In a statement to the Senate Commerce Committee before a hearing on the need for federal privacy legislation, EPIC urged lawmakers to establish an independent U.S. Data Protection Agency. EPIC laid out the FTC's typical privacy playbook: consent decrees, infrequent penalties, and no meaningful changes in business practices. "The FTC does not have the motivation or the tools necessary to enforce meaningful privacy and data protection rights in 2020," EPIC said, pointing to settlements the FTC had reached with Facebook, Google, YouTube, Uber, and Equifax. EPIC also noted the FTC's failure to use its existing authority to regulate privacy, including its rulemaking authority under Section 5 to establish stronger data security standards. "If the FTC fails to use these authorities, then the Commission is not capable of protecting Americans’ privacy, and the Commission should no longer be trusted to do so," EPIC stated. EPIC urged the Committee to hold a hearing on and give a favorable report to S. 3300, the Data Protection Act filed by Senator Gillibrand, which creates an independent U.S. Data Protection Agency.
EPIC has sent demand letters to Oracle and TikTok warning both of their legal obligation to protect the privacy of TikTok users if the companies enter a partnership. Last week, following President Trump's threat to effectively ban TikTok from the United States, Oracle reached a tentative agreement to serve as TikTok's U.S. partner and to "independently process TikTok's U.S. data." But the deal, which would pair one of the largest brokers of personal data with a social network of 800 million users, presents grave privacy and legal risks. "Absent strict privacy safeguards, which to our knowledge Oracle has not established, [the] collection, processing, use, and dissemination of TikTok user data would constitute an unlawful trade practice," EPIC wrote. EPIC warned Oracle and TikTok that unless they "adequately protect the privacy of TikTok users"—for example, by committing not to sell TikTok user data or merge it with Oracle products—EPIC intends to bring a lawsuit against both companies under the D.C. Consumer Protection Procedures Act. EPIC previously used the same law to force AccuWeather to stop deceptively gathering users' location data. EPIC and a coalition of consumer groups recently filed a Federal Trade Commission complaint against TikTok for violating the Children's Online Privacy Protection Act.
The Justice Department, as part of an open government lawsuit brought by EPIC, has released another round of previously unpublished material from the Mueller Report. The newly disclosed passages are listed in the "Redaction" column of a DOJ spreadsheet—though outside of their original context from the Mueller Report. The spreadsheet was originally drafted to answer questions from Judge Reggie B. Walton, who is conducting an "in camera" review of the complete Mueller Report after determining that Attorney General Bill Barr's redactions may have been "self-serving." Among the newly disclosed material is an excerpt from an Internet Research Agency document that describes the Russian government's goal of "spread[ing] distrust towards the candidates and the political system in general" and states that "All the primaries are purchasable." The DOJ previously released new passages from the Mueller Report in June, and the court is expected to decide soon whether additional material must be published. EPIC's Freedom of Information Act case—the first in the nation for the disclosure of the Mueller Report—is EPIC v. DOJ, No. 19-810.
