You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at

EPIC Alert 23.03

======================================================================= E P I C A l e r t ======================================================================= Volume 23.03 February 19, 2016 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC "Defend Privacy. Support EPIC." ======================================================================== Table of Contents ======================================================================== [1] EPIC Argues Before Federal Appeals Court for Drone Privacy Rules [2] EPIC Launches 'Data Protection 2016,' Makes Privacy a Campaign Issue [3] Google Concedes 'Right to be Forgotten' Applies Worldwide [4] US Commerce Dept: US-EU 'Privacy Shield' Does Not Exist [5] 'Judicial Redress Act' Provides Little Redress [6] News in Brief [7] EPIC in the News [8] EPIC Bookstore [9] Upcoming Conferences and Events ROT13(Qrsraq cevinpl. Fhccbeg RCVP.) SUPPORT EPIC: ======================================================================= [1] EPIC Argues Before Federal Appeals Court for Drone Privacy Rules ======================================================================= EPIC President Marc Rotenberg appeared February 10 before the DC Circuit Court of Appeals in the case EPIC v. FAA. EPIC argued that the agency erred when it denied EPIC's petition for a drone privacy rulemaking, and contended that the appeals court should direct the FAA to address drone privacy. EPIC's 2015 opening brief charged that the FAA's failure to establish privacy rules for commercial drones is a violation of law and should be overturned. "This case concerns an issue of vital importance to the public: what rules will safeguard the public against the expanded use of unmanned aircraft systems ('drones') in the United States," EPIC wrote. The FAA's response brief conceded that the agency's comprehensive plan "recognizes the privacy issues that may be heightened by the unique capabilities" of small drones, and further acknowledged that the "size and the unique characteristics and capabilities" of small drones "may pose risks to individual privacy." EPIC's lawsuit followed a Congressional ruling requiring a comprehensive plan for the integration of drones into US airspace, and a 2012 EPIC-led petition for a public rulemaking on drone privacy safeguards. Although EPIC's petition was backed by more than 100 organizations and privacy experts, the FAA denied it. The agency also refused to consider privacy as part of a 2015 rulemaking on small commercial drones, maintaining that privacy was outside the rulemaking's scope. As of early February 2016, the agency has granted more than 3,300 waivers to drone operators who lack certification to demonstrate airworthiness. The agency claims it "began issuing 'blanket' Certificates of Waiver" earlier in 2015. These authorizations allow "flights anywhere in the country at or below 200 feet except in restricted airspace." EPIC: EPIC v. FAA, Oral Argument (DC Cir., Feb. 10, 2016) 2C1BE505053205CE85257F550061CA6B/$file/15-1075.mp3 EPIC: EPIC v. FAA: EPIC Opening Brief (Sept. 28, 2015) EPIC: EPIC v. FAA: FAA Brief (Nov. 4, 2015) FAA Modernization and Reform Act of 2012 (Feb. 1, 2012) EPIC et. Al: Petition to FAA re: Drone Rulemaking (Mar. 8, 2012) GPO: FAA's Notice Denying EPIC's Petition (Feb. 23, 2015) FAA: Certificates of Waiver EPIC: EPIC v. FAA EPIC: Drones ======================================================================== [2] EPIC Launches 'Data Protection 2016,' Makes Privacy a Campaign Issue ======================================================================== In response to widespread concerns about privacy in the United States, EPIC has launched "Data Protection 2016," a non-partisan campaign to make data protection an issue in the 2016 election. "Data breaches, identity theft, and government surveillance are critical issues facing American voters, yet the candidates have said hardly a word," said EPIC President Marc Rotenberg. To allow the American people to have a national debate about the future of privacy in American, Data Protection 2016 will inform voters about the Presidential candidates' views on data protection. 2015 was a record year for data breaches in the United States. The Office of Personnel Management lost 21.5 million records of federal employees and more than five million digitized fingerprints. According to Pew Research, 93% of Americans believe it is important to control personal information, and identity theft remains the number one concern of American consumers. The FTC received more than 332,000 consumer complaints related to privacy in 2014 alone. Meanwhile, companies, third-party data brokers and government agencies, including the NSA, continue to gather troves of personal data. EPIC's Data Protection 2016 platform champions key principles that protect individual privacy and autonomy: * Notice is not enough * Privacy is a right, not a preference * If you can't protect it, don't collect it * Reduce identity theft and financial fraud * Enforce privacy safeguards * Minimize collection by companies and government agencies * Investigate the misuse of personal data * No national ID system * End mass surveillance by the NSA and the police * Update state and federal privacy laws * Ensure effective oversight and accountability Campaign materials, including buttons and stickers, are available via EPIC: Data Protection 2016 EPIC: "EPIC Launches 'Data Protection 2016' Campaign" EPIC: Data Protection 2016 Campaign Materials EPIC: Big Data EPIC: Cybersecurity Privacy Practical Implications EPIC: EU Data Protection Directive ======================================================================== [3] Google Concedes 'Right to be Forgotten' Applies Worldwide ======================================================================== Google has announced it will finally remove links to sensitive personal information across all of its domains, including the domain within the US. Google's move signals the company has finally decided to comply with the European Court of Justice 2014 decision that upheld the "right to be forgotten." In Google v. Spain, the Court ruled that European citizens have a right to request that commercial search firms, including Google, that gather personal information for profit should remove links to private information when asked, provided the information is no longer relevant. The Court found that the fundamental right to privacy is greater than the economic interest of the commercial firm and, in some circumstances, the public interest in access to information. Google subsequently argued that the links to personal data should only be removed in the country where the Internet user resided, and refused to remove links across all domains in which it offers search engines. But outside of those country-specific domains, Google continued to make private information available to Internet users. According to leaked data from Google, 95% of "right to be forgotten" requests in the first ten months after the ECJ ruling came from private individuals concerning private information. In September 2015, the French Data Protection Authority, or CNIL, ordered Google to comply with the Court's judgment. The CNIL rejected Google's proposal to remove only a few links. The President of the CNIL said the decision "simply requests full observance of European legislation by non European players offering their services in Europe." EPIC has previously explained that the right to privacy is global and that Google's position, as an operator of search engines around the world, does not make sense. According to EPIC President Marc Rotenberg, "A private person whose personal bankruptcy from years ago is available on the Internet has a good argument that the link should be taken down. Laws in the US protect these records against public release." EPIC: The Right to Be Forgotten (Google v. Spain) The New York Times: "Google Will Further Block Some European Search Results" (Feb. 11, 2016) block-some-european-search-results.html European Court of Justice: Google v. Spain Judgment (May 13, 2014) The Guardian: "Google Accidentally Reveals Data on 'Right to be Forgotten' Requests" (Jul.14, 2015) accidentally-reveals-right-to-be-forgotten-requests US News & World Report: "The Right to Privacy is Global," by EPIC President Marc Rotenberg (Dec. 5, 2014) forgotten-on-the-internet/the-right-to-privacy-is-global USA Today: "Google's Position Makes No Sense: Opposing View," by EPIC President Marc Rotenberg (Jan. 22, 2015) electronic-privacy-information-center-editorials-debates/22186841/ ======================================================================= [4] US Commerce Dept: US-EU 'Privacy Shield' Does Not Exist ======================================================================= In response to EPIC's Freedom of Information request for information on the US-EU data "Privacy Shield," the US Commerce Department has stated that any record of the Privacy Shield "does not exist." At the beginning of 2016, EU and US officials celebrated a new agreement for transatlantic data transfers to replace the invalidated Safe Harbor agreement. The officials named the agreement "Privacy Shield" but did not make it public - apparently because there was no document to release. In early February, EPIC filed emergency Freedom of Information requests with the Department of Commerce and the European Commission for the release of the secret agreement. "The public has a right to know whether this agreement provides adequate legal protection," EPIC stated. US and European consumer and privacy organizations have expressed concern that the Privacy Shield will be virtually identical to the Safe Harbor arrangement. The Article 29 Working Party, the association of European Data Protection Commissioners, said it will review the adequacy of the Privacy Shield, provided it is ever made public. According to the Working Party a new data protection arrangement must include (1) clear and precise rules; (2) a "necessary and proportionate" standard for data collection and access; (3) independent oversights; and (4) effective remedies for individuals. EPIC previously obtained the secret EU-US "Umbrella Agreement" in Freedom of Information litigation. The European Commission has not yet responded to EPIC's request. EU: Commissioner's Press Release on Privacy Shield (Feb. 2, 2016) US Commerce Dept: Secretary Statement on Privacy Shield (Feb. 2016) EPIC: FOIA Request to Commerce Dept. re: Privacy Shield (Feb. 4, 2016) Article 29 Working Party: Statement on Schrems Decision (Feb. 3, 2016) EU Digital Rights: Fact Sheet on Privacy Shield (Feb. 3, 2016) EPIC: EU Data Protection Directive ======================================================================= [5] 'Judicial Redress Act' Provides Little Redress ======================================================================= The Judicial Redress Act of 2015, which amends the Privacy Act of 1974, has been passed by Congress and moved on to the President for signature. The Act fails to extend Privacy Act protections to non-US citizens, and as adopted coerces EU countries to transfer data to the US, even without adequate protection, or be denied legal rights. Congress adopted the narrow amendment without any changes to benefit US citizens even after a data breach compromised 21.5 million records maintained by the Office of Personnel Management. EPIC had recommended changes to the bill to adequately protect the privacy of non-US persons. EPIC noted that the Privacy Act, as adopted in 1974, defined an "individual" entitled to protection under the Act as "a citizen of the United States or an alien lawfully admitted for permanent residence." This definition reflected the reality of the time, when US federal agencies maintained little information about non-US persons. EPIC informed Congress that the simple solution would be to amend the Privacy Act's definition of "individual" to mean "any natural person." EPIC argued that the change would be the most straightforward solution for permitting transborder data flows while providing adequate privacy protections to non-US persons. The solution also mirrors the approach of the US Freedom of Information Act, which does not distinguish between US and non-US persons. EPIC also urged the US Senate Judiciary Committee to postpone legislative action until the Department of Justice released a secret data transfer agreement on which the bill is based. The so-called "Umbrella Agreement" outlines data transfers between law enforcement agencies in Europe and the United States. EPIC sued the DOJ for release of the document. The agency has since released the Umbrella Agreement to EPIC. US Congress: Text of Judicial Redress Act of 2015 (Feb. 12, 2016) EPIC: Privacy Act of 1974 EPIC: Letter to House Judiciary Committee re: Act (Sep. 15, 2015) EPIC: Letter to Senate Judiciary Committee re: Act (Jan. 14, 2016) EPIC: Data Protection 2016 ======================================================================= [6] News in Brief ======================================================================= Court to DOJ: Justify Withholding of FISA Reports in EPIC FOIA Suit A federal court in Washington, DC has ruled that the US Justice Department's explanation for withholding information about the Foreign Intelligence Surveillance Court was "manifestly insufficient." In EPIC v. Department of Justice, EPIC is seeking release of FISA surveillance reports routinely provided to Congress. The court ordered the government to submit the reports for review, and to provide specific reasons for withholding the material sought by EPIC. For almost 20 years, EPIC has made available information about FISC orders and surveillance reports. As EPIC explained to the court, release of these materials is of the "utmost importance to the public." DC District Court: Opinion in EPIC v. DOJ (Feb. 4, 2016) EPIC: Foreign Intelligence Surveillance Court (FISC) EPIC: EPIC v. DOJ - Pen Register Reports EPIC: Reports of the AG to Congress Re: Electronic Surveillance EPIC: FISA Court Orders, by Year EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2014 ======================================================================= [7] EPIC in the News ======================================================================= "Broadband Providers Urge FCC To Reject Tough Privacy Rules." MediaPost, Feb. 11, 2016. providers-urge-fcc-to-reject-tough-priva.html "FAA Must Keep Eye On Drone Privacy, DC Circ. Hears." Law360, Feb. 10, 2016. privacy-dc-circ-hears "Drone Privacy: Is Anyone in Charge?" Consumer Reports, Feb. 10, 2016. anyone-in-charge "Cryptic Safe Harbor Pact 'Privacy Shield': Public, Possibly Soon." Forbes, Feb. 6, 2016. harbor-pact-privacy-shield-public-possibly-soon/#2bc4659731bc "Judge Will Review Gov't Surveillance Records." Courthouse News, Feb. 5, 2016. surveillance-records.htm "EU-US Privacy Shield offers flimsy protection." InfoWorld, Feb 5, 2016, shield-offers-flimsy-protection.html "Court rules Dept. of Justice must explain withheld documents." FedScoop, Feb. 5, 2016. withheld-documents "The new Safe Harbor agreement: Will it survive Europe's paranoia?" AEI, Feb. 4, 2016. it-survive-europes-paranoia/ "DOJ Ordered To Justify Shielding Surveillance Court Reports." Law360, Feb. 4, 2016. "U.S. and European Officials Fail to Reach Agreement for New Data Transfer Deal." JD Supra Business Advisor, Feb 3, 2016. to-51514/ "How Uber Profits Even While Its Drivers Aren't Earning Money." Motherboard, Feb. 3, 2016. drivers-arent-earning-money "U.S. and Europe in 'Safe Harbor' Data Deal, but Legal Fight May Await." The New York Times, Feb. 2, 2016. data-deal.html "Why is your Smart TV snooping on you? Money, of course." WAVE3 News [KY], feb. 1, 2016. tv-spying-on-you "DHS-Supported Scans of Private Networks Prompt Suspicions of Domestic Surveillance." NextGov, Feb. 1, 2016. private-networks-prompt-suspicions-about-domestic-surveillance/ 125593/ "EU lawmakers skeptical new data deal will hold up in court." The Hill, Feb. 1, 2016. safe-harbor-negotiations "UC-Berkeley students sue Google, alleging their emails were illegally scanned." The Washington Post, Feb. 1, 2016. berkeley-students-sue-google-alleging-their-emails-were-illegally- scanned/ "Negotiators miss deadline for transatlantic data agreement." The Hill, Feb. 1, 2016. deadline-for-transatlantic-agreement For More EPIC in the News: ======================================================================= [8] EPIC Bookstore ======================================================================= "Privacy Law and Society, 3rd Edition," by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (Dec.2015). The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field. =================================== "Privacy in the Modern Age: The Search for Solutions," edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (May 2015). Price: $25.95. The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies. The contributors to this anthology don't simply describe these problems or warn about the loss of privacythey propose solutions. They look closely at business practices, public policy, and technology design and ask, "Should this continue? Is there a better approach?" They take seriously the dictum of Thomas Edison: "What one creates with his hand, he should control with his head." It's a new approach to the privacy debate, one that assumes privacy is worth protecting, that there are solutions to be found, and that the future is not yet known. This volume will be an essential reference for policy makers and researchers, journalists and scholars, and others looking for answers to one of the biggest challenges of our modern day. The premise is clear: There's a problem let's find a solution. Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf. ===================================== "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. =================================== "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. =================================== "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. =================================== "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. =================================== EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: =================================== EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: ======================================================================= [9] Upcoming Conferences and Events ======================================================================= February 23, 2016 "OECD Ministerial Preparation: Meeting the policy challenges of tomorrow's digital economy" Speaker: EPIC President Marc Rotenberg OECD Paris, France February 25 - February 26, 2016. "State-of-the-Art Estimation Methods in Federal Statistics" Speaker: EPIC President Marc Rotenberg National Academies of Science Stanford Law School Palo Alto, CA March 9, 2016. "The Culture of Privacy and Data Protection in the EU and the U.S." Marc Rotenberg, EPIC President Goethe University Frankfurt, Germany protection-in-the-eu-and-the-us-148451/ March 11, 2016. “Securing Elections in the 21st Century” Marc Rotenberg, EPIC President Election Verification Network Washington, DC April 20 - April 21, 2016. 34th Social Science Research Conference: "The Invasive Other" Speaker: EPIC President Marc Rotenberg The New School New York, NY research_conference_-_day_1#.VquI_VMrKIZ June 6, 2016. EPIC 2016 Champions of Freedom Awards Event. Washington, DC Registration Now Open ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center (EPIC) is a non-profit, independent public interest research center in Washington, DC. EPIC was established in 1994 to focus public attention on emerging privacy issues. Today EPIC maintains one of the top privacy websites in the world. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, files amicus briefs on emerging privacy and civil liberties issues, and conducts policy research. For more information, visit ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: Your contributions help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy, and continued public education. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: Back issues are available at: The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 23.03-------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security