Previous Top News: 2020


  • POLITICO reports that EU President von der Leyen and Commissioner Vestager are considering a ban on the use of facial recognition in public spaces, "for up to five years until safeguards to mitigate the technology's risks are in place." Last fall, more than 100 organizations, and several hundred experts, from over 40 countries urged data protection officials to adopt a moratorium on facial recognition. The Public Voice petition asked countries to "establish the legal rules, technical standards, and ethical guidelines necessary to safeguard fundamental rights and comply with legal obligations before further deployment of this technology occurs." EPIC is now tracking efforts around the world to Ban Face Surveillance. (Jan. 16, 2020)

  • The EU Advocate General advised the European Court of Justice that "the means and methods of combating terrorism must be compatible with the requirements of the rule of law" in a case concerning the retention of personal data for law enforcement purposes. The AG recommended limiting retention of data to data that are essential for national security and limiting access to that data subject to prior review by courts. The opinion is not binding on the Court of Justice and the Court will issue a judgment at a later date. The AG cited EPIC's expert submissions in "Schrems 2.0," another case concerning Facebook's transfer of personal data to the United States and the adequacy of U.S. privacy law. (Jan. 16, 2020)

  • EPIC has urged Congress to implement the OECD Principles on AI and adopt the Universal Guidelines of AI. In a statement in advance of a hearing on "Industries of the Future," EPIC also highlighted the White Houses's Guidance for AI Regulation, and urged the Senate to prioritize public participation and democratic values. Senator Roger Wicker's (R-MS) bill, the "Industries of the Future Act," would promote government investment in research and development and create a government Council to advise the Office of Science and Technology Policy on future industries, including artificial intelligence. EPIC has long advocated for transparency and public participation in AI policymaking. EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. EPIC recently filed a complaint with the FTC alleging that recruiting company HireVue fails to comply with baseline standards for AI decision-making. EPIC also sued the DOJ to uncover documents about the use of algorithms in the criminal justice system. (Jan. 15, 2020)

  • EPIC has filed its opening brief urging the D.C. Circuit to reverse a lower court decision that allowed FAA's Drone Advisory Committee to conduct much of its work in secret. "If the decision is allowed to stand, other federal agencies could circumvent the law by creating subcommittees and task forces and developing policy in secretive meetings held by entities that agencies attempt to place beyond the reach of the [Federal Advisory Committee Act]," EPIC told the Court of Appeals. EPIC filed suit in 2018 against the industry-dominated Committee, which consistently ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. As a result of EPIC's lawsuit, the Committee was forced to disclose hundreds of pages of records that it previously withheld. The case is EPIC v. Drone Advisory Committee, No. 19-5238 (D.C. Cir.). (Jan. 14, 2020)

  • A new report from Norweigian consumer group Forbrukerradet finds that dating apps transmit personal data to at least 135 different third parties involved in behavioral advertising. The data includes IP address, GPS location, age, gender, sexual orientation, and religious beliefs. EPIC joined coalition letters to Congress, the FTC, and state Attorneys General urging investigation of the business practices detailed in the report. EPIC Consumer Protection Counsel Christine Bannan said: "This report highlights the pervasiveness of corporate surveillance and the failures of the FTC notice-and-choice model for privacy protection. Congress should pass comprehensive data protection legislation and establish a U.S. Data Protection Agency to protect consumers from the privacy violations of the adtech industry." (Jan. 14, 2020)

  • The U.S. Interior Department is permanently grounding its fleet of drones over concerns that the devices will enable aerial surveillance by the Chinese government, according to the Financial Times. The Chinese-manufactured drones, which were used to monitor and map federal land, have been temporarily grounded since October. EPIC, NGOs, and leading experts had long urged the Federal Aviation Administration to regulate the privacy risks of drones. Although the FAA is set to require remote identification of drones—as EPIC first recommended five years ago—the FAA has refused to address drone surveillance. EPIC is currently challenging the FAA's failure to disclose records from the Drone Advisory Committee, which acknowledged the privacy risks posed by drones but failed to propose any privacy safeguards. (Jan. 13, 2020)

  • The Supreme Court has aqreed to hear a challenge to the constitutionality of the Telephone Consumer Protection Act, a federal law that prohibits unwanted robocalls. The law generally restricts the use of autodialers, but in 2015 Congress created an exception for robocalls to collect debts guaranteed by the federal government. Several groups have since challenged the law on First Amendment grounds, arguing that the TCPA discriminates against particular speakers. The Court will now consider the issue in Barr v. American Association of Political Consultants. EPIC filed an amicus brief in Gallion v. Charter Communications, a related case, arguing that “these challenges represent a systematic effort by companies to undermine the purpose of the TCPA and to inundates consumers with unwanted calls.” EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA. (Jan. 11, 2020)

  • The Department of Transportation announced AV 4.0, voluntary guidelines for driverless vehicles. The guidelines "use a holistic, risk-based approach to protect the security of data and the public's privacy as AV technologies are designed and integrated." EPIC commented on an earlier version of the guidelines, saying the agency "should promulgate mandatory rather than voluntary cybersecurity guidelines." EPIC warned that "the very real possibility of remote car hacking poses substantial risks to driver safety and security." EPIC also testified before Congress in 2015, explaining that "current approaches, based on industry self-regulation, are inadequate and fail to protect driver privacy and safety." (Jan. 10, 2020)

  • The White House has published Guidance for Regulation of Artificial Intelligence Applications. In a statement, US Chief Technology Officer Michael Kratsios said "The White House calls on agencies to protect privacy and promote civil rights, civil liberties, and American values in the regulatory approach to AI. Among other important steps, agencies should examine whether the outcomes and decisions of an AI application could result in unlawful discrimination, consider appropriate measures to disclose when AI is in use, and consider what controls are needed to ensure the confidentiality and integrity of the information processed, stored and transmitted in an AI system." The US AI Guidance follows from the OECD AI Principles, which the United States has endorsed, as well as some of the Universal Guidelines for AI, a human rights framework for AI endorsed by more than 250 experts and 60 associations in 40 countries. The Guidance makes clear the importance of public participation in the formulation of AI policy. EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. (Jan. 9, 2020)

  • Prior to a hearing with voting system vendors, EPIC urged the House Administration Committee to ensure that voting systems must accurately record votes and protect the secret ballot. "The bar for voting technology and election administration should be set high," EPIC said. Earlier this year EPIC asked a federal court to stop Georgia's use of Direct Recording Electronic voting machines in an amicus brief. Experts in election security have shown that DREs are insecure, vulnerable to attack, fail to provide a paper trail, and subject to manipulation by foreign adversaries. DREs also undermine the secret ballot as particular voters could be linked to particular votes. In 2016, EPIC published "The Secret Ballot at Risk: Recommendations for Protecting Democracy," highlighting the importance of the secret ballot for American democracy. (Jan. 9, 2020)

  • In comments submitted to the USPTO's request for information, EPIC recommended limiting trade secret defenses for AI techniques that have a a significant effect on an individual. EPIC also highlighted the US endorsement of the OECD AI principles, the White House's Guidance for Regulation of Artificial Intelligence Applications, and the Universal Guidelines for Artificial Intelligence. EPIC explained that these policy frameworks make clear the importance of transparency in AI policy. In 2019, EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. (Jan. 9, 2020)

  • In a statement to Congress, EPIC warned that the proposed transfer of DHS data to the Census Bureau would violate the federal Privacy Act. The data include personal information about citizens, immigrants, and foreign nationals. EPIC urged the Committee to "block DHS from carrying out this proposed data transfer pending further review." EPIC previously warned the House Oversight Committee that President Trump's Executive Order on collecting citizenship data could undermine Privacy Act safeguards. EPIC opposed the citizenship question in the 2020 Census, arguing that the Bureau failed to complete required privacy impact assessments. EPIC also filed an amicus brief in the Supreme Court case warning that collecting citizenship information presents "enormous privacy and security concerns." The Supreme Court found the rational for adding the citizen question "contrived" and the question was withdrawn. (Jan. 8, 2020)

  • In a Privacy Impact Assessment, Customs and Border Protection and Immigration and Customs Enforcement announced a plan for the DNA collection of individuals detained at the border, including U.S. citizens. The change comes after a Department of Justice proposed rule that removed the authority of DHS components, including CBP and ICE, to exempt detained individuals from DNA collection. EPIC joined a coalition of civil liberties and immigrant rights organizations in comments to the Justice Department and urged the DOJ to rescind the proposed rule. The coalition stated the proposed rule was an "unacceptable and unnecessary privacy intrusion" that will impact not only the individual's DNA being collected but also family members, including American citizens. In an amicus brief to the Supreme Court, EPIC argued that law enforcement's warrantless collection of DNA is unconstitutional. (Jan. 7, 2020)

  • Facebook has announced its plan to ban "deep fakes" in advance of a House hearing on "Americans at Risk: Manipulation and Deception in the Digital Age" this week. The new policy would ban users from posting deepfakes—computer-generated, highly manipulated videos using technologies like AI—to prevent the spread of disinformation but would allow simpler forms of manipulation. Deepfakes have been used to spread disinformation about politicians, but 96% of "deep fakes" online are videos in which women's faces are superimposed into pornography without their consent. EPIC Board Member Danielle Citron testified before Congress, saying "we need a combination of law, markets, and societal resistance" to combat deepfakes and "the phenomenon is going to be increasingly felt by women and minorities." (Jan. 7, 2020)

  • The Department of Homeland Security has announced a plan to transfer detailed personal data collected from immigrants to the Census Bureau—an apparent violation of the Privacy Act. In a privacy impact assessment, published over the holiday break, the DHS revealed that it would provide names, addresses, social security numbers, and other highly sensitive data to the Census Bureau. Yet the DHS admitted that individuals weren't aware their personal data would be obtained by the Census Bureau, that the data may be inaccurate, or used for purposes unrelated to the census survey. The proposed data transfer follows a July executive order by President Trump, who vowed that the government "will leave no stone unturned" when seeking citizenship information from every person in the United States. EPIC previously warned Congress that the executive order could undermine Privacy Act safeguards. In EPIC v. Commerce, EPIC challenged the failure of the Census Bureau to conduct privacy impact assessments before adding the (later withdrawn) citizenship question to the 2020 Census. (Jan. 7, 2020)

  • The European Data Protection Board will determine whether data brokers and mobile apps comply with the General Data Protection Regulation. The EDPB has commissioned a privacy expert to provide a legal analysis of 25 mobile applications and 10 data brokers. The study is one of several launched by the EDPB to examine the impact of the GDPR. A recent report from the Transatlantic Consumer Dialogue found that Amazon, Netflix, and Spotify do not comply with GDPR and recommended for the United Sates "baseline federal data protection and privacy law that does not pre-empt stronger state privacy protections and that creates an independent data protection agency." EPIC's recent report on federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline, federal legislation and the creation of a data protection agency. (Jan. 6, 2020)

  • The New Year begins with the California Consumer Privacy Act. All Californians now have the right to find out the personal data that companies collect about them, their devices, and their children, the right to opt-out of the sale of personal data, and the right to sue companies for data breaches. Californians can also request that a business delete their personal information. In comments to the California Attorney General, EPIC urged strong enforcement of the privacy law. EPIC's Mary Stone Ross, a coauthor of the law, spoke recently on NPR's All Things Considered about the new law. The complete text of the California Consumer Privacy Act is available in the EPIC 2020 Privacy Law Sourcebook. (Jan. 2, 2020)

  • Congress has passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act of 2019. The TRACED Act establishes penalties for certain robocalls and requires voice service provide to develop call authentication technologies. The FCC will develop rules to limit unwanted calls or texts from a caller using an unauthenticated number. EPIC has long advocated for stronger regulations surrounding robocalls. EPIC provided expert analysis to Congress, submitted numerous comments to the FCC, and filed multiple amicus briefs in appellate courts emphasizing the need to limit robocalls. (Jan. 2, 2020)

Share this page:

Defend Privacy. Support EPIC.
epic.org/ccpa
EPIC Mueller Report book
US Needs a Data Protection Agency