Featured Post:
In Anderson v. TikTok, the ThirdCircuit Applies Questionable First Amendment Reasoning to Arrive at theCorrect Section 230 Outcome
Tom McBrien, EPIC Counsel

On August 27, the Third Circuit issued a decision in Anderson v. TikTok, an important case at the intersection of online platform accountability, Section 230, and the First Amendment. The case centered around the question of whether TikTok could invoke Section 230 of the Communications Decency Act to dismiss a lawsuit claiming that TikTok’s recommendation algorithm played a role in a child user’s accidental suicide. The opinion correctly held that Section 230 did not bar the claims to the extent that they alleged TikTok’s own algorithmic design caused the tragic circumstances, but it arrived at its decision through a questionable First Amendment analysis instead of careful Section 230 reasoning. TikTok is now asking the entire Third Circuit to re-hear the case and overturn the initial ruling.

More EPIC Analysis:

California Legislative Session Roundup: Which Key Privacy and AI Bills Were Enacted and Which Were Vetoed?
Kara Williams, EPIC Law Fellow

CFPB Finalizes Strong Personal Financial Data Rights Rule with Data Minimization Requirements
The Consumer Financial Protection Bureau has finalized new regulations to implement Section 1033 of the Dodd-Frank Act. The rule promotes financial inclusion and lays down some of the strongest consumer privacy protections in federal law. The new rule gives consumers more control over their own financial information, empowering individuals to access their financial information and share it with other financial institutions and third-party financial services providers. The rule also features robust data protection requirements for third parties authorized by a consumer to access their financial information, including data minimization obligations, limits on secondary uses of personal data, and data security standards.

EPIC, NCLC and 24 Organizations Urge FCC to Protect Consumer Privacy and Security in Implementing AI Robocall Mitigation Tools
EPIC joined the National Consumer Law Center (NCLC) and 24 other organizations in strongly urging the Federal Communications Commission to preserve consumer privacy while it considers new solutions to prevent unwanted robocalls and scam calls in light of the prevalence of AI.

FCC Requires T-Mobile to Implement Some Data Minimization and Zero-Trust Architecture
The Federal Communications Commission has entered into a consent decree with T-Mobile for multiple data breaches from 2021 to 2023, requiring the company to pay fines, modernize its information security practices, and implement data minimization practices and zero trust architecture. The breaches caused a variety of customer proprietary network information and personal information to be exposed.

EPIC Urges CFPB to Grant Petition Addressing Coerced Debt
EPIC filed a letter comment with the Consumer Financial Protection Bureau in support of a petition by the National Consumer Law Center and the Center for Survivor Agency and Justice urging the CFPB to open a Fair Credit Reporting Act rulemaking to address issues of coerced debt.

EPIC Urges CBP to Pause its Expansion of Facial Recognition at the Border
EPIC submitted comments to U.S. Customs & Border Patrol urging it to refrain from expanding the use of facial recognition technology as part of its Biometric Entry-Exit Program. The proposed expansion would deploy facial recognition to identify individuals in moving vehicles crossing the border. Travelers in an estimated 2 million vehicles are expected to be captured by the technology.

EPIC, Coalition Offer Recommendations to Strengthen Surveillance Technology Export Regulations
EPIC joined several other organizations in comments on the U.S. Commerce Department’s proposed rule to strengthen surveillance technology export regulations. The proposed rule would help limit the proliferation of surveillance technologies “used in the facilitation of human rights violations and/or abuses.” As the coalition noted, human rights violations “close democratic space, harm the ability of human rights defenders and journalists to do their work, and undermine U.S. national security and foreign policy objectives.”

EPIC, Coalition Demand Estimate of U.S. Persons’ Communications Incidentally Collected Under FISA Section 702
In a letter to the Director of National Intelligence and the Director of the National Security Agency, a coalition of civil society organizations demanded the intelligence community publish the previously promised estimate of the number of U.S. persons’ communications collected “incidentally” under Section 702 of the Foreign Intelligence Surveillance Act. As the coalition notes, “this information has been requested by legislators since at least 2011, and by civil society organizations since at least 2015.”

EPIC and ACLU Encourage NIST to Advance Privacy and Equity in Digital Identity Guidelines
EPIC and the ACLU submitted joint comments urging the National Institute of Standards and Technology (NIST) to center equity, accessibility, and privacy in the Second Draft of its Digital Identity Guidelines. In addition to echoing our previous comments on the First Draft, EPIC and ACLU recommended that NIST’s Digital Identity Guidelines (1) refocus fraud management guidance around large-scale, organized fraud schemes, (2) depreciate services that rely on third-party providers or foster second-order risks within the private sector, (3) strengthen the Guidelines to promote greater equity, (4) further emphasize anonymous and pseudonymous authorization mechanisms, and (5) rethink the user groups model.

EPIC Files Complaint Urging the FTC to Investigate OpenAI’s GPTs and Third-Party APIs
In a complaint, EPIC called on the Federal Trade Commission to investigate OpenAI for failing to meet established public policy standards for responsible AI use and development, offering products with unsafe security, privacy, and business practices, perpetuating unfair and deceptive practices in their product development and release, and causing significant consumer harm.

White House Publishes Memorandum and Framework for Governing the Use of AI in National Security
The Biden-Harris Administration issued a “Memorandum on Advancing the United States’ Leadership in Artificial Intelligence; Harnessing Artificial Intelligence to Fulfill National Security Objectives; and Fostering the Safety, Security, and Trustworthiness of Artificial Intelligence.” The memo fills a specific requirement of Executive Order 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, which required a National Security Memorandum to be developed on the use of AI in national security systems.

OMB Finalizes Guidance on Federal Government AI Procurement
The Office of Management and Budget (OMB) released its final guidance on the federal government’s procurement of AI. The guidance comes after President Biden’s Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence tasked OMB with providing initial guidance on the matter, and follows OMB’s previous guidance on federal government use of AI, published in May.

EPIC and Consumer Advocates Sue Tenant Screening Company for Unfair and Deceptive Algorithmic Practices
EPIC and the National Association of Consumer Advocates have filed suit against tenant screening company, RentGrow, for unfair and deceptive practices tied to their automated tenant screening reports. The lawsuit, brought under the D.C. Consumer Protection Procedures Act, alleges that RentGrow automatically generates tenant screening reports that contain serious errors and biases. These errors and biases can cause consumers across the District—most often those from marginalized populations—to lose out on housing opportunities through no fault of their own. Worse still, the complaint alleges that RentGrow neither vets the third-party information it uses to generate tenant screening reports nor monitors its services for errors and biases that could harm consumers.

EPIC Urges NY Attorney General To Center Data Minimization and Age Determination Best Practices in Rulemaking for NY SAFE for Kids Act
EPIC submitted comments with the Center for Digital Democracy urging the New York Attorney General to center privacy and age determination best practices in its rulemaking to implement the New York SAFE for Kids Act. While the NY Safe for Kids Act does not regulate speech, EPIC encouraged the NY Attorney General to craft regulations anticipating a First Amendment challenge in line with the trend of Big Tech interests similarly challenging a broad swath of other kids’ online privacy and safety laws.

EPIC Celebrates Global Encryption Day 2024
October 21 was 2024’s Global Encryption Day, a day to highlight the key role encryption plays for keeping personal information secure from prying eyes. Encryption is one of the most important technological mechanisms for protecting the privacy and security of data and data systems, but it continues to come under attack by governments seeking to maximize the reach of their investigatory powers.

Privacy Laws and Amendments Go into Effect in Montana and Connecticut
After a flurry of activity on privacy at the state level this year, two states saw their privacy legislation go into effect. Connecticut amended its Connecticut Data Privacy Act, which has been in effect since July 1, 2023. The amendments related to minors’ privacy went into effect on Oct. 1. The amendments place limits on companies’ ability to use the personal data of children and teens for targeted advertising or profiling or to sell their personal data and require companies that serve minors to conduct specialized data protection assessments. The Montana Consumer Data Privacy Act also went into effect on Oct. 1. The law is substantially the same as the unamended Connecticut Data Privacy Act.

EPIC Testifies in Support of DC Consumer Health Information Privacy Protection Act
EPIC Counsel Suzanne Bernstein testified before the DC Council Committee on Health on Oct. 17 in support of Bill 25-0930, the Consumer Health Information Privacy Protection Act (CHIPPA). CHIPPA would provide privacy protections for consumer health data and is modeled closely off of Washington State’s My Health My Data Act that went into effect earlier this year. Suzanne’s testimony provided an overview of health data privacy risks that CHIPPA would mitigate and highlighted central provisions of the bill.

CFPB Issues New Guidance to Protect Workers from Digital Surveillance Using Third-Party Consumer Reporting Tools
The Consumer Financial Protection Bureau has issued guidance to protect workers from digital surveillance. The guidance states that companies using background dossiers, AI powered or algorithmic scoring tools, and other third-party consumer reports must adhere to the Fair Credit Reporting Act. These third-party consumer reporting tools can be used to predict worker behavior (including the likelihood that an employee will join a union or leave their job) reassign workers based on employee performance and availability, issue automated disciplinary actions to employees (often without human oversight), and evaluate workers’ social media activity.