Previous Top News: 2020


  • According to the New York Times, U.S. intelligence agencies have briefed Congress about ongoing efforts by Russia to interfere in the 2020 Presidential election. Following the briefing, the President replaced the acting Director of National Intelligence with Richard Grenell, a person with no background in intelligence or the management of federal agencies. The Senate Intelligence Committee, the U.S. Intelligence Community, and Special Counsel Robert Mueller previously confirmed Russian interference in the 2016 election. However, the full extent of Russian interference in 2016 has not yet been revealed. EPIC is seeking the disclosure of the complete and unredacted Mueller Report in the FOIA lawsuit EPIC v. DOJ. EPIC's case could provide further information about the scope and techniques of Russian election interference. A ruling is expected soon. (Feb. 21, 2020)

  • In response to a public records request, EPIC received documents from the Mississippi Department of Corrections detailing their use of risk assessment tools. The results show that the Department uses risk assessments from pre-trial through parole. The document released to EPIC also show efforts to comply with the validation requirements of state law passed in 2019. The documents disclosed include also sample scoring sheets, scripts, four different trainings, and a manual on the risk assessment software. EPIC has obtained documents about pre-trial risk assessments from several states as well as a scoring system developed by the DHS to assign risk assessments to travelers, including US citizens. (Feb. 21, 2020)

  • Through a FOIA request, EPIC has obtained documents (pt. 1, 2, 3) about the TSA's "Visible Intermodal Prevention and Response" program. Created in 2004, the VIPR teams worked with law enforcement agencies to conduct warrantless searches at public events, including festivals, sporting events, and bus stations. The TSA released to EPIC planning guidance, an operations directive, operating procedures, and activity summary reports. However, the EPIC request revealed that the TSA failed to complete civil rights and civil liberties impact assessments required by law. The VIPR program ended in 2019. The VIPR program used "risk-based" profiling and "behavior detection" to search and detain individuals. Two GAO reports (2013, 2017)questioned the reliability of TSA's behavioral indicators, which included, for example, "assessing the way an individual swallows or the degree to which an individual's eyes are open." (Feb. 21, 2020)

  • The European Parliament heard testimony today on AI in Criminal Law amidst a widespread push towards robust AI regulation in the EU. The panelists before the committee responsible for civil liberties, justice, and home affair focused on facial recognition, risk assessments, and predictive policing. The hearing explored regulation and law enforcement use, and also transparency, explainability, and accountability. The hearing in Parliament followed the release of a European Commission White Paper on AI. EPIC has called for a moratorium on face surveillance and maintains a resource about the use of risk assessments in the US Criminal Justice system. (Feb. 20, 2020)

  • This week the American Bar Association adopted new policies for the security of elections and the regulation of drone operations. Under the election cybersecurity policy, the ABA will urge Congress to provides funding to NIST to set election security standards, provide funding to secure state systems, and encourage state and local governments to secure election systems. Last year a federal court ruled that Georgia must replace its insecure voting machines, citing EPIC's amicus brief that highlighted the unreliable nature of paperless voting systems. EPIC continues to seek release of DHS records concerning ongoing election security risks. The ABA also adopted a drone privacy policy that will encourage federal, state, and local governments to regulate the deployment of drones. EPIC first petitioned the FAA to promulgate drone privacy regulations in 2012, has sued to obtain records of the agency's secretive drone advisory committees, and EPIC recently launched a Mandate Drone ID Campaign. (Feb. 20, 2020)

  • A report released by the Administrative Conference of the US with Stanford and NYU explores the use of Artificial Intelligence techniques by 142 Federal Agencies. According to the report, law enforcement agencies are most likely to use AI. The report "Government by Algorithm: Artificial Intelligence in Federal Administrative Agencies" cites documents obtained by EPIC in the FOIA lawsuit EPIC v. CBP. In that case, EPIC obtained document from the federal agent that revealed problems with biometric identification. EPIC has recommended the Universal Guidelines for AI to guide the government's use of AI and EPIC recently petitioned the Federal Trade Commission to establish regulations for the use of AI in commerce. (Feb. 20, 2020)

  • In response to EPIC's Freedom on Information Act lawsuit, EPIC v. State, the State Department has provided EPIC with several agency agreements concerning State Department facial recognition program. The Consular Consolidated Database contains millions of images from visa and passport applicants, which other federal agencies are now accessing for purposes unrelated to the processing of visa and passport application. The State Department agreements include the Labor, Interior, and Defense Departments. Several of the documents EPIC obtained concealed the name of the federal agency accessing the State Department database. In a related EPIC FOIA lawsuit, EPIC obtained documents concerning Customs and Border Protection use of images from the State Department. (Feb. 19, 2020)

  • EPIC has filed a brief urging a federal court to enforce the transparency obligations of the National Security Commission on Artificial Intelligence. EPIC explained that the AI Commission must hold open meetings and publish its records on a regular basis. The court previously ruled that the AI Commission must comply with EPIC's Freedom of Information Act request, but the Commission now claims that it is exempt from a related statute that requires advisory committees to operate transparently. EPIC told the court that "as is often the case for federal entities, the AI Commission must comply with two (or three, or more) statutory obligations at the same time." The Commission, which is tasked with developing U.S. AI policy, recently released a report to Congress criticizing the EU General Data Protection Regulation and calling for greater "government access to data on Americans." The AI Commission met frequently in secret with lobbyists and private contractors, but never gathered opinions from the American public. (Feb. 19, 2020)

  • The European Commission has published the White Paper on Artificial Intelligence(AI) and the European Data Strategy. the Commission stated that the aim is to promote "Technology that works for people; a fair and competitive economy; and an open, democratic and sustainable society." On AI and fundamental rights, the Commission warned that "biases in algorithms or training data used for recruitment AI systems could lead to unjust and discriminatory outcomes..." The Commission also warned that the "gathering and use of biometric data for remote identification purposes carries specific risks for fundamental rights" but stopped short of endorsing a moratorium on face surveillance. The EU White Paper on Artificial Intelligence is open for public consultation until May 19, 2020. The Commission is also gathering feedback on the data strategy. (Feb. 19, 2020)

  • The Seventh Circuit has concluded that consumers who receive an automated text message can sue under the federal anti-robocall law, but only if the autodialer has a random number generator. The decision in Gadelhak v. AT&T Services deepens a split among federal appeals courts over the scope of federal robocall protections. EPIC and the National Consumer Law Center filed an amicus brief in the case, arguing that an autodialer need only dial numbers from a list, such as a customer contact database. EPIC and the NCLC explained that allowing telemarketers to robocall consumers from a list "would undermine the law's effectiveness by inviting easy circumvention and rendering the restriction obsolete." The EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA. (Feb. 19, 2020)

  • In a letter to school administrators, EPIC joined Fight for the Future and over 40 organizations opposing the use of facial recognition technology in schools. The coalition stated that facial recognition is an "invasive and biased technology that violates the rights of students and faculty and has no place in educational institutions." EPIC launched a campaign and resource page to ban face surveillance globally. The Public Voice declaration has the support of over 100 organizations and many leading experts across 30 plus countries. EPIC has also called on the Privacy and Civil Liberties Oversight Board to suspend face surveillance systems across the federal government. (Feb. 13, 2020)

  • Senator Kirsten Gillibrand (D-NY) has introduced S. 3300, The Data Protection Act of 2020 which would create an independent Data Protection Agency in the United States to safeguard the personal data of Americans. EPIC, many leading consumer and civil rights organizations, privacy experts, and scholars support Senator Gillibrand's non-partisan bill. "The US confronts a privacy crisis. Our personal data is under assault. Congress must establish a data protection agency. Senator Gillibrand has put forward a bold, ambitious proposal to safeguard the privacy of Americans," said Caitriona Fitzgerald, EPIC Policy Director. EPIC has long advocated for the creation of a U.S. Data Protection Agency, arguing that the Federal Trade Commission is an ineffective agency, lacking basic competence for privacy protection. EPIC's recent report, Grading on a Curve: Privacy Legislation in the 116th Congress sets out the key elements of a modern privacy law, including the creation of a Data Protection Agency. [Bill text] [EPIC PRESS RELEASE] (Feb. 13, 2020)

  • Senators Cory Booker and Jeff Merkley introduced the Ethical Use of Facial Recognition Act, which would ban the federal government's use of facial recognition until Congress passes legislation regulating the technology. The bill also prevents state and local government from using federal funds for facial recognition systems and creates a commission to develop guidelines for the use of facial recognition. EPIC has launched a campaign to Ban Face Surveillance and through the Public Voice coalition gathered the support of over 100 organizations and many leading experts across 30 plus countries. An EPIC-led coalition has also called on the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. (Feb. 12, 2020)

  • Today EPIC has launched "Mandate Drone ID" to encourage the public to submit comments to the FAA regarding the agency's proposed rule for a drone ID requirement. EPIC recommends that the FAA modify the draft rule to require public access to drone ID information, including the operator identity, the purpose, and the surveillance capabilities. In 2015, EPIC wrote "Drones should be required to broadcast their registration information to allow members of the public" to easily identify the operator and responsible party. EPIC has recommended that the FAA follow the model for vessels and planes, which requires operators to broadcast location, course, and operator identity, The European Union has established real-time broadcasting requirement similar to the one EPIC has previously encouraged the FAA to implement. Comments on the FAA proposed rule are due March 2, 2020. (Feb. 12, 2020)

  • EPIC has joined 44 civil liberties organizations in endorsing the Safeguarding Americans' Private Records Act of 2020 (S. 3242 / H.R. 5675), sponsored By Senator Wyden [D-OR] and, in the House, Rep. Lofgren [D-CA]. The bills would repeal the NSA's bulk telephone surveillance program, establish a warrant requirement for location data and internet browsing history, increase transparency, and strengthen the Privacy and Civil Liberties Oversight Board. EPIC recently advised Congress to reform Section 702 of FISA and to sunset Section 215 of the Patriot Act. (Feb. 12, 2020)

  • The FTC announced plans to review acquisitions by Google, Amazon, Apple, Facebook, and Microsoft between 2010-2019. The FTC will review those acquisitions that the companies were not required by law to report at the time of acquisition. FTC Chairman Joe Simons said the initiative would "evaluate whether the federal agencies are getting adequate notice of transactions that might harm competition." In a joint statement, Commissioner Wilson and Commissioner Chopra said, "While we commend the FTC for exploring this timely and important topic, we reiterate our call for the Commission to prioritize 6(b) studies that explore consumer protection issues arising from the privacy and data security practices of technology companies, including social media platforms." EPIC filed a complaint with the FTC in 2014 opposing Facebook's acquisition of WhatsApp. EPIC is presently in federal court seeking to improve the FTC's proposed settlement with Facebook and to unwind the merger. (Feb. 12, 2020)

  • The European Parliament has passed a resolution urging the European Commission to adopt strong rules for industrial policy on artificial intelligence and robotics. The Resolution emphasizes safety, transparency, explainability, and data quality. The Resolution also seeks to "ensure that automatic decision-making is not being used to discriminate against consumers based on their nationality, place of residence or temporary location." The Resolution also supports the free flow of non-personal data to promote innovation. The European Commission is expected to announce how it will proceed with AI regulation next week. Last week, a Dutch Court ruled that an AI system to detect welfare fraud violated human rights. EPIC has promoted Algorithmic Transparency and the Universal Guidelines for AI, and also published the AI Policy Sourcebook, the first reference book on AI policy. (Feb. 12, 2020)

  • The California Attorney General has released the final draft of the regulations implementing the California Consumer Privacy Act. The draft updates key definitions, recommends an opt-out button image, and clarifies how businesses should respond to consumer access and deletion requests. The public has until February 25 to provide comments on the proposed regulation. Enforcement of the law will begin on July 1, 2020. In previous comments, EPIC urged strong enforcement of the state privacy law. The complete text of the California privacy law is available in the EPIC 2020 Privacy Law Sourcebook. EPIC has published a resource to help California residents exercise their rights under the CCPA. (Feb. 11, 2020)

  • The Technical Guidelines Development Committee has approved the Voluntary Voting System Guidelines 2.0. The Committee provides technical recommendations to the Election Assistance Commission regarding voting systems in the United States. EPIC, along with the Association for Computing Machinery, previously recommended strong principles for voter privacy, ballot secrecy, and data protection. The groups also urged the Commission to ban internet-connected voting machinery, citing the risks to voting integrity and democratic institutions. The Technical Committee recommended banning internet-connected voting systems, as well as strong provisions on voter privacy, ballot secrecy, and data protection. Though states are not mandated to comply with the Voting System Guidelines, the Guidelines shape the election security market. EPIC has a long history of working to protect voter privacy and election integrity. (Feb. 11, 2020)

  • The House passed H.R. 4357, which bans the use or purchase of foreign-made drones by the Department of Homeland Security. Last month, the Interior Department banned the use of foreign-made drones for non-emergency operations. The US government actions respond to growing concern that Chinese-made drones collect sensitive information in the United States. In 2012, EPIC and more than 100 experts petitioned the FAA to establish a rule to limit drones surveillance, but the agency failed to act. In recent comments to the FAA, EPIC warned the agency that regulating drone surveillance was essential to privacy and security. Last year, EPIC's Marc Rotenberg and Len Kennedy cited the FAA's failure to develop appropriate regulations in a commentary for the New York Times, and also warned that China's surveillance model requires "comprehensive privacy legislation to safeguard the personal data of Americans." (Feb. 11, 2020)

  • The Justice Department has confirmed to EPIC that Special Counsel Mueller did not draft any reports for Congress during the investigation into Russian interference in the 2016 election. In a filing from EPIC v. DOJ the Justice Department stated that it found no "reports, recommendations, and other compilations of information prepared for the eventual consideration of one or more members of Congress." Last year, EPIC's open government lawsuit revealed records of a previously-undisclosed Special Counsel investigation into a suspected "unregistered agent of a foreign government." EPIC is also seeking disclosure of the complete, unredacted Mueller Report. The book EPIC v. DOJ: The Mueller Report is available for purchase at the EPIC Bookstore. (Feb. 10, 2020)

  • The U.S. government has indicted four members of China's military on charges of hacking Equifax to exploit the personal data of 150 million Americans. They allegedly conspired to hack into Equifax's computer networks, maintain unauthorized access to those computers, and steal sensitive, personally identifiable information of nearly half of all American citizens. EPIC President Marc Rotenberg testified before the House in 2018 and the Senate in 2017 about the Equifax breach. Rotenberg warned lawmakers and regulators that the failure of the U.S. government to safeguard the personal data of Americans has placed American consumers at risk from foreign adversaries. And in the Harvard Business Review, Rotenberg explained that "consumer privacy is not a goal achieved by markets. It must be mandated by Congress." EPIC has called for passage of the Online Privacy Act, H.R. 4978, and the creation of a U.S. data protection agency. (Feb. 10, 2020)

  • In advance of a hearing on the Department of Homeland Security's use of facial recognition technology. EPIC urged Congress to suspend the use of facial recognition for mass surveillance. EPIC explained that an individual's ability to control disclosure of identity "is an essential aspect of personal security and privacy." EPIC provided to the House Committee the Public Voice Declaration, supported by more than 100 organizations and leading experts from around the world, calling for a moratorium on face surveillance. The Declaration calls on countries to (1) suspend deployment of facial recognition; (2) review systems to determine whether personal data was obtained lawfully; (3) undertake research to assess bias and risk; and (4) establish legal rules, technical standards, and ethical guidelines before further deployment occurs. EPIC recently launched a campaign and resource page to ban face surveillance globally. (Feb. 6, 2020)

  • A Dutch Court ruled that an algorithmic risk assessment technique that ostensibly detects fraud violates human rights and privacy laws. The SyRi system processed massive amounts of personal data held in a government agencies with an opaque algorithm. The Dutch court ruled "there is a risk that the use of SyRI will inadvertently make connections based on bias." EPIC tracks and publicizes the use of risk assessments in the US Criminal Justice System as well as advocates for the Universal Guidelines for AI to ensure Algorithmic Transparency in automated decision making, EPIC published the AI Policy Sourcebook, the first reference book on AI policy. (Feb. 5, 2020)

  • Today EPIC filed a petition with the Federal Trade Commission for a rulemaking "concerning the use of artificial intelligence in commerce." The EPIC petition follows two recent EPIC complaints to the FTC about the use of AI for employment screening and the secret scoring of young athletes. EPIC noted that several FTC Commissioners have called for updated regulations to address the challenges of Artificial Intelligence. EPIC pointed to the recent OMB Guidance for Regulation of Artificial Intelligence in support of the FTC rulemaking. EPIC also publishes the AI Policy Sourcebook, the first reference book on AI policy. (Feb. 3, 2020)

  • FCC Chairman Pai has announced upcoming enforcement actions against wireless carriers that disclosed subscribers' location data. Last year Members of Congress called an emergency briefing with the FCC and urged the agency to investigate companies that were selling subscribers' location data. EPIC has long advocated for protection of location data. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. And EPIC filed a amicus brief in Carpenter v. US. The Supreme Court held in that case that the Fourth Amendment protects cell site location information. EPIC maintains detailed webpages on location privacy. (Jan. 31, 2020)

  • Sen. Michael Bennet (D-CO) has criticized the White House Guidance on Artificial Intelligence as "insufficient" and "little more than gauzy generalities." In a letter to US Chief Technology Officer Michael Kratsios, Bennet said the "principles male only passing referrence to privacy protections" and "just a cursory discussion of Americans' civil rights." Bennet said also that the White House "has failed to set spending targets, establish metrics, or allocate additional funding." EPIC published the AI Policy Sourcebook, the first reference book on AI policy. The AI Sourcebook includes the Universal Guidelines for AI, an influential human rights framework for AI policy. (Jan. 31, 2020)

  • EPIC has settled a Freedom of Information Act lawsuit against Immigration and Customs Enforcement. EPIC sought records about the agency's use of Palantir's technology for mass surveillance. The documents obtained by EPIC revealed the vast capabilities of agency program to link phone numbers, GPS data, and social network data. The FALCON database, developed by Palantir, also includes sensitive data such as social security numbers, financial records, call records, ISP records. In previous comments, EPIC urged the agency to limit the data gathered, narrow the exemptions to the Privacy Act, and remove the routine use disclosures. As a consequence of the successful litigation, EPIC will receive attorneys fees. (Jan. 31, 2020)

  • This week Facebook agreed to pay $550 million to settle a lawsuit about the use of facial recognition technology. The New York Times called the settlement "A Big Victory for Privacy Groups." In 2010, EPIC objected to Facebook's collection of biometric data and urged the FTC to modify a proposed settlement to limit Facebook's use of facial recognition. EPIC filed similar complaints about facial recognition with the FTC in 2016 and 2018. EPIC also filed several amicus briefs stating that the violation of a federal privacy law is sufficient to confer "standing," the right of consumers to bring lawsuits. In response to Facebook's challenge to the Illinois Biometric Privacy Act, EPIC wrote, "Judicial second-guessing of statutory protections for biometric data established by the state legislature, following a careful weighing of the public safety concerns, will come at an enormous cost to the privacy of Illinois residents." EPIC's views were adopted by a federal court in this case, which led to the recent settlement with Facebook. The text of the Illinois privacy law is available in the 2020 EPIC Privacy Law Sourcebook at the EPIC Bookstore. And EPIC's objections to the current FTC settlement with Facebook are now pending in federal court. (Jan. 30, 2020)

  • The Interior Department announced today it will ban Chinese-made drones for non-emergency use. The Secretary's Order responds to growing concerns that information collected by aerial drones could be "valuable to foreign entities, organizations and governments." In 2012, EPIC and more than 100 experts petitioned the FAA to establish a privacy rule for drones, but the agency failed to act. Last year EPIC's Marc Rotenberg and Len Kennedy cited the FAA's failure, and also warned that China's surveillance model requires "comprehensive privacy legislation to safeguard the personal data of Americans." Senator Chris Murphy [D-CT] and Senator Rick Scott [R-FL] have introduced S. 2502, the American Security Drone Act of 2019 that would prevent federal agencies from purchasing drones manufactured in China. (Jan. 29, 2020)

  • The Banisar index has found that as of 2019, 130 countries have adopted comprehensive data protection laws to protect personal data held by private companies and government entities. In almost all of the countries, an independent data protection agency or information commission oversees and enforces the laws. EPIC's recent report on U.S. federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline legislation and the creation of a data protection agency. EPIC also makes available The 2020 Privacy Law Sourcebook at the EPIC Bookstore. (Jan. 29, 2020)

  • In comments on an FCC proposed rule, EPIC said that the agency should not track the Internet use of Lifeline subscribers. Lifeline is a federal program that provides broadband service to economically disadvantaged Americans. The FCC is proposing that Lifeline subscribers install apps to track their data usage and that companies retain detailed records about Internet use by Lifeline subscribers. EPIC said: "Americans should not be required to sacrifice their privacy to access the Internet." EPIC led a campaign and petition opposing the FCC's requirement that telephone carriers retain detailed records of American telephone customers. (Jan. 28, 2020)

  • On January 28, EPIC celebrates International Privacy Day, which commemorates Council of Europe Convention 108, the first international privacy convention. Today EPIC urged Congress to take three steps to safeguard the personal data of Americans: (1) enact comprehensive baseline legislation, (2) establish a data protection agency, and (3) ratify the International Privacy Convention. EPIC and consumer organizations have long urged the United States to endorse the Privacy Convention, which establishes a global framework for the free flow of personal data. The complete text of the Privacy Convention is in the EPIC Privacy Law Sourcebook, available at the EPIC Bookstore. Follow #DataProtectionDay. (Jan. 28, 2020)

  • EPIC has written in support of Maryland Senate Bill 34, which would prohibit the scanning or swiping of identification cards and driver’s licenses. "The best defense against data breaches is not collecting and retaining personal data in the first place,” EPIC said in testimony to the Maryland State Senate Finance Committee. The bill is sponsored by Senator Cheryl Kagan and it passed the State Senate unanimously last session. EPIC previously warned of the risks of swiping identity documents in a report on the controversial REAL ID proposal - “REAL ID Implementation Review: Few Benefits, Staggering Costs." EPIC's State Policy Project tracks privacy developments at the state level. (Jan. 28, 2020)

  • A new Pew Research survey found that 74% of U.S. adults say it is more important to keep things about themselves from being searchable online than it is to discover potentially useful information about others. And 85% say that all Americans should have the right to have potentially embarrassing photos and videos removed from online search results. EPIC advocates for the "right to be forgotten" and maintains a webpage on U.S. state laws that allow individuals to remove records containing disparaging information. EPIC publication "The Right to be Forgotten on the Internet: Google v. Spain," an account of the original case written by former Spanish Privacy Commissioner Artemi Rallo, is available in the EPIC bookstore. (Jan. 27, 2020)

  • EPIC and over 40 organizations have urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. The Board advises the government on new threats to privacy. The groups said “the rapid and unregulated deployment of facial recognition poses a direct threat to ‘the precious liberties that are vital to our way of life.’” Last year, the Public Voice coalition called for a global moratorium on face surveillance. The Declaration was endorsed by over 100 organizations and several hundred experts in over 40 countries. EPIC previously called for DHS to suspend the use of facial recognition technology. EU leaders are now considering a ban on the use of facial recognition in public spaces, “for up to five years until safeguards to mitigate the technology’s risk are in place.” (Jan. 27, 2020)

  • A new European Parliament Resolution advises the European Commission to establish strong oversight of artificial intelligence. The Resolution emphasizes safe and compliant products, human responsibility, safety, transparency, explainability, and data quality. The Resolution also supports the free flow of non-personal data to promote innovation. Several of these principles are put forward in the Universal Guidelines for AI, which EPIC recommends as the baseline for AI Policy. On February 19, the European Commission is expected to announce how it will proceed with AI regulation. EPIC has promoted Algorithmic Transparency and published the AI Policy Sourcebook, the first reference book on AI policy. (Jan. 23, 2020)

  • EPIC presented the 2020 International Privacy Champion Awards to Isabelle Falque-Pierrotin, former President of the French Data Protection Agency (the "CNIL") and British journalist Carole Cadwalladr. EPIC President Marc Rotenberg drew attention to Falque-Pierrotin's "dedication and determination" which have "given force to the right to privacy." Rotenberg cited Cadwalladr's reporting on the Cambridge Analytica data breach, which has made clear "the deep connection between data protection and the protection of democratic institutions." The ceremony took place at the annual conference on Computers, Privacy, and Data Protection in Brussels, Belgium. The 2020 EPIC Champion of Freedom Awards will be held at the National Press Club in Washington, DC on June 3, 2020. PRESS RELEASE (Jan. 22, 2020)

  • None of Your Business, the privacy NGO established by Max Schrems, has launched a new resource for those following European privacy law. GDPRhub provides summaries of decisions by national Data Protection Agencies and courts concerning the GDPR. This database offers insight into key debates on the interpretation of contentious GDPR issues. A second database, "GDPR Knowledge," offers commentaries on GDPR and DPA profiles across the EU. NOYB is also publishing GDPRtoday, which provides a "quick overview of all national decisions of the past days from all across Europe." EPIC provides the text of the GDPR in the 2020 Privacy Law Sourcebook available at the EPIC Bookstore. (Jan. 22, 2020)

  • A new Pew Research poll finds that 41% of Americans say it is acceptable for makers of fitness trackers to disclose users' data to medical researchers, while 35% believe this is an unacceptable practice and 22% are unsure. The study also found that white adults (39%) are more likely than those who are black (31%) or Hispanic (26%) to see disclosure of this data as unacceptable. EPIC told Congress that the Federal Trade Commission must block Google's plan to acquire Fitbit and that merger review must consider data protection. EPIC maintains an extensive page on Privacy and Public Opinion which shows consistent support among Americans for stronger privacy laws. EPIC advocates for comprehensive privacy legislation and the establishment of a U.S. data protection agency. (Jan. 22, 2020)

  • EPIC will present argument today in State v. Andrews, a New Jersey Supreme Court case about the compelled disclosure of a cell phone passcode. In its amicus brief, EPIC argued that the Fifth Amendment limits the ability of the government to obtain cellphone passcodes. Citing Riley v. California and Carpenter v. United States, EPIC said the U.S. Supreme Court has held that the vast troves of personal data stored in cell phones "justifies strong constitutional protections." EPIC also explained that limited exceptions to Fifth Amendment safeguards were adopted before personal information was "consolidated in one place." EPIC routinely files amicus briefs arguing that constitutional protections should keep pace with advances in technology. EPIC filed amicus briefs in Carpenter and Riley, which both involved the searches of cellphones. The Supreme Court cited EPIC's amicus brief in the Riley opinion. (Jan. 21, 2020)

  • The U.S. Supreme Court will leave in place a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition. EPIC recently launched a campaign and resource page to ban face surveillance. (Jan. 21, 2020)

  • Facebook reversed the controversial decision to sell ads in WhatsApp. Before WhatsApp was acquired by Facebook, the company promised users it would not sell ads. But Facebook did not honor that promise to users, causing the WhatsApp founders to resign. When Facebook proposed to acquire WhatsApp in 2014, EPIC filed a complaint with the FTC advising the agency to block the sale unless adequate privacy safeguards were established for WhatsApp user data.The FTC wrote in response "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the Federal Trade Commission (FTC) Act and, potentially, the FTC's order against Facebook." EPIC has challenged the proposed FTC settlement with Facebook, arguing that it is procedurally unfair and that the FTC failed to address growing concerns about the use of WhatsApp user data. The FTC is now considering blocking the integration of Facebook and WhatsApp user data. (Jan. 21, 2020)

  • POLITICO reports that EU President von der Leyen and Commissioner Vestager are considering a ban on the use of facial recognition in public spaces, "for up to five years until safeguards to mitigate the technology's risks are in place." Last fall, more than 100 organizations, and several hundred experts, from over 40 countries urged data protection officials to adopt a moratorium on facial recognition. The Public Voice petition asked countries to "establish the legal rules, technical standards, and ethical guidelines necessary to safeguard fundamental rights and comply with legal obligations before further deployment of this technology occurs." EPIC is now tracking efforts around the world to Ban Face Surveillance. (Jan. 16, 2020)

  • The EU Advocate General advised the European Court of Justice that "the means and methods of combating terrorism must be compatible with the requirements of the rule of law" in a case concerning the retention of personal data for law enforcement purposes. The AG recommended limiting retention of data to data that are essential for national security and limiting access to that data subject to prior review by courts. The opinion is not binding on the Court of Justice and the Court will issue a judgment at a later date. The AG cited EPIC's expert submissions in "Schrems 2.0," another case concerning Facebook's transfer of personal data to the United States and the adequacy of U.S. privacy law. (Jan. 16, 2020)

  • EPIC has urged Congress to implement the OECD Principles on AI and adopt the Universal Guidelines of AI. In a statement in advance of a hearing on "Industries of the Future," EPIC also highlighted the White Houses's Guidance for AI Regulation, and urged the Senate to prioritize public participation and democratic values. Senator Roger Wicker's (R-MS) bill, the "Industries of the Future Act," would promote government investment in research and development and create a government Council to advise the Office of Science and Technology Policy on future industries, including artificial intelligence. EPIC has long advocated for transparency and public participation in AI policymaking. EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. EPIC recently filed a complaint with the FTC alleging that recruiting company HireVue fails to comply with baseline standards for AI decision-making. EPIC also sued the DOJ to uncover documents about the use of algorithms in the criminal justice system. (Jan. 15, 2020)

  • EPIC has filed its opening brief urging the D.C. Circuit to reverse a lower court decision that allowed FAA's Drone Advisory Committee to conduct much of its work in secret. "If the decision is allowed to stand, other federal agencies could circumvent the law by creating subcommittees and task forces and developing policy in secretive meetings held by entities that agencies attempt to place beyond the reach of the [Federal Advisory Committee Act]," EPIC told the Court of Appeals. EPIC filed suit in 2018 against the industry-dominated Committee, which consistently ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. As a result of EPIC's lawsuit, the Committee was forced to disclose hundreds of pages of records that it previously withheld. The case is EPIC v. Drone Advisory Committee, No. 19-5238 (D.C. Cir.). (Jan. 14, 2020)

  • A new report from Norweigian consumer group Forbrukerradet finds that dating apps transmit personal data to at least 135 different third parties involved in behavioral advertising. The data includes IP address, GPS location, age, gender, sexual orientation, and religious beliefs. EPIC joined coalition letters to Congress, the FTC, and state Attorneys General urging investigation of the business practices detailed in the report. EPIC Consumer Protection Counsel Christine Bannan said: "This report highlights the pervasiveness of corporate surveillance and the failures of the FTC notice-and-choice model for privacy protection. Congress should pass comprehensive data protection legislation and establish a U.S. Data Protection Agency to protect consumers from the privacy violations of the adtech industry." (Jan. 14, 2020)

  • The U.S. Interior Department is permanently grounding its fleet of drones over concerns that the devices will enable aerial surveillance by the Chinese government, according to the Financial Times. The Chinese-manufactured drones, which were used to monitor and map federal land, have been temporarily grounded since October. EPIC, NGOs, and leading experts had long urged the Federal Aviation Administration to regulate the privacy risks of drones. Although the FAA is set to require remote identification of drones—as EPIC first recommended five years ago—the FAA has refused to address drone surveillance. EPIC is currently challenging the FAA's failure to disclose records from the Drone Advisory Committee, which acknowledged the privacy risks posed by drones but failed to propose any privacy safeguards. (Jan. 13, 2020)

  • The Supreme Court has aqreed to hear a challenge to the constitutionality of the Telephone Consumer Protection Act, a federal law that prohibits unwanted robocalls. The law generally restricts the use of autodialers, but in 2015 Congress created an exception for robocalls to collect debts guaranteed by the federal government. Several groups have since challenged the law on First Amendment grounds, arguing that the TCPA discriminates against particular speakers. The Court will now consider the issue in Barr v. American Association of Political Consultants. EPIC filed an amicus brief in Gallion v. Charter Communications, a related case, arguing that “these challenges represent a systematic effort by companies to undermine the purpose of the TCPA and to inundates consumers with unwanted calls.” EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA. (Jan. 11, 2020)

  • The Department of Transportation announced AV 4.0, voluntary guidelines for driverless vehicles. The guidelines "use a holistic, risk-based approach to protect the security of data and the public's privacy as AV technologies are designed and integrated." EPIC commented on an earlier version of the guidelines, saying the agency "should promulgate mandatory rather than voluntary cybersecurity guidelines." EPIC warned that "the very real possibility of remote car hacking poses substantial risks to driver safety and security." EPIC also testified before Congress in 2015, explaining that "current approaches, based on industry self-regulation, are inadequate and fail to protect driver privacy and safety." (Jan. 10, 2020)

  • The White House has published Guidance for Regulation of Artificial Intelligence Applications. In a statement, US Chief Technology Officer Michael Kratsios said "The White House calls on agencies to protect privacy and promote civil rights, civil liberties, and American values in the regulatory approach to AI. Among other important steps, agencies should examine whether the outcomes and decisions of an AI application could result in unlawful discrimination, consider appropriate measures to disclose when AI is in use, and consider what controls are needed to ensure the confidentiality and integrity of the information processed, stored and transmitted in an AI system." The US AI Guidance follows from the OECD AI Principles, which the United States has endorsed, as well as some of the Universal Guidelines for AI, a human rights framework for AI endorsed by more than 250 experts and 60 associations in 40 countries. The Guidance makes clear the importance of public participation in the formulation of AI policy. EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. (Jan. 9, 2020)

  • Prior to a hearing with voting system vendors, EPIC urged the House Administration Committee to ensure that voting systems must accurately record votes and protect the secret ballot. "The bar for voting technology and election administration should be set high," EPIC said. Earlier this year EPIC asked a federal court to stop Georgia's use of Direct Recording Electronic voting machines in an amicus brief. Experts in election security have shown that DREs are insecure, vulnerable to attack, fail to provide a paper trail, and subject to manipulation by foreign adversaries. DREs also undermine the secret ballot as particular voters could be linked to particular votes. In 2016, EPIC published "The Secret Ballot at Risk: Recommendations for Protecting Democracy," highlighting the importance of the secret ballot for American democracy. (Jan. 9, 2020)

  • In comments submitted to the USPTO's request for information, EPIC recommended limiting trade secret defenses for AI techniques that have a a significant effect on an individual. EPIC also highlighted the US endorsement of the OECD AI principles, the White House's Guidance for Regulation of Artificial Intelligence Applications, and the Universal Guidelines for Artificial Intelligence. EPIC explained that these policy frameworks make clear the importance of transparency in AI policy. In 2019, EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. (Jan. 9, 2020)

  • In a statement to Congress, EPIC warned that the proposed transfer of DHS data to the Census Bureau would violate the federal Privacy Act. The data include personal information about citizens, immigrants, and foreign nationals. EPIC urged the Committee to "block DHS from carrying out this proposed data transfer pending further review." EPIC previously warned the House Oversight Committee that President Trump's Executive Order on collecting citizenship data could undermine Privacy Act safeguards. EPIC opposed the citizenship question in the 2020 Census, arguing that the Bureau failed to complete required privacy impact assessments. EPIC also filed an amicus brief in the Supreme Court case warning that collecting citizenship information presents "enormous privacy and security concerns." The Supreme Court found the rational for adding the citizen question "contrived" and the question was withdrawn. (Jan. 8, 2020)

  • In a Privacy Impact Assessment, Customs and Border Protection and Immigration and Customs Enforcement announced a plan for the DNA collection of individuals detained at the border, including U.S. citizens. The change comes after a Department of Justice proposed rule that removed the authority of DHS components, including CBP and ICE, to exempt detained individuals from DNA collection. EPIC joined a coalition of civil liberties and immigrant rights organizations in comments to the Justice Department and urged the DOJ to rescind the proposed rule. The coalition stated the proposed rule was an "unacceptable and unnecessary privacy intrusion" that will impact not only the individual's DNA being collected but also family members, including American citizens. In an amicus brief to the Supreme Court, EPIC argued that law enforcement's warrantless collection of DNA is unconstitutional. (Jan. 7, 2020)

  • Facebook has announced its plan to ban "deep fakes" in advance of a House hearing on "Americans at Risk: Manipulation and Deception in the Digital Age" this week. The new policy would ban users from posting deepfakes—computer-generated, highly manipulated videos using technologies like AI—to prevent the spread of disinformation but would allow simpler forms of manipulation. Deepfakes have been used to spread disinformation about politicians, but 96% of "deep fakes" online are videos in which women's faces are superimposed into pornography without their consent. EPIC Board Member Danielle Citron testified before Congress, saying "we need a combination of law, markets, and societal resistance" to combat deepfakes and "the phenomenon is going to be increasingly felt by women and minorities." (Jan. 7, 2020)

  • The Department of Homeland Security has announced a plan to transfer detailed personal data collected from immigrants to the Census Bureau—an apparent violation of the Privacy Act. In a privacy impact assessment, published over the holiday break, the DHS revealed that it would provide names, addresses, social security numbers, and other highly sensitive data to the Census Bureau. Yet the DHS admitted that individuals weren't aware their personal data would be obtained by the Census Bureau, that the data may be inaccurate, or used for purposes unrelated to the census survey. The proposed data transfer follows a July executive order by President Trump, who vowed that the government "will leave no stone unturned" when seeking citizenship information from every person in the United States. EPIC previously warned Congress that the executive order could undermine Privacy Act safeguards. In EPIC v. Commerce, EPIC challenged the failure of the Census Bureau to conduct privacy impact assessments before adding the (later withdrawn) citizenship question to the 2020 Census. (Jan. 7, 2020)

  • The European Data Protection Board will determine whether data brokers and mobile apps comply with the General Data Protection Regulation. The EDPB has commissioned a privacy expert to provide a legal analysis of 25 mobile applications and 10 data brokers. The study is one of several launched by the EDPB to examine the impact of the GDPR. A recent report from the Transatlantic Consumer Dialogue found that Amazon, Netflix, and Spotify do not comply with GDPR and recommended for the United Sates "baseline federal data protection and privacy law that does not pre-empt stronger state privacy protections and that creates an independent data protection agency." EPIC's recent report on federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline, federal legislation and the creation of a data protection agency. (Jan. 6, 2020)

  • The New Year begins with the California Consumer Privacy Act. All Californians now have the right to find out the personal data that companies collect about them, their devices, and their children, the right to opt-out of the sale of personal data, and the right to sue companies for data breaches. Californians can also request that a business delete their personal information. In comments to the California Attorney General, EPIC urged strong enforcement of the privacy law. EPIC's Mary Stone Ross, a coauthor of the law, spoke recently on NPR's All Things Considered about the new law. The complete text of the California Consumer Privacy Act is available in the EPIC 2020 Privacy Law Sourcebook. (Jan. 2, 2020)

  • Congress has passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act of 2019. The TRACED Act establishes penalties for certain robocalls and requires voice service provide to develop call authentication technologies. The FCC will develop rules to limit unwanted calls or texts from a caller using an unauthenticated number. EPIC has long advocated for stronger regulations surrounding robocalls. EPIC provided expert analysis to Congress, submitted numerous comments to the FCC, and filed multiple amicus briefs in appellate courts emphasizing the need to limit robocalls. (Jan. 2, 2020)

Share this page:

Defend Privacy. Support EPIC.
epic.org/ccpa
EPIC Mueller Report book
US Needs a Data Protection Agency