns against surveillance as a condition of accessing educational tools. The statement explains that “Children should not have to needlessly hand over their data and forfeit their privacy … Continued
  • Verge: Apple’s digital state ID cards are now available for Maryland residents
    An American Civil Liberties Union (ACLU) report last year on the “Identity Crisis” posed by a shift to digital IDs pointed out a slew of potential threats to privacy that should be considered, including police access to people’s phones, user control over data, and even longer-term issues like potential expansions in the information contained or … Continued
  • News Channel 2: Virtual learning apps tracked and shared kids’ data and online activities with advertisers, report says
    John Davisson, director of litigation and senior counsel for the Electronic Privacy Information Center, called the issue “a regulatory failure, pure and simple.” But he said he’s encouraged by the Federal Trade Commission recently warning edtech vendors about their obligations to protect children’s privacy. Last week, the FTC announced plans to crack down on companies illegally surveilling … Continued
  • President Biden Signs Executive Order Requiring Scrutiny of Police Surveillance Tools
    Yesterday, President Biden signed an executive order with the aim to reform law enforcement. The executive order directs the Equitable Data Working Group to create a Working Group on Criminal Justice Statistics to consult with civil rights and data privacy organizations and to report on law enforcement data practices and use of surveillance tools. Also … Continued
  • FTC Penalizes Twitter for Deceptively Using User Data
    The Federal Trade Commission has ordered Twitter to pay a $150 million penalty for violating its 2011 Consent Order and to cease profiting from deceptively collected data. According to the complaint filed yesterday by the Department of Justice, from at least 2013 to 2019, Twitter asked users to provide a phone number or email address … Continued
  • EPIC, Coalition Call on Congressional Leaders to Pass Privacy and Civil Rights Law
    EPIC joined the Leadership Conference on Civil and Human Rights, the Lawyers’ Committee for Civil Rights Under Law, and 56 groups on a letter urging Congressional leadership to pass comprehensive consumer privacy legislation this session that prohibits data-driven discrimination and ensure that everyone has the right to equal opportunity on the internet. “Privacy rights are … Continued
  • ED WEEK: Federal Trade Commission Issues Warning to Ed-Tech Companies on Student Data Privacy
    “The goal at the commission is to get companies that market software and systems that are used in the classroom to wake up and realize that there are potentially significant penalties around the corner if they don’t comply with the provisions of COPPA,” said John Davisson, director of litigation and senior counsel at the Electronic Privacy … Continued
  • Harvard Law Today: Who are you, ’22?
    Post-graduation plans: Moving to Washington, D.C. to start a legal fellowship with the Electronic Privacy Information Center (EPIC) to combat A.I. bias in government benefits programs. Favorite HLS class: This is a tough one, but I’d say two classes tie for my favorite HLS class: Governing Digital Technologies or Administrative Law. Governing Digital Technologies was the first … Continued
  • Ninth Circuit Okays Los Angeles Program Tracking E-Scooter Riders’ Location
    A federal appeals court has ruled that the Los Angeles Department of Transportation may track e-scooter rides throughout the city without a warrant. The case hinged on whether people who ride e-scooters have a reasonable expectation in privacy in the location data generated by the scooters, which is then collected by the e-scooter company and … Continued
  • Data Center Dynamics: Human rights groups call on AWS to stop hosting massive DHS biometric surveillance system
    In a public letter signed by Access Now, Mijente, Electronic Privacy Information Center, and others, the groups said that “AWS is directly facilitating the creation of an invasive biometrics database that will supercharge surveillance and deportation, risking human rights violations.” The letter to AWS CEO Adam Selipsky notes that the technology could be used for … Continued
  • EPIC, Coalition Urge Amazon Not to Host Massive DHS Biometric Database
    EPIC and a coalition of 38 organizations sent a letter to Adam Selipsky, Chief Executive Officer of Amazon Web Services, calling on the company to “end its agreement to host HART.” The DHS HART database is currently under construction and once finalized “will be the largest biometric database in the U.S., initially holding and sharing … Continued
  • EPIC Urges Federal Reserve to Prioritize Privacy If Designing a Central Bank Digital Currency
    In comments on the Federal Reserve’s January 2022 discussion paper, “The U.S. Dollar in the Age of Digital Transformation,” EPIC urged the Fed to take a careful approach to designing and implementing a central bank digital currency (CBDC) that prioritizes privacy and does not repeat or exacerbate the privacy invasions in the current digital payments … Continued
  • EPIC Awards Forbrukerrådet with EPIC International Champion of Freedom Award
    EPIC was pleased to today present the EPIC International Privacy Champion Award to Forbrukerrådet (the Norweigian Consumer Council) for its outstanding and influential work crafting substantive reports on the scope and impact of surveillance advertising and online data collection. Forbrukerrådet’s reports have played a prominent role in driving surveillance advertising and online data collection reform globally … Continued
  • EPIC Joins Call For Congress to Boost FTC Funding
    EPIC signed onto a coalition letter urging Congress to increase the FTC’s budget so that the agency has the resources it needs to fulfill its mandate to protect consumers and promote competition. EPIC has previously encouraged Congress to provide the FTC funding to strengthen the agency’s power to halt discriminatory and abusive data practices. EPIC … Continued
  • As FTC Warns EdTech Providers Against Student Surveillance, EPIC Urges Further Action
    The Federal Trade Commission today unanimously approved a policy statement that prioritizes enforcement of the Children’s Online Privacy Protection Act (COPPA) against education technology providers and warns companies not to make surveillance a condition of accessing educational tools. The use of edtech expanded dramatically during the COVID-19 pandemic. “Children should not have to needlessly hand … Continued
  • VerifyThis: No, health data from most period-tracking apps is not protected under HIPAA
    Alan Butler, the executive director and president of the Electronic Privacy Information Center (EPIC), a nonprofit research center based in Washington, D.C., agrees with Dixon.  “Typically, apps that individuals might use to track fertility or for other personal health uses that are not billed as part of a medical service, which most of them are … Continued
  • National Law Review: FTC to Discuss Children’s Privacy, Endorsement Guides at Next (Virtual) Open Commission Meeting: May 19, 2022, 1PM ET
    COPPA requires certain websites, apps, and online services that are child-oriented (including digital assets that may be attractive to children) or knowingly collect the personal information of children to notify and obtain the consent of a child’s parent or legal guardian before collecting, using, or disclosing personal information from children under 13. Last year, the FTC … Continued
  • Senators Urge FTC to Investigate ID.me’s Facial Recognition Claims
    In a letter to Federal Trade Commission (FTC), Senators Ron Wyden, Ed Markey, Alex Padilla, and Cory Booker urged Chair Lina Khan to “investigate evidence of deceptive statements made by ID.me — a provider of identity verification services widely used by federal and state government agencies — about its use of facial recognition.” The Senators … Continued
  • 13 News Now: No, health data from most period-tracking apps is not protected under HIPAA
    Alan Butler, the executive director and president of the Electronic Privacy Information Center (EPIC), a nonprofit research center based in Washington, D.C., agrees with Dixon.  “Typically, apps that individuals might use to track fertility or for other personal health uses that are not billed as part of a medical service, which most of them are … Continued
  • EPIC, Coalition Urge FCC to Protect Consumers from Scam Health Insurance Calls
    EPIC and a coalition of twelve organizations led by the National Consumer Law Center (NCLC) urged the Federal Communications Commission (FCC) to restrict how the Department of Health and Human Services (HHS) can use automated texts and prerecorded voice calls to remind consumers about enrollment in health insurance programs. The Telephone Consumer Protection Act (TCPA) … Continued
  • Gibson Dunn: The FTC at Full Strength: What to Expect Next
    Privacy Rulemaking. The Biden Administration has encouraged the FTC to establish rules on “corporate surveillance” and the accumulation of data.  In late 2021, the FTC officially announced interest in crafting a trade regulation rule under Section 18 of the FTC Act “to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result … Continued
  • WIRED: Feds Warn Employers Against Discriminatory Hiring Algorithms
    The greatest benefit of these documents, said Ben Winters with the Electronic Privacy Information Center, is that it tells companies that the DOJ and EOCC are paying attention and articulating the sort of responsibility that companies have, including liability for discrimination wrought by the software of a third-party vendor. “It puts employers on notice that … Continued
  • Wisconsin Public Radio: Privacy advocates concerned that personal data could be used to enforce anti-abortion laws
    EPIC Executive Director Alan Butler joined Wisconsin Public Radio to discuss the risks in a post-Roe America posed by the lack of a U.S. privacy law. Listen here.
  • U.S. Agencies Release Guidance Documents About ADA Compliance for Employers Using Algorithms
    As part of an effort to understand and respond to disability discrimination facilitated by algorithms, the Equal Employment Opportunity Commission (EEOC) and the Department of Justice Civil Rights (DOJ) both released documents today offering guidance to employers to promote compliance with civil rights laws. The EEOC’s technical guidance document, “The Americans with Disabilities Act and … Continued
  • EPIC, Coalition Urge Zoom to Abandon Emotion Recognition
    EPIC and a coalition led by Fight For the Future called on videoconferencing company Zoom to halt plans to develop and incorporate emotion tracking software into its platform. The software claims to be able to identify the emotions an individual is experiencing based on their face and voice. The coalition argued that emotion recognition is harmful because it is … Continued
  • Senate Confirms Alvaro Bedoya to FTC
    The U.S. Senate has confirmed Professor Alvaro Bedoya to the Federal Trade Commission. President Biden nominated Bedoya, the founding director of the Georgetown Center on Privacy & Technology, to serve as member of the FTC last year. EPIC and coalition of organizations called for Bedoya to be confirmed in November. As a legal scholar and advocate, Bedoya has exposed the harms … Continued
  • Connecticut Enacts Privacy Law
    Connecticut Governor Ned Lamont signed the Connecticut Data Privacy Act today, making Connecticut the fifth state since 2018 to enact a consumer data privacy law. Connecticut’s law will allow residents of that state to opt-out of the processing of their personal data for purposes of (1) targeted advertising; (2) the sale of personal data; and … Continued
  • Senate Commerce Committee Advances 13(b) FTC Authority Restoration Bill
    The Senate Commerce Committee today advanced S. 4145, the Consumer Protection Remedies Act of 2022, filed by Senator Maria Cantwell. The bill explicitly authorizes the Federal Trade Commission to seek monetary relief for injured consumers in federal court and to require bad actors to return money obtained through illegal actions. The amendment to the FTC … Continued
  • Protocol: Human rights groups to Zoom: Stop any emotion AI plans
    More than 25 human and digital rights organizations including the American Civil Liberties Union, Electronic Privacy Information Center and Fight for the Future sent a letter to Zoom demanding the company end any plans to incorporate emotion AI features in its meeting software. Read the full story here.
  • Marketplace: Clearview AI settlement limits company’s sale of facial recognition tools
    EPIC Global Privacy Counsel Calli Schroeder was interviewed on Marketplace Tech regarding the settlement in a lawsuit between the ACLU and Clearview AI. Read more here or listen below.
  • Reuters: Analysis: Chatbots in U.S. justice system raise bias, privacy concerns
    “It raises a flag that the DOJ is going to move towards funding more automation,” said Ben Winters, a lawyer with the rights group the Electronic Privacy Information Center (EPIC), which submitted a cautionary comment to the DOJ. It urged the government to study the “very limited utility of chatbots, the potential dangers of over-reliance, and collateral … Continued
  • Sen. Johnson Asks CDC Why It Bought Location Data on Millions of Americans
    Sen. Ron Johnson, a Republican from Wisconsin and ranking member of the Permanent Subcommittee on Investigations, sent a letter to the Centers for Disease Control seeking further information about the CDC’s tracking of millions of Americans during the pandemic. The letter was sent in response to a recent Vice report that the CDC spent $420,000 … Continued
  • Thomson Reuters Foundation News: Chatbots in U.S. justice system raise bias, privacy concerns
    “It raises a flag that the DOJ is going to move towards funding more automation,” said Ben Winters, a lawyer with the rights group the Electronic Privacy Information Center (EPIC), which submitted a cautionary comment to the DOJ. It urged the government to study the “very limited utility of chatbots, the potential dangers of over-reliance, and collateral … Continued
  • ABC 7: ‘Shocking’: New report details CDC program tracking Americans’ cell phones
    Megan Iorio, a senior counsel with Electronic Privacy Information Center (EPIC) said the scope of the tracking was alarming: “The most shocking part was the extent to which the CDC was tracking the cell phones of children of native people and of religious groups,” she said. Iorio is concerned at how fast the data collection … Continued
  • Bloomberg Law: Clearview to Restrict Private-Sector Use of Face-Scan Data
    “The settlement is an important win for privacy,” said Jeramie Scott, senior counsel at the nonprofit Electronic Privacy Information Center. Scott added that the agreement would prevent potential harms that could result from letting Clearview provide access to its facial recognition database to private companies and individuals. Read the full story here.
  • Clearview AI Banned From Selling Facial Recognition Database Access to Companies
    A legal settlement filed in ACLU v. Clearview AI will prohibit Clearview from selling access to its facial recognition database to companies and private individuals. The case was brought under Illinois Biometric Information Privacy Act (BIPA), which allows private right of actions. EPIC previously filed an amicus brief before the 9th Circuit defending an individual’s right to … Continued
  • EPIC Advises California Privacy Agency on Automated Decision-Making Systems, Risk Assessments, Emergency Data Requests
    EPIC staff urged the California Privacy Protection Agency to adopt strong, privacy-protective regulations under the state’s new data protection law during a series of stakeholder sessions held this week. EPIC Counsel Ben Winters recommended a broad definition of “automated decision making technology” covered by the California Privacy Rights Act and a risk-tiered approach to regulating … Continued
  • Scary Mommy: Should I Delete My Period Tracking App? Why Reproductive Surveillance Is A Big Concern
    In a worst-case scenario, “even a search for information about a clinic could become illegal under some state laws, or an effort to travel to a clinic with an intent to obtain an abortion,” as Alan Butler, the executive director and president of the Electronic Privacy Information Center, told The Washington Post. Read the full article.
  • Law 360: CDC Used Phone Location Data For COVID Research
    EPIC Senior Counsel Megan Iorio is quoted about how the CDC used location data for COVID research. Read the article at Law360.
  • Washington Post: Your phone could reveal if you’ve had an abortion
    Crunching all that data isn’t easy, and law enforcement agencies have plenty of “lower-hanging fruit” to pursue, says Alan Butler, the executive director and president of the Electronic Privacy Information Center. Those more traditional methods include checking credit card records, collecting data from cellphone towers, and talking to friends and family members. But it is … Continued
  • EPIC, Coalition Urge New Orleans City Council to Keep Police Facial Recognition Ban
    In a letter to the New Orleans City Council, EPIC and a coalition led by Fight for the Future urged the Councilors not to overturn a 2020 city ordinance banning law enforcement from using facial recognition, most automated license plate reader systems, cell-site simulators, and characteristic tracking software. New Orleans adopted the ordinance after the city police department admitted to hiding … Continued
  • The Washington Post: Your phone could reveal if you’ve had an abortion
    Crunching all that data isn’t easy, and law enforcement agencies have plenty of “lower-hanging fruit” to pursue, says Alan Butler, the executive director and president of the Electronic Privacy Information Center. Those more traditional methods include checking credit card records, collecting data from cellphone towers, and talking to friends and family members. But it is … Continued
  • The Supreme Court Must Not Undermine the Constitutional Right to Privacy
    The draft opinion of the U.S. Supreme Court in Dobbs v. Jackson Women’s Health Organization, if adopted, would go against more than 50 years of precedent defending the constitutional right to privacy. Privacy is a fundamental right. The Court has long recognized this right as “implicit in the concept of ordered liberty.” The right to … Continued
  • EPIC Submits Feedback on UK GDPR Research Provisions
    EPIC has submitted written feedback for a consultation by the UK Information Commissioner’s Office (ICO) regarding draft guidance on research provisions on the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018). The draft guidance is intended to assist organizations in understanding key terms, evaluating whether research provisions apply … Continued
  • European Parliament and EU Member States Reach Deal on Digital Services Act
    On April 23, 2022, the European Parliament and EU member states agreed on a political deal regarding the Digital Services Act (DSA). The agreement on the broad topics allows the DSA to move forward with formal adoption by EU co-legislators and publication in the Official Journal of the European Union. The DSA is expected to … Continued
  • White House Announces “Declaration for the Future of the Internet”
    The White House has launched the Declaration for the Future of the Internet. The United States, along with 60 other countries, signed the document, which is a political commitment to advance the following principles: protecting human rights and fundamental freedoms, promoting the free flow of information, advancing inclusive and affordable connectivity, promoting trust by protecting … Continued
  • EPIC Urges PCLOB to Examine Impacts of Domestic Terrorism Investigations
    In comments for an upcoming meeting of the Privacy and Civil Liberties Oversight Board, EPIC urged the Board to investigate the use of facial recognition, aerial surveillance, fusion centers, and location data purchased from data brokers in domestic terrorism investigations. EPIC also urged the Board to review and critique the classification of “domestic terrorism” as separate from other forms … Continued
  • Bloomberg Law: Postal Service Social Media Tracking Tests Crime Unit’s Power
    The investigative effort has faced pushback from the nonprofit Electronic Privacy Information Center, which sued USPS for failing to put together and publish a formal Privacy Impact Assessment before using social media surveillance tools and facial recognition technology.  EPIC argued that such an assessment is required by a federal law that regulates the government’s use of technology. … Continued
  • HR Brew: One-way video interviews are impersonal, candidates say, and raise privacy concerns
    Depending on the specific technology being used, that glimpse of someone’s personality and aptitude might be processed by an algorithm that cobbles together a profile, using indirect cues—such as facial expressions, clothing, or background images—explained Ben Winters, counsel at the Electronic Privacy Information Center. The “software might yield that you are not dependable or not … Continued