Issue 32.2
February 28, 2025

Top Updates

EPIC, Democracy Forward, and a federal worker filed suit against the so-called “Department of Government Efficiency” (DOGE) over its illegal seizure of personnel records and payment system data—actions which constitute the largest data breach in American history. A federal court in Virginia declined to temporarily halt access. However, the judge indicated evidence of further data disclosure could change the different ruling: EPIC remains hopeful that we will prevail in this battle. ➔
EPIC testified before the Connecticut Legislature on two bills, one that would strengthen Connecticut's privacy law with a stronger data minimization standard and another that would regulate high-risk AI systems. ➔
EPIC joined a coalition letter and issued a statement condemning President Trump’s executive order claiming to bring independent agencies under his direct control, which endangers the bipartisan work of the Federal Trade Commission, Federal Communications Commission, and other independent agencies to protect consumers and safeguard personal data. ➔

Join OUR DIGITAL RIGHTS FIRST CAMPAIGN

We are more than halfway to our Digital Rights First Campaign goal! Join us today to raise $1,000,000 by June 2025. Generous donors have pledged to match donations, so your gift today will have triple the impact.

Your support makes our work to combat privacy violations, move forward comprehensive state privacy laws, and call attention to issues like surveillance pricing possible.

Donate Now & Triple Your Impact

Analysis from EPIC

Featured Post:

Kroger’s Surveillance Pricing Harms Consumers and Raises Prices, With or Without Facial Recognition

Mayu Tobin-Miyaji, EPIC Law Fellow

Every time you step into a grocery store, you step into a machinery of data that tracks, analyzes, shares, and influences your shopping behavior. Based on shopping history and data shared from data brokers—including internet browsing history and online purchases—grocery stores may infer your age, gender, race, economic status, family makeup, health conditions, or other lifestyle characteristics. Grocers build detailed profiles of consumers to nudge them towards shopping choices that increase their profits, whether through different prices or personalized discounts and offers—at the expense of the consumer.

More EPIC Analysis:

Scraping for Me, Not for Thee: Large Language Models, Web Data, and Privacy-Problematic Paradigms

Justin Sherman, EPIC Scholar in Residence

Paying for Iris Scans: AI-Fueled Surveillance Harms

Justin Sherman, EPIC Scholar in Residence

News

Consumer Privacy

Privacy, Cybersecurity, and Data Broker Expert Justin Sherman joins EPIC as Scholar in Residence

Justin Sherman, a widely recognized expert in privacy, cybersecurity, and data brokers, is joining the EPIC as Scholar in Residence in 2025. EPIC has a long history of advocating for privacy regulation, cybersecurity safeguards, and oversight of data brokers, and Justin’s expertise will contribute enormously to that work.

EPIC Denounces Administration’s Assault on Consumer Financial Protection Bureau

The Trump administration and associates of Elon Musk have engaged in an escalating series of attacks on the Consumer Financial Protection Bureau, effectively shutting down a vital federal agency that protects consumers from harmful business and data practices by banks and other financial institutions. EPIC condemned this coordinated assault on consumers, which undermines one of the most effective champions for the public interest anywhere in government.

FCC Proposes $4.5MM Fine for Provider Failing to Vet Customers Before Transmitting Scam Calls Impersonating FCC

The Federal Communications Commission proposed an enforcement action against Telnyx, a voice service provider, for transmitting scam calls on its network from new customer accounts, de facto evidence that Telnyx did not adequately conduct due diligence before transmitting calls from its new customers.

Data Protection

EPIC Signs Coalition Letter Seeking to Preserve Independent Agencies

EPIC joined dozens of groups in a coalition letter to President Trump expressing alarm at his attempts to curtail the legal authority of independent agencies, such as firing Democratic appointed Commissioners and issuing an Executive Order that would place independent agencies under direct presidential control.

Court Declines (For Now) EPIC’s Call to Block DOGE Access to Personal Data at Treasury & OPM

A federal court in Virginia declined to temporarily halt access by the “Department of Government Efficiency” to vast databases of personal data at the Treasury Department and Office of Personnel Management, denying a motion by EPIC and an anonymous government worker to enter a temporary restraining order.

EPIC Condemns Executive Order Illegally Undermining Independent Agencies

President Trump’s latest executive order claiming to bring independent agencies under his direct control is an illegal and unprecedented assault on the guardrails Congress has long used to protect regulators from undue political interference. EPIC condemned the order, which endangers the bipartisan work of the Federal Trade Commission, Federal Communications Commission, and other independent agencies to protect consumers and safeguard personal data.

EPIC, Democracy Forward, and Federal Worker Sue DOGE for Illegal Seizure of Personal Data From Treasury, Personnel Systems

EPIC, Democracy Forward, and a federal worker filed suit against the so-called “Department of Government Efficiency” (DOGE) over its illegal seizure of personnel records and payment system data—actions which constitute the largest data breach in American history. Our suit aims to shut down unlawful access to agency data systems and restore the privacy and security safeguards that the Elon Musk-run DOGE has blatantly violated.

Surveillance Oversight

EPIC, Coalition Urge Congress Restore Privacy Oversight Board’s Independence from White House

EPIC joined over 26 civil society organizations in demanding that Congress re-double its oversight activities to ensure that the Privacy and Civil Liberties Oversight Board retains its independence and continues its work free from White House interference.

AI & Human Rights

EPIC Testifies in Support of Connecticut Bill on Algorithmic Discrimination

EPIC Law Fellow Kara Williams testified in support of Connecticut S.B. 2, which seeks to regulate the development and use of high-risk AI systems. EPIC’s testimony focused on why bills like S.B. 2 are urgently needed because they address harms from companies using high-risk AI systems in making important decisions about people’s lives.

EPIC Commends CPPA on Strong Proposed Regulations on Cybersecurity, Risk Assessments, and ADMTS

EPIC, along with the Consumer Federation of America, submitted comments to the California Privacy Protection Agency on the Proposed Rulemaking Regarding Cybersecurity, Risk Assessments, and Automated Decisionmaking Technology. EPIC and CFA recommend six ways to strengthen the ADMT regulations.

EPIC Joins 100 Civil Society Organizations Urging Lawmakers to Acknowledge Environmental Harms of AI and Outlining Bold Vision for Keeping AI Within Planetary Limits

As world leaders and industry executives prepared for the AI Action Summit in Paris, a hundred civil society organizations, including EPIC, call for them to urgently acknowledge the true environmental harms of AI.

Google Rolls Back Responsible AI Principles, Breaking Promise to Limit Military Use of Its Products

Google announced an overhaul of the company’s Responsible AI principles. These principles were developed in 2018 in response to outcry against Google’s contract with the Department of Defense on Project Maven at the time. Google did not renew its contract and made commitments not to develop weapons, certain surveillance systems, or technologies that undermine human rights.

Platform Accountability & Governance

EPIC Testifies in Support of Vermont Age Appropriate Design Code

EPIC Counsel Suzanne Bernstein testified before the Vermont Senate Committee on Institutions in support of S. 69, the Vermont Age Appropriate Design Code (AADC). In her testimony, Suzanne illustrated how the Vermont AADC would protect kids’ privacy, enhance kids’ autonomy, and ensure their online safety by prohibiting abusive data and design practices.

Privacy Laws

EPIC Testifies in Support of Updates to Connecticut Data Privacy Act

EPIC Deputy Director Caitriona Fitzgerald testified before the Connecticut Joint Committee on General Laws in support of updates to the Connecticut Data Privacy Act, SB 1356. In her testimony, Fitzgerald stressed the importance of updating the data minimization standard in the CTDPA to mach the standard set in the Maryland Online Data Privacy Act last year.

EPIC, Consumer Groups Oppose Weak Privacy Bill in New Mexico

EPIC, Consumer Reports, Consumer Federation of America, U.S. PIRG, and Common Sense sent a letter to the New Mexico House Commerce and Economic Development Committee in opposition of H.B. 410, a weak privacy bill. EPIC recently testified before the same Committee on a much stronger privacy bill in New Mexico, and the letter from consumer groups urged the Committee to give a favorable report to that bill instead.

EPIC Testifies in Support of Data Broker Registry in Maryland

EPIC Deputy Director Caitriona Fitzgerald testified before the Maryland House Economic Matters Committee in support of HB 1089, the Building Information Guardrails Data Act of 2025. The bill creates a data broker registry in Maryland and taxes the income of data brokers to fund various government services, including enforcement of the Maryland Online Data Privacy Act by the Attorney General’s Office.

Virginia Legislature Passes Weak AI Bill Full of Loopholes

The Virginia Legislature passed H.B. 2094, a bill that aims to protect individuals from being harmed by the use of high-risk AI systems in consequential decisions, but unfortunately fails to meet this goal.

Washington Committee Votes to Advance Strong Privacy Bill

The Washington state House Committee on Technology, Economic Development, and Veterans voted to advance H.B. 1671, the People’s Privacy Act, out of committee. The legislation is based on EPIC and Consumer Reports’ model state privacy bill. EPIC testified in support of the bill and urges the Washington Legislature to pass this important legislation to protect the privacy of Washingtonians.

Cybersecurity

Apple Pulls Encrypted Cloud Services and Rejects United Kingdom Request to Create Backdoors to Encrypted Servers

Encryption is at risk in the United Kingdom. On February 7, it was reported that the United Kingdom sent notices to Apple requesting blanket capability to view fully encrypted material across Apple’s customer base, going further than its previous requests for assistance in cracking particular accounts. EPIC, along with 238 other civil society organizations, cybersecurity experts, and others, urged the U.K. Home Secretary to rescind its demand for this unprecedented back door to the world’s second largest provider of mobile devices.

EPIC in the News

DOGE wants access to your tax and Social Security data. These two laws are supposed to protect you

CNN

Google Ad-Tech Users Can Target National Security ‘Decision Makers’ and People With Chronic Diseases

WIRED

DOGE Is Not Here to Help With Your Taxes

The Contrarian

New Google ad tracking policy a ‘Pandora’s box’ for privacy, experts warn

The Record

DOGE efforts to access private data spark sharp pushback

The Hill

In Breaking USAID, the Trump Administration May Have Broken the Law

ProPublica

Can He Do That? What Legal Experts Say About Trump’s Most Radical Moves

TIME

ICE Wants to Know If You’re Posting Negative Things About It Online

The Intercept

DOGE Gains Access to Confidential Records on Housing Discrimination, Medical Details — Even Domestic Violence

ProPublica

EU vs. US or People vs. Billionaires?

The Nation

Conflicts over access to Americans' personal data emerging across federal government

IAPP

Meta Could Face Suit By Federal Government Over Financial Ads

MediaPost

Issue Highlight

Privacy Laws
EPIC maintains a variety of resources on U.S., state, and international data protection laws to educate policymakers and others interested in learning about privacy and civil liberties issues. Learn more about EPIC's work with Privacy Laws here.

Support Our Work
EPIC's work is funded by the support of individuals like you, who help us to continue to protect privacy, open government, and democratic values in the information age. Donate today at epic.org/donate.

Reach out to EPIC

Learn about EPIC's staff here or contact info@epic.org.

Copyright © 2025 Electronic Privacy Information Center, All rights reserved.

You received this email because you subscribed to our list. The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. The EPIC Alert doesn’t track you when you open it or click on any links. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.

Our mailing address is:}
Electronic Privacy Information Center (EPIC)
1519 New Hampshire Avenue NW
Washington, DC 20036
USA

You can unsubscribe at any time.
Powered by EmailOctopus