epic.org: January 2020 Archives

Congress Enacts Robocall Legislation

Congress has passed the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act of 2019. The TRACED Act establishes penalties for certain robocalls and requires voice service provide to develop call authentication technologies. The FCC will develop rules to limit unwanted calls or texts from a caller using an unauthenticated number. EPIC has long advocated for stronger regulations surrounding robocalls. EPIC provided expert analysis to Congress, submitted numerous comments to the FCC, and filed multiple amicus briefs in appellate courts emphasizing the need to limit robocalls.

Tags:

Posted by Caitriona Fitzgerald on January 2, 2020 9:49 AM | Permalink

New Year Begins with California Consumer Privacy Law

The New Year begins with the California Consumer Privacy Act. All Californians now have the right to find out the personal data that companies collect about them, their devices, and their children, the right to opt-out of the sale of personal data, and the right to sue companies for data breaches. Californians can also request that a business delete their personal information. In comments to the California Attorney General, EPIC urged strong enforcement of the privacy law. EPIC's Mary Stone Ross, a coauthor of the law, spoke recently on NPR's All Things Considered about the new law. The complete text of the California Consumer Privacy Act is available in the EPIC 2020 Privacy Law Sourcebook.

Tags:

consumer privacy

Posted by EPIC on January 2, 2020 5:50 PM | Permalink

European Privacy Experts to Assess GDPR Compliance

The European Data Protection Board will determine whether data brokers and mobile apps comply with the General Data Protection Regulation. The EDPB has commissioned a privacy expert to provide a legal analysis of 25 mobile applications and 10 data brokers. The study is one of several launched by the EDPB to examine the impact of the GDPR. A recent report from the Transatlantic Consumer Dialogue found that Amazon, Netflix, and Spotify do not comply with GDPR and recommended for the United Sates "baseline federal data protection and privacy law that does not pre-empt stronger state privacy protections and that creates an independent data protection agency." EPIC's recent report on federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline, federal legislation and the creation of a data protection agency.

Tags:

Posted by EPIC on January 6, 2020 6:05 PM | Permalink

DHS Seeks to Transfer Personal Data to Census Bureau in Violation of Privacy Act

The Department of Homeland Security has announced a plan to transfer detailed personal data collected from immigrants to the Census Bureau—an apparent violation of the Privacy Act. In a privacy impact assessment, published over the holiday break, the DHS revealed that it would provide names, addresses, social security numbers, and other highly sensitive data to the Census Bureau. Yet the DHS admitted that individuals weren't aware their personal data would be obtained by the Census Bureau, that the data may be inaccurate, or used for purposes unrelated to the census survey. The proposed data transfer follows a July executive order by President Trump, who vowed that the government "will leave no stone unturned" when seeking citizenship information from every person in the United States. EPIC previously warned Congress that the executive order could undermine Privacy Act safeguards. In EPIC v. Commerce, EPIC challenged the failure of the Census Bureau to conduct privacy impact assessments before adding the (later withdrawn) citizenship question to the 2020 Census.

Tags:

Posted by EPIC on January 7, 2020 9:55 AM | Permalink

Facebook Announces Deepfakes Ban

Facebook has announced its plan to ban "deep fakes" in advance of a House hearing on "Americans at Risk: Manipulation and Deception in the Digital Age" this week. The new policy would ban users from posting deepfakes—computer-generated, highly manipulated videos using technologies like AI—to prevent the spread of disinformation but would allow simpler forms of manipulation. Deepfakes have been used to spread disinformation about politicians, but 96% of "deep fakes" online are videos in which women's faces are superimposed into pornography without their consent. EPIC Board Member Danielle Citron testified before Congress, saying "we need a combination of law, markets, and societal resistance" to combat deepfakes and "the phenomenon is going to be increasingly felt by women and minorities."

Tags:

Facebook

Posted by EPIC on January 7, 2020 11:55 AM | Permalink

Federal Agencies Move Forward Plan for DNA Collection

In a Privacy Impact Assessment, Customs and Border Protection and Immigration and Customs Enforcement announced a plan for the DNA collection of individuals detained at the border, including U.S. citizens. The change comes after a Department of Justice proposed rule that removed the authority of DHS components, including CBP and ICE, to exempt detained individuals from DNA collection. EPIC joined a coalition of civil liberties and immigrant rights organizations in comments to the Justice Department and urged the DOJ to rescind the proposed rule. The coalition stated the proposed rule was an "unacceptable and unnecessary privacy intrusion" that will impact not only the individual's DNA being collected but also family members, including American citizens. In an amicus brief to the Supreme Court, EPIC argued that law enforcement's warrantless collection of DNA is unconstitutional.

Tags:

Posted by EPIC on January 7, 2020 12:15 PM | Permalink

EPIC to Congress: Suspend DHS Data Transfer to Census Bureau

In a statement to Congress, EPIC warned that the proposed transfer of DHS data to the Census Bureau would violate the federal Privacy Act. The data include personal information about citizens, immigrants, and foreign nationals. EPIC urged the Committee to "block DHS from carrying out this proposed data transfer pending further review." EPIC previously warned the House Oversight Committee that President Trump's Executive Order on collecting citizenship data could undermine Privacy Act safeguards. EPIC opposed the citizenship question in the 2020 Census, arguing that the Bureau failed to complete required privacy impact assessments. EPIC also filed an amicus brief in the Supreme Court case warning that collecting citizenship information presents "enormous privacy and security concerns." The Supreme Court found the rational for adding the citizen question "contrived" and the question was withdrawn.

Tags:

Posted by EPIC on January 8, 2020 5:05 PM | Permalink

EPIC to Congress: Voting Systems Must Accurately Record Votes, Protect Secret Ballot

Prior to a hearing with voting system vendors, EPIC urged the House Administration Committee to ensure that voting systems must accurately record votes and protect the secret ballot. "The bar for voting technology and election administration should be set high," EPIC said. Earlier this year EPIC asked a federal court to stop Georgia's use of Direct Recording Electronic voting machines in an amicus brief. Experts in election security have shown that DREs are insecure, vulnerable to attack, fail to provide a paper trail, and subject to manipulation by foreign adversaries. DREs also undermine the secret ballot as particular voters could be linked to particular votes. In 2016, EPIC published "The Secret Ballot at Risk: Recommendations for Protecting Democracy," highlighting the importance of the secret ballot for American democracy.

Tags:

Posted by EPIC on January 9, 2020 12:55 PM | Permalink

White House Publishes Guidance for AI Regulation

The White House has published Guidance for Regulation of Artificial Intelligence Applications. In a statement, US Chief Technology Officer Michael Kratsios said "The White House calls on agencies to protect privacy and promote civil rights, civil liberties, and American values in the regulatory approach to AI. Among other important steps, agencies should examine whether the outcomes and decisions of an AI application could result in unlawful discrimination, consider appropriate measures to disclose when AI is in use, and consider what controls are needed to ensure the confidentiality and integrity of the information processed, stored and transmitted in an AI system." The US AI Guidance follows from the OECD AI Principles, which the United States has endorsed, as well as some of the Universal Guidelines for AI, a human rights framework for AI endorsed by more than 250 experts and 60 associations in 40 countries. The Guidance makes clear the importance of public participation in the formulation of AI policy. EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records.

Tags:

Posted by EPIC on January 9, 2020 6:05 PM | Permalink

Department of Transportation Releases Voluntary Guidelines for Driverless Vehicles

The Department of Transportation announced AV 4.0, voluntary guidelines for driverless vehicles. The guidelines "use a holistic, risk-based approach to protect the security of data and the public's privacy as AV technologies are designed and integrated." EPIC commented on an earlier version of the guidelines, saying the agency "should promulgate mandatory rather than voluntary cybersecurity guidelines." EPIC warned that "the very real possibility of remote car hacking poses substantial risks to driver safety and security." EPIC also testified before Congress in 2015, explaining that "current approaches, based on industry self-regulation, are inadequate and fail to protect driver privacy and safety."

Tags:

Posted by Caitriona Fitzgerald on January 10, 2020 12:02 PM | Permalink

Supreme Court to Review Constitutionality of Federal Robocall Ban

The Supreme Court has aqreed to hear a challenge to the constitutionality of the Telephone Consumer Protection Act, a federal law that prohibits unwanted robocalls. The law generally restricts the use of autodialers, but in 2015 Congress created an exception for robocalls to collect debts guaranteed by the federal government. Several groups have since challenged the law on First Amendment grounds, arguing that the TCPA discriminates against particular speakers. The Court will now consider the issue in Barr v. American Association of Political Consultants. EPIC filed an amicus brief in Gallion v. Charter Communications, a related case, arguing that “these challenges represent a systematic effort by companies to undermine the purpose of the TCPA and to inundates consumers with unwanted calls.” EPIC routinely files amicus briefs on consumer privacy issues, including several amicus briefs on the TCPA.

Tags:

Posted by Caitriona Fitzgerald on January 11, 2020 12:50 PM | Permalink

U.S. Government Grounds Drone Fleet, Cites Surveillance Concerns

The U.S. Interior Department is permanently grounding its fleet of drones over concerns that the devices will enable aerial surveillance by the Chinese government, according to the Financial Times. The Chinese-manufactured drones, which were used to monitor and map federal land, have been temporarily grounded since October. EPIC, NGOs, and leading experts had long urged the Federal Aviation Administration to regulate the privacy risks of drones. Although the FAA is set to require remote identification of drones—as EPIC first recommended five years ago—the FAA has refused to address drone surveillance. EPIC is currently challenging the FAA's failure to disclose records from the Drone Advisory Committee, which acknowledged the privacy risks posed by drones but failed to propose any privacy safeguards.

Tags:

drones

Posted by EPIC on January 13, 2020 1:40 PM | Permalink

EPIC Recommends Congress Implement OECD AI Principles, Back Universal Guidelines

EPIC has urged Congress to implement the OECD Principles on AI and adopt the Universal Guidelines of AI. In a statement in advance of a hearing on "Industries of the Future," EPIC also highlighted the White Houses's Guidance for AI Regulation, and urged the Senate to prioritize public participation and democratic values. Senator Roger Wicker's (R-MS) bill, the "Industries of the Future Act," would promote government investment in research and development and create a government Council to advise the Office of Science and Technology Policy on future industries, including artificial intelligence. EPIC has long advocated for transparency and public participation in AI policymaking. EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records. EPIC recently filed a complaint with the FTC alleging that recruiting company HireVue fails to comply with baseline standards for AI decision-making. EPIC also sued the DOJ to uncover documents about the use of algorithms in the criminal justice system.

Tags:

Posted by EPIC on January 15, 2020 10:30 AM | Permalink

Report Finds Dating Apps Leak Personal Data, EPIC and Coalition Urge Investigation

A new report from Norweigian consumer group Forbrukerradet finds that dating apps transmit personal data to at least 135 different third parties involved in behavioral advertising. The data includes IP address, GPS location, age, gender, sexual orientation, and religious beliefs. EPIC joined coalition letters to Congress, the FTC, and state Attorneys General urging investigation of the business practices detailed in the report. EPIC Consumer Protection Counsel Christine Bannan said: "This report highlights the pervasiveness of corporate surveillance and the failures of the FTC notice-and-choice model for privacy protection. Congress should pass comprehensive data protection legislation and establish a U.S. Data Protection Agency to protect consumers from the privacy violations of the adtech industry."

Tags:

Posted by EPIC on January 14, 2020 4:45 PM | Permalink

EPIC Urges D.C. Circuit to Order Disclosure of FAA Drone Committee Records

EPIC has filed its opening brief urging the D.C. Circuit to reverse a lower court decision that allowed FAA's Drone Advisory Committee to conduct much of its work in secret. "If the decision is allowed to stand, other federal agencies could circumvent the law by creating subcommittees and task forces and developing policy in secretive meetings held by entities that agencies attempt to place beyond the reach of the [Federal Advisory Committee Act]," EPIC told the Court of Appeals. EPIC filed suit in 2018 against the industry-dominated Committee, which consistently ignored the privacy risks posed by the deployment of drones—even after identifying privacy as a top public concern. As a result of EPIC's lawsuit, the Committee was forced to disclose hundreds of pages of records that it previously withheld. The case is EPIC v. Drone Advisory Committee, No. 19-5238 (D.C. Cir.).

Tags:

drones
FACA

Posted by EPIC on January 14, 2020 4:55 PM | Permalink

EU Legal Advisor Advances Privacy for National Security Matters

The EU Advocate General advised the European Court of Justice that "the means and methods of combating terrorism must be compatible with the requirements of the rule of law" in a case concerning the retention of personal data for law enforcement purposes. The AG recommended limiting retention of data to data that are essential for national security and limiting access to that data subject to prior review by courts. The opinion is not binding on the Court of Justice and the Court will issue a judgment at a later date. The AG cited EPIC's expert submissions in "Schrems 2.0," another case concerning Facebook's transfer of personal data to the United States and the adequacy of U.S. privacy law.

Tags:

Posted by EPIC on January 16, 2020 4:50 PM | Permalink

EU Leaders to Consider Ban on Face Surveillance

POLITICO reports that EU President von der Leyen and Commissioner Vestager are considering a ban on the use of facial recognition in public spaces, "for up to five years until safeguards to mitigate the technology's risks are in place." Last fall, more than 100 organizations, and several hundred experts, from over 40 countries urged data protection officials to adopt a moratorium on facial recognition. The Public Voice petition asked countries to "establish the legal rules, technical standards, and ethical guidelines necessary to safeguard fundamental rights and comply with legal obligations before further deployment of this technology occurs." EPIC is now tracking efforts around the world to Ban Face Surveillance.

Tags:

Posted by EPIC on January 16, 2020 5:05 PM | Permalink

EPIC Advises USPTO to Follow US AI Commitments, Limit Trade Secrets

In comments submitted to the USPTO's request for information, EPIC recommended limiting trade secret defenses for AI techniques that have a a significant effect on an individual. EPIC also highlighted the US endorsement of the OECD AI principles, the White House's Guidance for Regulation of Artificial Intelligence Applications, and the Universal Guidelines for Artificial Intelligence. EPIC explained that these policy frameworks make clear the importance of transparency in AI policy. In 2019, EPIC successfully sued the National Security Commission on Artificial Intelligence to ensure public access to agency records.

Tags:

Posted by EPIC on January 9, 2020 11:35 AM | Permalink

Facing Growing Criticism, Facebook Reverses Decision to Sell Ads in WhatsApp

Facebook reversed the controversial decision to sell ads in WhatsApp. Before WhatsApp was acquired by Facebook, the company promised users it would not sell ads. But Facebook did not honor that promise to users, causing the WhatsApp founders to resign. When Facebook proposed to acquire WhatsApp in 2014, EPIC filed a complaint with the FTC advising the agency to block the sale unless adequate privacy safeguards were established for WhatsApp user data.The FTC wrote in response "if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the Federal Trade Commission (FTC) Act and, potentially, the FTC's order against Facebook." EPIC has challenged the proposed FTC settlement with Facebook, arguing that it is procedurally unfair and that the FTC failed to address growing concerns about the use of WhatsApp user data. The FTC is now considering blocking the integration of Facebook and WhatsApp user data.

Tags:

Posted by EPIC on January 21, 2020 9:55 AM | Permalink

EPIC to Argue in Court Fifth Amendment Protects Cell Phone Passcodes

EPIC will present argument today in State v. Andrews, a New Jersey Supreme Court case about the compelled disclosure of a cell phone passcode. In its amicus brief, EPIC argued that the Fifth Amendment limits the ability of the government to obtain cellphone passcodes. Citing Riley v. California and Carpenter v. United States, EPIC said the U.S. Supreme Court has held that the vast troves of personal data stored in cell phones "justifies strong constitutional protections." EPIC also explained that limited exceptions to Fifth Amendment safeguards were adopted before personal information was "consolidated in one place." EPIC routinely files amicus briefs arguing that constitutional protections should keep pace with advances in technology. EPIC filed amicus briefs in Carpenter and Riley, which both involved the searches of cellphones. The Supreme Court cited EPIC's amicus brief in the Riley opinion.

Tags:

Posted by EPIC on January 21, 2020 2:50 PM | Permalink

Poll: Americans Split on Fitness Tracker Data Use in Research

A new Pew Research poll finds that 41% of Americans say it is acceptable for makers of fitness trackers to disclose users' data to medical researchers, while 35% believe this is an unacceptable practice and 22% are unsure. The study also found that white adults (39%) are more likely than those who are black (31%) or Hispanic (26%) to see disclosure of this data as unacceptable. EPIC told Congress that the Federal Trade Commission must block Google's plan to acquire Fitbit and that merger review must consider data protection. EPIC maintains an extensive page on Privacy and Public Opinion which shows consistent support among Americans for stronger privacy laws. EPIC advocates for comprehensive privacy legislation and the establishment of a U.S. data protection agency.

Tags:

Posted by EPIC on January 22, 2020 10:20 AM | Permalink

Schrems Launches New Resource on GDPR

None of Your Business, the privacy NGO established by Max Schrems, has launched a new resource for those following European privacy law. GDPRhub provides summaries of decisions by national Data Protection Agencies and courts concerning the GDPR. This database offers insight into key debates on the interpretation of contentious GDPR issues. A second database, "GDPR Knowledge," offers commentaries on GDPR and DPA profiles across the EU. NOYB is also publishing GDPRtoday, which provides a "quick overview of all national decisions of the past days from all across Europe." EPIC provides the text of the GDPR in the 2020 Privacy Law Sourcebook available at the EPIC Bookstore.

Tags:

GDPR

Posted by EPIC on January 22, 2020 10:30 AM | Permalink

EPIC Gives International Privacy Award to Isabelle Falque-Pierrotin, Carole Cadwalladr

EPIC presented the 2020 International Privacy Champion Awards to Isabelle Falque-Pierrotin, former President of the French Data Protection Agency (the "CNIL") and British journalist Carole Cadwalladr. EPIC President Marc Rotenberg drew attention to Falque-Pierrotin's "dedication and determination" which have "given force to the right to privacy." Rotenberg cited Cadwalladr's reporting on the Cambridge Analytica data breach, which has made clear "the deep connection between data protection and the protection of democratic institutions." The ceremony took place at the annual conference on Computers, Privacy, and Data Protection in Brussels, Belgium. The 2020 EPIC Champion of Freedom Awards will be held at the National Press Club in Washington, DC on June 3, 2020. PRESS RELEASE

Posted by EPIC on January 22, 2020 10:50 AM | Permalink

European Parliament Committee Adopts Resolution on AI Oversight

A new European Parliament Resolution advises the European Commission to establish strong oversight of artificial intelligence. The Resolution emphasizes safe and compliant products, human responsibility, safety, transparency, explainability, and data quality. The Resolution also supports the free flow of non-personal data to promote innovation. Several of these principles are put forward in the Universal Guidelines for AI, which EPIC recommends as the baseline for AI Policy. On February 19, the European Commission is expected to announce how it will proceed with AI regulation. EPIC has promoted Algorithmic Transparency and published the AI Policy Sourcebook, the first reference book on AI policy.

Tags:

Posted by EPIC on January 23, 2020 2:30 PM | Permalink

EPIC, Coalition Urge Oversight Board to Suspend Face Surveillance

EPIC and over 40 organizations have urged the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government. The Board advises the government on new threats to privacy. The groups said “the rapid and unregulated deployment of facial recognition poses a direct threat to ‘the precious liberties that are vital to our way of life.’” Last year, the Public Voice coalition called for a global moratorium on face surveillance. The Declaration was endorsed by over 100 organizations and several hundred experts in over 40 countries. EPIC previously called for DHS to suspend the use of facial recognition technology. EU leaders are now considering a ban on the use of facial recognition in public spaces, “for up to five years until safeguards to mitigate the technology’s risk are in place.”

Posted by Candace Paul on January 27, 2020 8:50 AM | Permalink

Pew Survey: Americans Support 'Right to Be Forgotten'

A new Pew Research survey found that 74% of U.S. adults say it is more important to keep things about themselves from being searchable online than it is to discover potentially useful information about others. And 85% say that all Americans should have the right to have potentially embarrassing photos and videos removed from online search results. EPIC advocates for the "right to be forgotten" and maintains a webpage on U.S. state laws that allow individuals to remove records containing disparaging information. EPIC publication "The Right to be Forgotten on the Internet: Google v. Spain," an account of the original case written by former Spanish Privacy Commissioner Artemi Rallo, is available in the EPIC bookstore.

Tags:

Posted by EPIC on January 27, 2020 2:05 PM | Permalink

On International Privacy Day, EPIC Urges Congress to Act on Privacy

On January 28, EPIC celebrates International Privacy Day, which commemorates Council of Europe Convention 108, the first international privacy convention. Today EPIC urged Congress to take three steps to safeguard the personal data of Americans: (1) enact comprehensive baseline legislation, (2) establish a data protection agency, and (3) ratify the International Privacy Convention. EPIC and consumer organizations have long urged the United States to endorse the Privacy Convention, which establishes a global framework for the free flow of personal data. The complete text of the Privacy Convention is in the EPIC Privacy Law Sourcebook, available at the EPIC Bookstore. Follow #DataProtectionDay.

Tags:

Posted by EPIC on January 28, 2020 10:30 AM | Permalink

EPIC Advises FCC to Protect Privacy of Lifeline Subscribers

In comments on an FCC proposed rule, EPIC said that the agency should not track the Internet use of Lifeline subscribers. Lifeline is a federal program that provides broadband service to economically disadvantaged Americans. The FCC is proposing that Lifeline subscribers install apps to track their data usage and that companies retain detailed records about Internet use by Lifeline subscribers. EPIC said: "Americans should not be required to sacrifice their privacy to access the Internet." EPIC led a campaign and petition opposing the FCC's requirement that telephone carriers retain detailed records of American telephone customers.

Tags:

Posted by EPIC on January 28, 2020 11:00 AM | Permalink

Supreme Court Declines to Review Facebook Face Scan Case

The U.S. Supreme Court will leave in place a decision that allows lawsuits against Facebook for the unlawful collection of facial images. In Patel v. Facebook, the Ninth Circuit held that that an Illinois biometrics law protects "concrete privacy interests" and that violations of the law "pose a material risk of harm to those privacy interests." EPIC filed an amicus brief in the case, arguing that users can sue companies that violate rights protected by privacy laws. EPIC has long advocated for limits on the use of biometric data and has opposed Facebook's use of facial recognition software. EPIC and others recently called for a global moratorium on facial recognition. EPIC recently launched a campaign and resource page to ban face surveillance.

Tags:

Posted by EPIC on January 21, 2020 2:00 PM | Permalink

Banisar Publishes 2020 Global Privacy Survey

The Banisar index has found that as of 2019, 130 countries have adopted comprehensive data protection laws to protect personal data held by private companies and government entities. In almost all of the countries, an independent data protection agency or information commission oversees and enforces the laws. EPIC's recent report on U.S. federal privacy legislation Grading on a Curve: Privacy Legislation in the 116th Congress evaluates federal privacy bills. EPIC has called for comprehensive baseline legislation and the creation of a data protection agency. EPIC also makes available The 2020 Privacy Law Sourcebook at the EPIC Bookstore.

Posted by EPIC on January 29, 2020 1:25 PM | Permalink

Interior Department Will Ground Chinese-made Drones

The Interior Department announced today it will ban Chinese-made drones for non-emergency use. The Secretary's Order responds to growing concerns that information collected by aerial drones could be "valuable to foreign entities, organizations and governments." In 2012, EPIC and more than 100 experts petitioned the FAA to establish a privacy rule for drones, but the agency failed to act. Last year EPIC's Marc Rotenberg and Len Kennedy cited the FAA's failure, and also warned that China's surveillance model requires "comprehensive privacy legislation to safeguard the personal data of Americans." Senator Chris Murphy [D-CT] and Senator Rick Scott [R-FL] have introduced S. 2502, the American Security Drone Act of 2019 that would prevent federal agencies from purchasing drones manufactured in China.

Tags:

drones

Posted by EPIC on January 29, 2020 1:45 PM | Permalink

"A Big Victory for Privacy Groups" - Facebook Settlement

This week Facebook agreed to pay $550 million to settle a lawsuit about the use of facial recognition technology. The New York Times called the settlement "A Big Victory for Privacy Groups." In 2010, EPIC objected to Facebook's collection of biometric data and urged the FTC to modify a proposed settlement to limit Facebook's use of facial recognition. EPIC filed similar complaints about facial recognition with the FTC in 2016 and 2018. EPIC also filed several amicus briefs stating that the violation of a federal privacy law is sufficient to confer "standing," the right of consumers to bring lawsuits. In response to Facebook's challenge to the Illinois Biometric Privacy Act, EPIC wrote, "Judicial second-guessing of statutory protections for biometric data established by the state legislature, following a careful weighing of the public safety concerns, will come at an enormous cost to the privacy of Illinois residents." EPIC's views were adopted by a federal court in this case, which led to the recent settlement with Facebook. The text of the Illinois privacy law is available in the 2020 EPIC Privacy Law Sourcebook at the EPIC Bookstore. And EPIC's objections to the current FTC settlement with Facebook are now pending in federal court.

Tags:

Posted by Caitriona Fitzgerald on January 30, 2020 9:02 AM | Permalink

EPIC to Maryland State Senate: Protect Drivers License Data

EPIC has written in support of Maryland Senate Bill 34, which would prohibit the scanning or swiping of identification cards and driver’s licenses. "The best defense against data breaches is not collecting and retaining personal data in the first place,” EPIC said in testimony to the Maryland State Senate Finance Committee. The bill is sponsored by Senator Cheryl Kagan and it passed the State Senate unanimously last session. EPIC previously warned of the risks of swiping identity documents in a report on the controversial REAL ID proposal - “REAL ID Implementation Review: Few Benefits, Staggering Costs." EPIC's State Policy Project tracks privacy developments at the state level.

Tags:

Posted by Caitriona Fitzgerald on January 28, 2020 7:08 AM | Permalink

EPIC Settles ICE Lawsuit about Palantir and Profiling

EPIC has settled a Freedom of Information Act lawsuit against Immigration and Customs Enforcement. EPIC sought records about the agency's use of Palantir's technology for mass surveillance. The documents obtained by EPIC revealed the vast capabilities of agency program to link phone numbers, GPS data, and social network data. The FALCON database, developed by Palantir, also includes sensitive data such as social security numbers, financial records, call records, ISP records. In previous comments, EPIC urged the agency to limit the data gathered, narrow the exemptions to the Privacy Act, and remove the routine use disclosures. As a consequence of the successful litigation, EPIC will receive attorneys fees.

Tags:

Posted by EPIC on January 31, 2020 9:50 AM | Permalink

Senator Bennet Slams White House AI Strategy

Sen. Michael Bennet (D-CO) has criticized the White House Guidance on Artificial Intelligence as "insufficient" and "little more than gauzy generalities." In a letter to US Chief Technology Officer Michael Kratsios, Bennet said the "principles male only passing referrence to privacy protections" and "just a cursory discussion of Americans' civil rights." Bennet said also that the White House "has failed to set spending targets, establish metrics, or allocate additional funding." EPIC published the AI Policy Sourcebook, the first reference book on AI policy. The AI Sourcebook includes the Universal Guidelines for AI, an influential human rights framework for AI policy.

Tags:

Posted by EPIC on January 31, 2020 4:50 PM | Permalink

FCC Announces Enforcement Action on Location Privacy

FCC Chairman Pai has announced upcoming enforcement actions against wireless carriers that disclosed subscribers' location data. Last year Members of Congress called an emergency briefing with the FCC and urged the agency to investigate companies that were selling subscribers' location data. EPIC has long advocated for protection of location data. EPIC pursued a lawsuit against a mobile app company that led to greater protection of users' location data. EPIC also successfully petitioned the FCC to safeguard sensitive data collected by phone companies. And EPIC filed a amicus brief in Carpenter v. US. The Supreme Court held in that case that the Fourth Amendment protects cell site location information. EPIC maintains detailed webpages on location privacy.

Tags:

Posted by EPIC on January 31, 2020 6:10 PM | Permalink