|
|
Issue 32.1
January 31, 2025
|
EPIC and U.S. PIRG Education Fund released The State of Privacy, an updated scorecard which found that nearly half of all states that have passed consumer privacy laws fall short on basic data protection standards. ➔ The Privacy and Civil Liberties Oversight Board announced that its Chair and two of its Members had been terminated by the White House. EPIC called on the White House to immediately nominate a Chair and full bipartisan slate of Board Members, subject to the advice and consent of the Senate and consultation with Congressional leadership. ➔ EPIC and Enforce filed a complaint calling upon the Federal Trade Commission to investigate Google’s real-time bidding system, which has allegedly made sensitive data of government officials and citizens for commercial sale over the past decade. ➔
|
Join OUR DIGITAL RIGHTS FIRST CAMPAIGN |
By joining EPIC's Digital Rights First Campaign you can support the team here at EPIC as we work to fight for your rights and build a positive vision for the future of the Internet.
To carry this work forward, EPIC must raise $1,000,000 by June 2025. Generous donors have pledged to match donations, so your gift today will have triple the impact. With your help, we know that we will meet this goal. |
Featured Post: These Pregnancy Apps May Be Sources for a Location Data BrokerJustin Sherman (EPIC Scholar in Residence)Russian hackers posted on the dark web in early January with a news-making claim: they had breached notorious location data broker Gravy Analytics. Just a few days later, the broker confirmed the hack. The hackers said that Gravy Analytics had until January 24 to pay a ransom or they would leak all of the company’s location data—and upfront, seemingly to show they meant business, they posted several files online they claimed they stole from the company.More EPIC Analysis:
Megan Iorio, Senior Counsel
Tom McBrien, EPIC Counsel
Sara Geoghegan, Senior Counsel
Megan Iorio, Senior Counsel |
EPIC offered video testimony during the Federal Trade Commission’s hearing on its Rule on Impersonation of Government, Businesses, and Individuals. EPIC also submitted related written testimony, supported by a coalition of six other consumer advocacy organizations, to applaud the FTC for its important work protecting consumers from scammers impersonating individuals.
The Eleventh Circuit vacated the Federal Communications Commission’s Rule requiring individualized consent to send consumers robocalls. The FCC Rule would have required something like a checkbox, by which a consumer could select which companies they are consenting to receive calls from and which they do not wish to receive calls from.
Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed at the FTC by EPIC and Enforce. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.
EPIC joined the Brennan Center, Demand Progress, and the Surveillance Technology Oversight Project in comments to the National Telecommunications and Information Administration regarding “Ethical Guidelines for Research Using Pervasive Data.” The coalition stated, “reliance on commercial data brokers undermines the research community’s broader ethical and legal obligations, including transparency and deterrence of academic fraud.”
EPIC submitted a letter comment to the Federal Trade Commission in support of its proposed consent decree with Mobilewalla Inc. regarding the company’s practices of selling sensitive location data. Mobilewalla, a data broker, collected location data from real time bidding exchanges and third party aggregators without taking reasonable steps to verify consumers’ consent.
The Consumer Financial Protection Bureau (CFPB) finalized a rule that largely prohibits the inclusion of medical debt on credit reports and prohibits lenders from considering medical information when making lending decisions. EPIC applauds the CFPB for finalizing these rules, which will protect the privacy of consumer medical information and promote accuracy fairness in credit reporting.
The FCC released its Report and Order updating requirements for its Robocall Mitigation Database (RMD). Carriers are not permitted to accept call traffic from providers who are not listed in the RMD, so suspending a provider from the RMD is tantamount to ejecting their voice service business from the United States.
On December 27, the Department of Justice (DOJ) finalized its rule on Provisions Regarding Access to Americans’ Bulk Sensitive Personal Data and Government Related Data to Countries of Concern. EPIC argued in its comments that a more comprehensive, privacy forward approach to minimizing access to data would have the wanted effect of protecting national security interests, but DOJ refused to broaden the protections. |
EPIC applauds the action by the Federal Trade Commission to strengthen and modernize the Children’s Online Privacy Protection Rule. Approved by a unanimous 5-0 vote, the updated COPPA Rule illustrates the Commission’s strong, bipartisan commitment to protecting kids’ privacy and safety online.
EPIC filed amicus briefs in support of the Federal Communications Commission’s enforcement actions against T-Mobile and Sprint, challenged in the D.C. Circuit, and against Verizon, challenged in the Second Circuit. These enforcement actions were long-awaited measures in the aftermath of Congressional inquiry and media investigations dating back to 2018 and early 2019 showing that the major carriers were failing to oversee how the phone subscriber location data they were making available to data brokers was being abused. |
Jeramie Scott, Senior Counsel at EPIC and Director of EPIC’s Project on Surveillance Oversight, testified at a Maryland Senate Judicial Proceedings hearing on Maryland Senate Bill 0381. In his written testimony, Mr. Scott argued the need to implement strong privacy protections now and that this bill “would protect Marylanders by ensuring that automated camera systems are used to promote safe driving, not mass surveillance.”
On January 27, the Privacy and Civil Liberties Oversight Board announced that its Chair, Sharon Bradford Franklin, and two of its Members, Ed Felten and Travis LeBlanc had been terminated by the White House. These terminations leave the Board with only a single, part-time member in Beth Williams.
The U.S. District Court for the Eastern District of New York held that warrantless queries of Americans’ communications collected under Section 702 of the Foreign Intelligence Surveillance Act violated the Fourth Amendment. This landmark decision is a critical victory against warrantless surveillance of Americans. |
President Trump signed an executive order overturning the Biden Executive Order on safe AI development and use and calling on agencies to undo any policies or procedures complying with the order. This move is emblematic of the all-gas, no-brakes approach to AI supported by the tech leaders close to the President.
EPIC Law Fellow Kara Williams presented to the Multistate AI Policymaker Working Group on EPIC’s priorities for state bills addressing algorithmic discrimination. Specifically, EPIC was asked to discuss Connecticut and Texas AI bills currently under consideration. |
Platform Accountability & Governance |
The Federal Trade Commission referred a complaint against Snap, Inc. to the Department of Justice over concerns that Snap’s “My AI” chatbot poses a risk of harm to children. The FTC explained that its investigation “uncovered reason to believe Snap is violating or is about to violate the law.” It did not provide details about its investigation but said that referring the case publicly to the Justice Department was in the public interest, presumably to alert minors and their parents to the dangers of AI chatbots. |
Washington Representative Shelley Kloba has introduced the People’s Privacy Act, a strong bill that includes meaningful privacy protections to protect Washingtonians.
Nearly half of states that have passed consumer privacy laws get a failing grade for protecting consumers’ data, according to The State of Privacy, an updated scorecard from the Electronic Privacy Information Center and U.S. PIRG Education Fund. Of the 19 states with laws, eight received Fs, and none received an A.
Numerous Massachusetts legislators introduced strong comprehensive privacy bills. Representative Tricia Farley-Bouvier introduced HD2135, the Massachusetts Consumer Data Privacy Act. Senator Michael Moore, who was the Senate Chair of the Committee last session, and Senator Cynthia Creem re-introduced the Massachusetts Data Privacy Act (SD267). And Senator Barry Finegold re-introduced the Massachustts Information Privacy and Security Act (SD2355). The New Jersey Data Privacy Law took effect on January 15. While the law is still based on the industry-favored Connecticut Data Privacy Act, New Jersey legislators closed some loopholes and granted limited rulemaking authority to the state's Attorney General. |
FCC Chairwoman Rosenworcel released a Declaratory Ruling and Notice of Proposed Rulemaking “Protecting the Nation’s Communications Systems from Cybersecurity Threats”, explicitly in response to the Salt Typhoon attacks granting China-supported hackers access to lawful federal wiretap and data collection requests authorized by the Communications Assistance for Law Enforcement Act.
On January 2, the Sixth U.S. Circuit Court of Appeals issued a decision in In re: MCP No. 185 Open Internet Rule (FCC 24-52) or Ohio Telecom Association v. FCC overturning the Federal Communications Commission’s 2024 “Net Neutrality” rules due to alleged lack of statutory authority. This is a significant blow to consumer privacy from predation by internet service providers (ISPs), especially in light of the recent Federal Trade Commission staff report outlining the data broker and consumer profiling practices of ISPs. |
|
Time
The New York Times
CyberScoop The National Law Review |
|
|
The Record
Tech Policy Press
Bloomberg Law Spectrum News 1 |
|
|
Platform Accountability & GovernanceOnline platforms increasingly permeate our lives. We use them to find and read the news, to buy goods, to find and book travel, to date, to find a place to live, and more. EPIC advocates for platform governance and accountability policies that protect the speech, privacy, anti-discrimination, and safety rights of internet users. Learn more about EPIC's Platform Accountability & Governance work here. |
Support Our WorkEPIC's work is funded by the support of individuals like you, who help us to continue to protect privacy, open government, and democratic values in the information age. Donate today at epic.org/donate. |
|
|
|
Copyright © 2025 Electronic Privacy Information Center, All rights reserved.You received this email because you subscribed to our list. The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. The EPIC Alert doesn’t track you when you open it or click on any links. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.Our mailing address is:} Electronic Privacy Information Center (EPIC)
1519 New Hampshire Avenue NW
Washington, DC 20036
USA
You can unsubscribe at any time.Powered by EmailOctopus |
|
|
|
