« July 2016 | Main | September 2016 »

August 2016 Archives

August 2, 2016

Privacy Shield Sign-ons Begin

The European Commission announced that the EU-U.S. Privacy Shield data transfer arrangement is "fully operational" and U.S. "companies are able to sign up with the Department of Commerce." The framework was adopted by the European Commissioner objection by European data protection authorities, the European Data Protection Supervisor, the European Parliament, and EU and US NGOs. The deal will be subject to future legal scrutiny and experts predict that the "Privacy Shield will share the history of the previous Safe Harbor and be invalidated by the European Court of Justice." EPIC has urged the EU and US to strengthen safeguards for transborder data flows including redress mechanisms.

Data Protection Experts Recommend New Protections for Internet Communications

The International Working Group on Data Protection in Telecommunications adopted new recommendations to improve the privacy and security of Internet Telephony technologies. The Berlin-based Working Group includes Data Protection Authorities and experts who work together to address emerging privacy challenges. "Privacy and Security Issues in Internet Telephony (VoIP)" focuses on the gap in "the legal protection and confidentiality of communications." The experts urge service provide to adopt "similar privacy and data protection" safeguards to all services. EPIC presented a comprehensive country report at the last meeting of the Working Group outlining recent developments in the United States. EPIC will host the 60th meeting of the International Working Group in Washington DC in April 2017.

FTC Finds Unauthorized Data Disclosure is "Substantial Injury" to Consumers

The Federal Trade Commission unanimously reversed an administrative law judge's dismissal of the FTC's complaint against LabMD, finding that LabMD's poor data security practices are "unfair" under the FTC Act. The Commission concluded that the judge had "applied the wrong legal standard for unfairness." The FTC's opinion explained that "the privacy harm resulting from the unauthorized disclosure of sensitive health or medical information is in and of itself a substantial injury." The FTC's authority to enforce data security standards was upheld last year in FTC v. Wyndham. EPIC filed an amicus brief in Wyndham, defending the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards."

August 4, 2016

White House Hosts Drone Workshop, FAA OKs Commercial Use, Ignores Privacy

The White House hosted “Drones and the Future of Aviation.” The FAA Administrator announced that the FAA will approve drone operations over people before the end of the year. The FAA also announced an industry-led task force that will promote voluntary privacy best practices.  In EPIC v. FAA, EPIC challenged the FAA's failure to establish drone privacy regulations following a petition endorsed by more than 100 experts and organizations. The FAA has repeatedly acknowledged the privacy risks of drones, but has refused to establish privacy safeguards.

August 5, 2016

EPIC Defends Drivers’ Right to Sue for Safety, Privacy Risks As Congress Warns of Risks to Public

EPIC has filed an amicus brief in a case concerning the privacy and public safety risks of “connected” cars. EPIC warned that connected cars "expose American drivers to the risks of data breach, auto theft, and physical injury.” EPIC said a lower court was wrong to dismiss the case. EPIC urged a federal appeals court to allow consumers to "the opportunity to present legal claims stemming from the defendants’ sale of vehicles that place them at risk." This week researchers at Black Hat revealed new vulnerabilities in networked vehicles as Senators Blumenthal and Markey urged the FCC to establish “robust safety, cybersecurity, and privacy protections  before automakers deploy vehicle-2-vehicle . . . communication technologies.” EPIC has filed several amicus briefs defending consumers' rights to enforce their privacy rights.

Appeals Court Affirms Consumers May Sue for Violations of Federal Law

A federal appeals court has held that consumers can sue when companies fail to comply with legal obligations established by Congress. The case concerned a hospital that sent debt collection letters to consumers without disclosures required by the Fair Debt Collections Practices Act. The court concluded that “Congress has created a new right—the right to receive the required disclosures.” As a result, the consumer can bring a lawsuit when a company fails to comply with the law. EPIC has filed several amicus briefs defending the right of consumers to sue for violations of federal privacy laws.

August 7, 2016

EPIC’s Rotenberg Debates FBI Director at ABA Conference

EPIC President Marc Rotenberg and FBI Director James Comey debated "Emerging Issues in National Security and Law Enforcement" at a plenary session of the ABA annual conference in San Francisco. Comey stated that Americans have "never had absolute privacy." Rotenberg replied that the Fifth Amendment grants absolute privacy as a Constitutional right. In response to the Director's comments that the FBI has 650 phones it can not decrypt, Rotenberg pointed out that in 2013, more than 3.1 million cell phones were stolen. "Crime would be much higher in United States if cell phone users did not have strong encryption," said Rotenberg. The EPIC amicus brief in Apple v. FBI highlighted the risk of weak encryption, and noted that stolen cell phones are tied to identity theft and financial fraud.

August 15, 2016

Data Protection 2016: Nationwide Hotel Data Breach

Sheraton, Hyatt, Westin, and Marriott hotels in 10 states and Washington, D.C. have announced that hotel payment records were breached beginning as early as March 2015. Malware discovered in at least 20 hotels across the country collected customers’ names and payment card numbers, card expiration dates, and verification codes. Surprisingly, the hotels said that they will not notify individual customers of the breach. Almost every state in the country has  a mandatory breach notification law. Hyatt announced another payment card breach earlier this year at 250 hotels in approximately 50 countries. EPIC launched “Data Protection 2016,” a non-partisan campaign to make data protection an issue in the 2016 election, calling it “the most important, least well understood issue” of this election.

August 17, 2016

EPIC and Coalition Recommend Improvements to Health Agency’s Open Government Rules

In comments to the Department of Health and Human Services, EPIC and a coalition of open government advocates urged the agency to update its FOIA rules to keep in line with the FOIA Improvement Act of 2016. The coalition pressed the agency to “go further to ensure greater access to public interest information.” Signed into law by President Obama on the FOIA’s 50th anniversary, the FOIA Improvement Act creates a new portal for requesters, requires the proactive disclosure of frequently requested records, strengthens the FOIA ombudsman, and codifies the presumption of openness.

EPIC Urges Wisconsin Legislature to Safeguard Student Privacy

In testimony for the Wisconsin legislature, EPIC urged state lawmakers to protect student privacyEPIC's testimony: (1) explained how the U.S. Education Department weakened key safeguards for student records,  (2) described the privacy risks that students today face,  (3) underscored the need for data security safeguards for student information, and (4) recommended that Wisconsin adopt EPIC's Student Privacy Bill of Rights EPIC has previously urged Congress, the Education Department, and the Federal Trade Commission to strengthen student privacyEPIC's State Policy Project is monitoring privacy bills nationwide.

Continue reading "EPIC Urges Wisconsin Legislature to Safeguard Student Privacy" »

August 18, 2016

EPIC, Verified Voting, Common Cause Release Report on Ballot Secrecy

EPIC, Verified Voting, and Common Cause today released The Secret Ballot at Risk: Recommendations for Protecting Democracy, a report highlighting the right to a secret ballot and how Internet voting threatens voter privacy. All 50 states recognize ballot secrecy as a core value. Despite this, 32 states and DC are promoting Internet voting, typically for overseas and military voters, and are asking those voters to waive their right to a secret ballot. That threatens voting freedom and election integrity. The report recommends actions voters can take to protect the secrecy of their ballot, and encourages states to do more to safeguard voter privacy. EPIC has a long history of working to protect voter privacy and election integrity.

August 19, 2016

EPIC Launches EPIC Amicus Tracker to Assist Public Interest Litigators

Today EPIC launched the EPIC Amicus Tracker, a public resource designed to help public interest litigators pursue significant privacy and civil liberties cases. The EPIC Amicus Tracker highlights cases with upcoming amicus opportunities and links to related EPIC amicus briefs. Over twenty years, EPIC has filed nearly 100 amicus briefs, often with the participation of technical experts and legal scholars, in federal and state cases concerning emerging privacy and civil liberties issues and EPIC is frequently cited in judicial opinions. EPIC hopes the EPIC Amicus Tracker will inspire other public interest litigators.

August 23, 2016

EPIC Opposes DHS Plan to Collect Social Media Identifiers

In comments to the Department of Homeland Security, EPIC urged the agency to drop a plan to review the social media accounts of people seeking to visit the U.S. EPIC argued that the proposal threatens important First Amendment rights, risked abuse, and would disproportionately impact against minority groups. Documents obtained by EPIC in 2011 in a Freedom of Information Act lawsuit revealed that the DHS gathered social media comments to identify individuals, including US citizens, critical of the agency and the government. A 2012 Congressional hearing, based on the documents obtained by EPIC, revealed bipartisan opposition to the original DHS social media monitoring program.

EPIC Sues FAA, Challenges Failure to Establish Drone Privacy Safeguards

EPIC has filed suit against the Federal Aviation Administration, arguing the agency failed to establish privacy rules for drones as required by Congress. Congress in 2012 ordered the FAA to issue "comprehensive" rules for drone use. EPIC and more than 100 organizations and experts subsequently urged the FAA to establish privacy protections prior to permitting widespread drone deployment. The FAA denied EPIC's petition. EPIC then sued the agency, but a federal appeals court ruled that EPIC's suit was premature because the agency had not yet issued a final rule and might still consider the privacy concerns raised by EPIC and others. The FAA then proceeded to issue final rules for small drones without privacy safeguards. EPIC is now challenging the agency final rule.

August 25, 2016

Facebook to Collect WhatsApp User Data, Violating FTC Order and Privacy Promises

WhatsApp has announced plans to disclose user information to Facebook, including phone numbers and other user data, that will be connected with Facebook profiles. Facebook purchased WhatsApp in 2014, and the companies promised users of the privacy-protective messaging service that “nothing” will change for WhatsApp users' privacy. EPIC filed a complaint with the FTC over the deal, and the FTC responded by warning the two companies that they must honor their privacy promises to WhatsApp users. The letter explained that failure to obtain users' opt-in consent before changing data practices would be an unfair and deceptive trade practice and violate Facebook’s FTC Consent Order. WhatsApp’s recent announcement indicates users will have 30 days to opt-out of data transfers to Facebook, in violation of the law and the FTC’s Order.  In 2012, EPIC and a coalition of consumer privacy organizations also led a successful effort at the FTC after Facebook changed the privacy settings of its users. As a result, Facebook is subject to an FTC consent order.

August 29, 2016

EPIC, CDD Charge WhatsApp Policy Change Unlawful, Urge FTC to Act

EPIC and the Center for Digital Democracy have filed a complaint with the FTC concerning WhatsApp’s plan to transfer user data, including personal phone numbers, to Facebook. This reversal contradicts WhatsApp’s previous promises to users that their personal information would not be disclosed and would not be used for marketing purposes. EPIC said that WhatsApp change in business practices is unlawful and that the FTC is obligated to act. EPIC previously filed a complaint with the FTC over Facebook’s acquisition of WhatsApp in 2014. In response, the FTC warned the two companies they must honor their privacy promises to users. The FTC has said "When companies tell consumers they will safeguard their personal information, the FTC can and does take law enforcement action to make sure that companies live up these promises."

August 30, 2016

EPIC, Consumer Coalition Tells FCC to Protect Privacy, Security in Connected Cars

EPIC has joined a coalition of consumer groups in a letter to the FCC supporting safety rules for connected cars. The consumer groups endorsed a petition for rulemaking, filed earlier this year, that would establish safeguards for car communications networks. EPIC has testified before Congress on the risks of connected cars and recently filed an amicus brief in federal appeals court on vehicle-to-vehicle communications.

About August 2016

This page contains all entries posted to epic.org in August 2016. They are listed from oldest to newest.

July 2016 is the previous archive.

September 2016 is the next archive.

Many more can be found on the main index page or by looking through the archives.