|
|
EPIC testified in Massachusetts on a series of consumer privacy and surveillance pricing bills. EPIC Deputy Director Caitriona Fitzgerald published an accompanying op-ed in the Boston Globe explaining that data privacy laws are only as good as their consumer protections. ➔ EPIC—represented by Harvard's Cyberlaw Clinic—filed an amicus brief in Kohls v. Bonta, a case that addresses the balance between free speech and regulating misleading deepfakes that threaten election integrity. ➔ EPIC and partners urged the Consumer Financial Protection Bureau to finalize rules that would protect consumers from harm caused by data brokers. ➔
Director of Litigation John Davisson testified before the House Oversight Committee on the privacy implications of last month’s disclosure of 60,000 pages from the federal archive of JFK assassination records, which caused the release of hundreds of Social Security numbers. ➔
|
Featured Post: Justin Sherman, EPIC Scholar in Residence
Direct-to-consumer genetic testing company 23andMe has now filed for bankruptcy. “After a thorough evaluation of strategic alternatives, we have determined that a court-supervised sale process is the best path forward to maximize the value of the business,” its board chair said. It’s not just office chairs and corporate merch (from, yes, the “Gene Shop”) up for sale; a judge granted 23andMe permission to sell the trove of data it has gathered on people’s genetics, health, and ancestry, to the tune of more than 15 million customers.
More EPIC Analysis:
Mayu Tobin-Miyaji, Law Fellow
Megan Iorio, EPIC Senior Counsel & Tom McBrien, EPIC Counsel
Justin Sherman, EPIC Scholar in Residence |
EPIC joined numerous civil society organizations in opposing FCC Chair Brendan Carr’s deregulation-for-its-own-sake crusade entitled “in re: Delete, Delete, Delete.” In response to industry comments calling for the gutting of decades of privacy and consumer protection regulations, EPIC filed reply comments in support of existing FCC subscriber privacy and data security regulations, FCC rules capping prison phone rates, and more. EPIC joined the National Consumer Law Center, Prison Policy Initiative, and The Utility Reform Network in urging the First Circuit not to vacate FCC safeguards on prison phone systems that protect incarcerated persons and their families. The challenge, brought by telecom companies like Securus and several state governments, is at odds with Congress’s directive to the FCC to adopt protections under the Martha Wright-Reed Just and Reasonable Communications Act.
The Connecticut Attorney General’s office published a new report discussing trends after its first year enforcing of the Connecticut Data Privacy Act (CTDPA) and recommending legislative fixes that would allow the office to better protect consumers’ privacy. This report updates an earlier one discussing trends and legislative recommendations after six months of the CTDPA being in effect.
In a pair of comments to the FCC, EPIC and Wildflower Alliance urged the Commission to continue to treat 988, the national suicide hotline, differently from 911; to require enhanced privacy and cybersecurity measures due to the unique sensitivity of 988 data; and to articulate what legal authorities will safeguard help-seeker data.
EPIC joined the National Consumer Law Center in a comment responding to the Consumer Financial Protection Bureau’s request for information about consumer financial privacy. The comment emphasizes privacy risks resulting from digital payment platforms’ collection, use, and monetization of personal financial information.
A judge in the U.S. District Court for the Eastern District of Virginia ruled in favor of the Department of Justice in its case against Google for maintaining monopoly power in the advertising technology industry.
In a comment filed with the Consumer Financial Protection Bureau, EPIC, the National Consumers League, and Consumer Federation of America urged the CFPB to finalize rules that would protect consumers from harm caused by data brokers. The filing details how data brokers impose severe harm by degrading privacy, threatening national security, enabling scams and fraud against consumers, putting public officials and survivors of domestic violence in danger, and exacerbating discrimination against immigrant populations. |
The Fifth Circuit ruled that the Federal Communications Commission’s attempt to hold AT&T accountable for exposing Americans’ sensitive location information—one of the biggest scandals in recent telecom memory—should be vacated because the FCC did not hold a jury trial prior to assessing monetary damages.
The updated Children’s Online Privacy Protection (COPPA) Rule was published in the Federal Register last week, finalizing the much-needed modernization of the COPPA Rule. After a nearly 6-year rulemaking process, the Federal Trade Commission unanimously approved the updated COPPA Rule in January 2025, but it did not become effective until its publication. Finalizing the COPPA Rule improves the Commission’s ability to protect kids online. Members of the Elon Musk-run “Department of Government Efficiency” (DOGE) have reportedly infiltrated the Federal Trade Commission—the independent federal agency that protects consumers from Big Tech, privacy threats, and fraud—to pursue the DOGE’s agenda of seizing agency databases, illegally firing federal workers, and undermining protections for the public. |
EPIC Director of Litigation John Davisson testified before a working group of the House Oversight Committee on the privacy implications of last month’s disclosure of 60,000 pages from the federal archive of JFK assassination records. The disclosure, which broke from normal screening procedures used by the National Archives, caused the release of hundreds of Social Security numbers of people named in the records—many of whom are still living. |
EPIC joined a coalition of labor and consumer advocates to send a letter to the California Privacy Protection Agency urging the Agency to continue advancing draft regulations on the use of automated decisionmaking technologies. |
Platform Accountability & Governance |
In an amicus brief filed in Kohls v. Bonta, EPIC—represented by Harvard Law School’s Cyberlaw Clinic—asked the Eastern District of California Court to issue a narrow ruling recognizing that California’s “Deceptive Media in Advertisements” law (AB 2839) is facially constitutional. This case requires the court to carefully weigh two important values: free speech and fair democratic elections. EPIC’s brief seeks to aid the court in this task by illuminating aspects of deepfakes that make them dangerous to election integrity and worthy of regulating consistent with the First Amendment. |
The Arkansas Legislature passed the Arkansas Children and Teens Online Privacy Protection Act (HB 1717). The bill is modeled off the existing federal Children’s Online Privacy Protection Act (COPPA) framework but would build on COPPA’s existing protections extend those privacy protections for teens aged 13-16. EPIC Senior Counsel Sara Geoghegan testified in support of a bill banning surveillance pricing in front of the Massachusetts Legislature’s Joint Committee on Advanced Information Technology, the Internet and Cybersecurity. The bill, H.99 and S.49, An Act Relative To Surveillance Pricing In Grocery Stores, prohibits grocery stores from using surveillance pricing based directly or indirectly on biometric information collected on their premises. The Maryland General Assembly passed a law establishing a working group to study artificial intelligence, its impacts within the state, and potential avenues for regulation. While the bill that was voted out of the House failed to allocate any spots in the working group to public interest representatives, the Senate amended the bill in response to extensive civil society pushback. The working group now includes representatives from nonprofits focused on privacy, consumer protection, civil rights and liberties, and labor.
EPIC Deputy Director Caitriona Fitzgerald testified before the Massachusetts Legislature’s Joint Committee on Advanced Information Technology, the Internet and Cybersecurity in support of the Massachusetts Consumer Data Privacy Act and the Massachusetts Data Privacy Act. Both bills contain strong data minimization rules, restrictions on the sale of sensitive data, and a private right of action.
EPIC submitted comments in response to the House Energy and Commerce Committee’s Privacy Working Group’s request for information that urged the Committee to focus on data minimization and robust enforcement in any federal privacy bill. EPIC’s comments highlighted lessons learned from years of state-level advocacy on privacy laws and stated that a federal privacy law should provide a floor for states to build on top of rather than imposing a ceiling.
EPIC joined a coalition of advocacy groups in opposing a Connecticut bill on AI sponsored by Gov. Ned Lamont. Unfortunately, S.B. 1249 would not put any guardrails on the use of AI to make consequential decisions about the lives of Connecticut residents. The coalition letter urges the General Assembly to instead turn its attention to strengthening and passing legislation like S.B. 2, which works to address harms felt by Connecticut residents by the use of AI decision-making tools. Virginia Governor Youngkin signed a bill that amends the Virginia Consumer Protection Act to provide heightened protections for reproductive or sexual health information. The new law requires that entities obtain a person’s consent before collecting and sharing personal information related to reproductive or sexual health, including when derived from non-health related information. Critically, the law includes a private right of action to encourage compliance and ensure that Virginians can protect their rights in court. |
|
Boston Globe
The New York Times
Mother Jones The Markup The Record |
|
|
404 Media Gizmodo The Daily Dot NPR
StateScoop |
|
|
AI & Human Rights
Artificial intelligence and machine learning systems are being deployed in opaque and unaccountable ways that can harm individuals and exacerbate biases. EPIC advocates for transparent, equitable, and commonsense AI policy and regulations. Learn more about EPIC's work on AI & Human Rights here. |
Support Our WorkEPIC's work is funded by the support of individuals like you, who help us to continue to protect privacy, open government, and democratic values in the information age. Donate today at epic.org/donate. |
|
|
|
Copyright © 2025 Electronic Privacy Information Center, All rights reserved.You received this email because you subscribed to our list. The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. The EPIC Alert doesn’t track you when you open it or click on any links. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.Our mailing address is:} Electronic Privacy Information Center (EPIC)
1519 New Hampshire Avenue NW
Washington, DC 20036
USA
You can unsubscribe at any time.Powered by EmailOctopus |
|
|
|
