EPIC hosted the 2024 Champions of Freedom Awards honoring three Champions of Freedom, one Privacy Champion, and one Lifetime Achievement Awardee (in memoriam): 

• Senator Sara Love of Maryland, Representative Maggie O’Neil of Maine, and Representative Monique Priestley of Vermont
• Damon Hewitt, President and Executive Director, Lawyers’ Committee for Civil Rights Under Law
• Ross Anderson

You can watch the livestream of the awards ceremony here: epic.org/sept25.

Featured Post:
The State Data Privacy Act: A Proposed Model State Privacy Bill
Caitriona Fitzgerald, EPIC Deputy Director and Kara Williams, EPIC Law Fellow

The fight for strong state privacy laws has been challenging. In recent years, industry lobbyists have been successful in getting weak privacy laws passed in several states. But last legislative session, the tide started turning. Early last year, EPIC proposed a compromise privacy bill for states to consider modeled on the bipartisan consensus language in the American Data Privacy and Protection Act. But we have heard from many lawmakers that they would prefer to strengthen existing state laws rather than enact a new framework. With this in mind, we chose the Connecticut Data Privacy Act (CTDPA) as base text to build from, as the CTDPA is the bill most often cited by industry as the model they would like states to adopt. Strengthening the CTDPA provides consistency for businesses while giving consumers meaningful privacy protections.

More EPIC Analysis:
 
The Department of Transportation’s Underused Privacy Authority
Anna Young, EPIC Law Clerk

FTC Report on Streaming and Social Media Companies Emphasizes Privacy, Security, and AI-Related Risks
The Federal Trade Commission published the results from its 6(b) study on streaming and social media companies, detailing vast commercial surveillance of consumers—including non-users—for the purposes of monetizing of their personal information. The report, “A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services,” calls on Congress to enact comprehensive federal privacy legislation and measures to protect teen users online.

EPIC Publishes Model Privacy Bill as Practical Solution for States
EPIC, along with Consumer Reports, published the “State Data Privacy Act,” a model bill for states that provides meaningful privacy protections, prohibits data-driven discrimination, and allows consumers to hold businesses accountable for violating their privacy. This model legislation builds upon the Connecticut Data Privacy Act—a version of which has been enacted in more than a dozen states—but which fails to adequately protect privacy. The State Data Privacy Act builds important protections into Connecticut’s framework to provide necessary privacy protections while ensuring businesses can still thrive online.

EPIC’s Davisson testifies before House Energy & Commerce Committee
EPIC Director of Litigation John Davisson testified before the House Energy & Committee Subcommittee on Innovation, Data, and Commerce in a hearing focused on the Federal Trade Commission. The hearing on the evolution of the FTC and recent actions.

EPIC Applauds FTC Order Following Camera Hack and CAN-SPAM Violations
The FTC announced a proposed order against security firm Verkada, a seller of IP-enabled security cameras, on the heels of two data breaches and violations of the CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing). 

Civil Rights Commission Releases Report on the Federal Government’s Use of Facial Recognition Technology
The U.S. Commission on Civil Rights released the report The Civil Rights Implications of the Federal Use of Facial Recognition. The report detailed some of the risks of the federal government’s unfettered use of facial recognition technology, including the privacy risks created by “FRT’s potential for surveillance and covert use, paired with the widespread availability of personal information that can be associated with a facial image.” The report also discussed the civil rights risks and the accuracy and bias issues with facial recognition. The Commission recommended that Congress task NIST with developing a testing protocol to assess facial recognition in real-world circumstances, require the adoption of national training standards by entities seeking federal funding for facial recognition, and create a statutory process for legal redress for people harmed by facial recognition.

EPIC Urges European Commission to address surveillance gaps in First Periodic Review of EU-US Data Privacy Framework
EPIC filed comments with the European Commission urging the Commission to address surveillance gaps in the EU-US Data Privacy Framework and protect the privacy rights of EU residents. The Commission adopted an adequacy decision for the EU-US Data Privacy Framework in July 2023 despite the US Intelligence Community’s ability to engage in mass surveillance of EU residents. The adequacy decision provides a period of public review to take place within one year of the decision. Congress’ recent passage of the Reforming Intelligence and Securing America Act reauthorizing and expanding FISA Section 702 and the Biden Administration’s Executive Order 14086 implementing the Privacy Framework continue to undermine EU residents’ privacy rights under the GDPR.

FTC Takes Action Against Businesses Using Unproven, Deceptive, and Fraudulent AI Systems
The Federal Trade Commission’s Operation AI Comply is in full swing. The Commission’s new initiative aims to crack down on AI-infused frauds and deceptions to protect consumers from deceptive, inaccurate, and fraudulent AI-powered practices like chatbots, fake online reviews, or false claims of huge earnings. The Commission has taken action against DoNotPay, Ascend Ecom, Ecommerce Empire Builders, Rytr, and the FBA Machine for deceptive uses of AI that harmed consumers.

EPIC Urges FCC to Require More Disclosures Around AI Content in Political Ads—and Restrict AI Disinformation
EPIC filed comments to the Federal Communications Commission urging the agency to increase the granularity of information they plan on requiring broadcasters to disclose when airing political ads that use AI content.

In Texas Age Verification Case, EPIC Urges Supreme Court to Adopt Framework that Can Differentiate Unconstitutional Online Censorship Laws from Constitutional Kids’ Privacy and Safety Laws
EPIC submitted an amicus brief in Free Speech Coalition v. Paxton, an important Supreme Court case that could impact the viability of many recently enacted and proposed kids’ safety and privacy laws. EPIC believes that, while the Fifth Circuit decision in this case was too deferential to Texas and could lead to more online censorship if applied widely, an overly broad ruling in favor of Free Speech Coalition could enable tech companies to overturn important kids’ privacy and safety laws that do not burden anyone’s access to online content. EPIC urged the Court to use an analytical framework that can distinguish between unconstitutional censorship laws and constitutional privacy and safety laws.

EPIC Urges FCC to Provide Robust Oversight, Accountability, and Transparency in IoT Cybersecurity Label
EPIC submitted a comment to supplement the previously filed joint comments to call on the Federal Communications Commission to ensure robust oversight, accountability, and transparency for the Cyber Trust Mark program, a voluntary cybersecurity labelling program for Internet of Things.