The Florida House of Representatives today passed the Florida Privacy Protection Act, HB 969, on a 118-1 vote. The bill gives Floridians the right to know what information companies have collected about them, the right to delete and correct that information, the right to opt-out of the sale or sharing of their personal information, strong limits on the retention of their data, and additional protections for their children’s privacy. Critically, the bill would create robust enforcement mechanisms, including a private right of action, to ensure companies do not flout the law. EPIC and a coalition of privacy and consumer organizations had previously sent letters to Florida Governor Ron DeSantis, the Florida House Commerce Committee, and Florida's Senate Rules Committee urging them to preserve private rights of action the bill. "The inclusion of a private right of action in HB 969 and SB 1734 is the most important tool the Legislature can give to Floridians to protect their privacy," the groups wrote. "The statutory damages set in privacy laws are not large in an individual case, but they can provide a powerful incentive in large cases and are necessary to ensure that privacy rights will be taken seriously and violations not tolerated. In the absence of a private right of action, there is a very real risk that companies will not comply with the law because they think it is unlikely that they would get caught or fined." The Senate Rules Committee removed the private right of action provisions from the Senate bill, but the Senate could restore the crucial enforcement provision on the floor this week.
Following a report by the Tampa Bay Times about the Pasco County Sherriff’s broad-ranging predictive policing and scoring program, the Department of Education is investigating a Florida school district’s practice of giving the Sherriff access to students’ personal data. The disclosures may have violated the Federal Education Rights and Privacy Act, which places strict limits on the use of students’ educational records. In January, Rep. Robert Scott (D-VA), Chair of the House Committee on Education and Labor, called for an investigation of the Sheriff’s program, which used personal data to compile a list of students that the Sheriff believed could “fall into a life of crime.” EPIC has called for bans on secret scoring and mass surveillance and strict limits on the use of AI in the criminal justice system.
As part of EPIC's ongoing lawsuit for cell phone surveillance orders issued by federal prosecutors, the Department of Justice identified identified 75 orders and warrants for cell phone location data under ยง 2703(d) from the U.S. Attorney's Office for the Virgin Islands from 2016-2019. During the same period, the attorneys handled 283 criminal cases. The U.S. Attorney's Office for the Virgin Islands is one of the smallest districts in the country. In February, EPIC obtained the number of location data requests for the District of Delaware, the first of five districts that the DOJ has agreed to search for location data requests. EPIC is still waiting for responses from 3 of the agency's other prosecutors' offices and will continue to update its comparative table as each district releases more information. Currently prosecutors do not release any comprehensive or uniform data about their surveillance of cell phone location data. In 2018, the U.S. Supreme Court ruled in Carpenter v. United States that the collection of cell phone location data without a warrant violated the Fourth Amendment. The case is EPIC v. DOJ, No. 18-1814 (D.D.C.).
