Recent Updates

NIST today published a final draft of its AI Risk Management Framework 1.0. The document is a “a guidance document for voluntary use by organizations designing, developing, deploying or using AI systems to help manage the many risks of AI technologies.” EPIC had submitted feedback on two prior drafts released by NIST. EPIC’s feedback recognized … Continued

EPIC submitted an amicus brief in the case Colorado v. Seymour, urging the Colorado Supreme Court to rule that reverse keyword warrants are unconstitutional in the the first case in the country to evaluate such warrants. Reverse keyword warrants are a dangerous new technique the police use that force technology companies like Google to search … Continued

If you’ve been following EPIC’s work on the algorithms used in public benefits programs, you may have caught something unusual: although we talk about public welfare programs, most of the systems we’ve uncovered are developed by private companies. That isn’t a coincidence. While a few state agencies have developed their own technical systems for public … Continued

Each year, Congress passes the National Defense Authorization Act (NDAA), which designates specific budgets and policies for the U.S. military and a host of other government entities. The NDAA, while at its core a national defense bill, is sweeping in scale, with this year’s version providing $816,700,000,000.00 in funding to the Department of Defense. Given … Continued

Today EPIC called for enhanced personal financial data rights in response to the Consumer Financial Protection Bureau (CFPB)’s outline of proposals under consideration for its upcoming rulemaking implementing Section 1033 of the Dodd-Frank Act. EPIC urged the CFPB to promulgate rules that enable consumers to access, understand and control their own financial information, and “prohibit … Continued

In comments to the National Institute of Standards and Technology, EPIC urged NIST to endorse the adoption of differential privacy in its revised paper on de-identifying government data sets. The paper will provide guidance to federal agencies on deidentification techniques, strategy, and implementation. EPIC commended NIST on its recommendations, which include detailed guidance for federal … Continued

WASHINGTON, DC – On January 1, 2023, the Electronic Privacy Information Center (EPIC) was thrilled to welcome three new members to its Board of Directors, as well as a new slate of officers who will lead the Board for the 2023 – 2024 term. The guidance and support of the EPIC Board of Directors ensure … Continued

Yesterday EPIC submitted comments to the Colorado Attorney General recommending edits to their most recently proposed rules implementing the Colorado Privacy Act. EPIC was represented by the Samuelson-Glushko Technology Law and Policy Clinic (TLPC) at Colorado Law. In addition to proposing specific line edits, EPIC provided feedback about Data Rights, Controller Obligations, Loyalty Programs, Privacy … Continued

The Electronic Privacy Information Center (EPIC) is a public interest research center based in Washington, D.C. that was established in 1994 to focus public attention on emerging privacy and related human rights issues and to protect privacy, the First Amendment, and constitutional values.[1] EPIC has a long history of promoting transparency and accountability for information … Continued

“It’s really messy,” says Chris Frascella, who studies consumer privacy at the Electronic Privacy Information Center, a nonprofit research group. “What you’re required to report in Alabama may not be something that you have to report in Connecticut.” Because many technology companies are based in California or collect significant amounts of data on the state’s … Continued

In an amicus brief submitted in Facebook v. New Jersey, EPIC, EFF, and CDT—with help from Davis Wright Tremaine, urged the New Jersey Supreme Court to rule that police need a wiretap order if they want Facebook to provide them with users’ future communications in 15-minute increments. When police request prospective communications, they need a … Continued

On Monday, EPIC filed comments with the Federal Trade Commission supporting the agency’s proposal for a trade regulation rule based on its Endorsement Guides. EPIC urged the agency to incorporate the full scope of the Endorsement Guides into its rule, as the FTC had included in its proposed rule undisclosed incentives (i.e., situations in which … Continued

Experts say companies are well aware that people rarely read privacy policies closely, if we read them at all. But what iRobot’s global test agreement attests to, says Ben Winters, a lawyer with the Electronic Privacy Information Center who focuses on AI and human rights, is that “even if you do read it, you still … Continued

In a 3-2 decision, South Carolina’s Supreme Court held that the state’s constitutional right to privacy protects the decision to terminate a pregnancy, rendering the state’s previous six-week abortion ban unconstitutional. The court held that “the decision to terminate a pregnancy rests upon the utmost personal and private considerations imaginable, and implicates a woman’s right … Continued

Meta might have a hard time meeting the criteria of the balancing test between business interests and individual interests, according to John Davisson, senior counsel and litigation director at the nonprofit Electronic Privacy Information Center. Asking consumers to agree to targeted advertising as part of the terms of using a service “relies on coercive consent,” … Continued

The Ninth Circuit Court of Appeals recently held that Google will have to face a class action lawsuit alleging that their data collection practices violated the laws of six states. The plaintiffs, a class of guardians appearing on behalf of their children, claim that Google and YouTube violated state children’s privacy laws by tracking behavior … Continued

On December 21, the Federal Communications Commission released a Notice of Apparent Liability (NAL) for $299,997,000 against a scam robocall operation involving more than ten corporate defendants initially prosecuted by the Ohio Attorney General’s Office. In the first three months of 2021 alone, the scam operation called more than half a billion American phones about … Continued

Ireland’s Data Protection Commission today ordered Meta to pay fines of €390 million for unlawfully collecting personal data and targeting ads at Facebook and Instagram users. The fines follow last month’s ruling by the European Data Protection Board that Meta cannot use its terms of service as a legal basis for targeted advertising. The Irish … Continued

On December 27, 2022, the Federal Communications Commission affirmed that callers making artificial or prerecorded calls to residential lines that do not require consent. Callers from tax-exempt nonprofits, or those making non-commercial or non-telemarketing calls, will be allowed to make no more than three calls in any thirty-day period without consent. If the call is … Continued

In an amicus letter brief filed in late December, EPIC and EFF urged the California Supreme Court to take up a case recently decided by the California Court of Appeals that harms Californians’ ability to vindicate their rights in court. In the case, Limon v. Circle K Inc., the lower court threw out the plaintiffs’ … Continued

A spate of state laws come into effect in 2023 and, for some, the effective date is already upon us. The California Privacy Rights Act (CPRA), which amends the California Consumer Privacy Act (CCPA), and the Virginia Consumer Data Protection Act (VCDPA) both went into affect on January 1, 2023. The VCDPA is also now … Continued

The Electronic Privacy Information Center (EPIC) called on the US Federal Trade Commission (FTC) to strictly regulate data collection on children. EPIC’s executive director Alan Butler explained his calls for more limits on smart toys. “It’s just not really realistic, for a parent, as you say, to be able to parse these legal documents,” he … Continued

Chris Frascella, a law fellow at the Electronic Privacy Information Center, said, “Until it becomes more costly to assist criminal fraud than to stop it, scammers will continue to find providers willing to accept payment for passing these dangerous and illegal calls to our phones.” Read the full article here.

Some critics have argued that the technology is so perilous in government hands that it should be banned. The Electronic Privacy Information Center argued this year that facial recognition is “inherently dangerous,” enabling “comprehensive public surveillance.” Read the full article here.

According to the National Consumer Law Center (NCLC) and the Electronic Privacy Information Center (EPIC), more than 33 million scam robocalls were made every day in 2021. The problem has become so bad that the FCC and mobile carriers have implemented new initiatives to combat spam calls, and now it seems we can add Google … Continued

EPIC’s Alan Butler was featured on CBS Mornings about toys that collect data on kids. Watch here.

“I mean it’s just a staggering amount of information that’s collected online,” said EPIC’s executive director Alan Butler. He said that information is used to track children’s behavior. “It’s just not really realistic, for a parent, as you say, to be able to parse these legal documents, understand what’s happening technologically and what’s happening with … Continued

In comments to the General Services Administration, EPIC urged the agency to limit contracts for fraud prevention to a single third-party provider and to investigate and consider abandoning behavioral analytics techniques. Login.gov is a sign-on service for members of the public to access information and services from various federal agencies. The GSA currently contracts with data broker LexisNexis for … Continued

Both Uber and Facebook also reportedly tracked the location of journalists reporting on their apps. A 2015 investigation by the Electronic Privacy Information Center found that Uber had monitored the location of journalists covering the company. Read the full article here.

Ben Winters, counsel at the nonprofit Electronic Privacy Information Center, told FCW via email that “specifically articulating that civil rights protections can’t be skirted by the use of AI is helpful and sends a message to people considering its use to make sure to do so responsibly,” although he added that he would “love to … Continued

Last week, EPIC, the National Consumer Law Center (NCLC), and the National Consumers League (NCL), joined by four additional consumer advocacy organizations, applauded the Federal Trade Commission’s proposed rule to combat fraudsters who impersonate government or business entities. The coalition also encouraged the FTC to expand its efforts to address other forms of impersonation (such … Continued

In a letter to FBI Director Christopher A. Wray, Sen. Ron Wyden requested that the FBI publish its policies governing its hacking operations, as well as provide annual aggregate statistics on the frequency of such operations. Sen. Wyden asked the FBI to provide a range of information, including statistics relating to the use of Network … Continued

“The FTC has been doing work on deceptive design practices for years, but this is the biggest step up in terms of enforcement we’ve ever seen,” said John Davisson, director of litigation and senior counsel at the Electronic Privacy Information Center, better known as EPIC (unrelated to Epic Games). Read the full story here.

In a letter to the Federal Bureau of Investigation (FBI), Representatives Ted Lieu (D-CA) and Rep. Yvette Clark (D-NY), along with Sen. John Ossoff (D-GA), requested information on the deployment of face surveillance by the FBI and state and local law enforcement. The letter asks the FBI for a range of information, including: a breakdown of … Continued

In a letter to Federal Trade Commission (FTC) Chair Lina Khan, Sen. Ron Wyden revealed that Neustar, which provides recursive Domain Name System (DNS) services, sold consumers’ sensitive internet metadata to researchers funded by the Department of Defense. According to Sen. Wyden’s letter, U.S. federal agencies, including the FBI and DOJ, asked the Georgia Tech … Continued

The Federal Trade Commission today announced two historic settlements with Fortnite video game maker Epic Games for privacy and consumer protection violations. Fortnite has more than 400 million users worldwide, many of them minors. In addition to changing default privacy settings, Epic Games will be required “to pay a total of $520 million in relief … Continued

Yesterday EPIC sent a letter to the Federal Communications Commission, thanking the agency for its decision to extend call rate protections for “jails” and “prisons” to include juvenile detention facilities, ICE detention facilities, and secure mental health facilities. EPIC also applauded the FCC’s decision to reduce rate caps for ancillary services by more than 50% … Continued

Today, the Organisation for Economic Co-operation and Development (OECD) announced the adoption of an agreement on government access to personal data held by private sector entities for national security and law enforcement purposes. The Declaration sets forth common principles on safeguarding privacy and rejects any approach to government access that is “inconsistent with democratic values … Continued

In comments to the Federal Trade Commission, EPIC commended the FTC for incorporating access and deletion rights and data minimization requirements into its settlement with edtech company Chegg. Chegg, which markets subscription-based study aids and a scholarship search service, collects and stores personal information from millions of users. Although Chegg represented to consumers that it … Continued

Today, the European Commission published a draft adequacy decision on the new EU-U.S. Data Privacy Framework (EU-U.S. DPF), setting the stage for a likely challenge at the Court of Justice of the European Union (CJEU). The Commission found that the EU-U.S. DPF, along with the Biden administration’s implementing Executive Order and DOJ regulations, guarantees “essentially … Continued

Last week, eighteen legal services and consumer advocacy organizations, led by EPIC and the National Consumer Law Center, submitted reply comments to the Federal Communications Commission urging the FCC to protect consumers from unwanted and scam text messages. The organizations urged the FCC to support existing private industry efforts to block mass texts sent without … Continued

Congress is currently considering passing a narrow and ineffective privacy law; they should take a more comprehensive approach as EPIC has previously recommended. The Judicial Security and Privacy Act, currently integrated into the NDAA, would in practice do very little to protect the privacy of personal information about federal judges and their families. The bill as currently … Continued

Consumer advocacy groups are renewing their call for the House of Representatives to vote this month on a sweeping privacy bill that would outlaw a common form of online ad targeting. “The time is now to pass a comprehensive federal privacy law,” 23 organizations including the Center for Democracy & Technology, Electronic Privacy Information Center … Continued

“The internet is filled with a lot of images that will push AI image generators toward topics that might not be the most comfortable, whether it’s sexually explicit images or images that might shift people’s AI portraits toward racial caricatures,” says Grant Fergusson, an Equal Justice Works fellow at EPIC.  Read the full article here.

“[T]he American Civil Liberties Union and Amnesty International also signed their names to the letter, as well as groups that generally advocate for electronic privacy rights like the Electronic Privacy Information Center.” Read the full article here.

On November 22, EPIC and the Electronic Frontier Foundation filed an amicus brief in Peter Maldini v. Marriott International, Inc., urging the Fourth Circuit Court of Appeals to affirm that plaintiffs can sue companies that negligently allow hackers to steal customers’ sensitive personal data. In 2018, Marriott announced that its customers were the victims of … Continued

On December 5, EPIC and Public Justice filed an amicus brief in Martinez v. ZoomInfo Technologies, Inc., urging the Ninth Circuit Court of Appeals to affirm that plaintiffs can sue companies that violate people’s right to control how and when their identities are used to sell goods. The case involves a plaintiff, Ms. Kim Martinez, … Continued

John Davisson, director of litigation and senior counsel at the Electronic Privacy Information Center, told the Washington Post, “It’s dangerous for any firm to collect this kind of … data about our browsing habits, but given that Twitter has a spotty privacy and data security history, it’s particularly alarming for Twitter to have that information.” … Continued

“They’re adding these code snippets and adding these functionalities and they think they’re getting a nifty analytics tool and a way to hone the targeting of their advertisements,” [EPIC’s John Davisson] said. “Meanwhile, the company is exposing itself to liability and putting the users at risk of significant privacy harm.” Read the full article here.

On November 29, EPIC joined a coalition of privacy and civil liberties groups in urging Congress to include the Lee-Leahy Amendment—the FISA Amici Curiae Reform Act of 2022—in any final spending bill. The Lee-Leahy Amendment would strengthen and expand the role of the FISA amici. The Amendment would further protect Americans’ First Amendment rights by … Continued