EPIC - Electronic Privacy Information Center

04/02/2026

On Tuesday, EPIC and 63 other civil society organizations sent a letter strongly opposing plans to integrate facial recognition into Meta glasses to Meta, Ray-Ban’s parent company, the White House, the FTC, the DOJ, several state attorneys general, and the leaders of key congressional committees.

The letter is EPIC’s latest step to respond to the New York Times’s reporting in February that Meta plans to embed facial recognition technology into its smart glasses as soon as this year.

As the letter states, “Integrating facial recognition into Meta glasses is a dangerous and reckless plan that will harm both users and the entire public, regardless of whether they use Meta products, whether they consent, whether they are a public figure or layperson, and whether they even know about it.”

Read more:

On Tuesday, EPIC joined 63 other civil society organizations in a letter vehemently opposing plans to integrate facial recognition into Meta glasses.

04/01/2026

Last week, EPIC joined two former FCC chairs and five other consumer advocacy groups to submit an amicus brief to the U.S. Supreme Court in cases regarding the FCC’s ability to hold wireless carriers accountable for violating consumers' privacy rights.

The cases, FCC v. Verizon and AT&T v. FCC, were filed in response to financial penalties issued to four major wireless carriers in 2020 for apparently selling access to their customers’ location information without taking reasonable measures to protect customers’ sensitive location information. An FCC investigation found that the carriers failed to protect their customers, which Verizon and AT&T appealed in court.

“Given the availability of the very thing the carriers complain is missing here—a jury trial—the carriers’ challenge has lost its signal,” the brief notes. “Most notably, the carriers do not deny their wrongdoing here.”

Read more:

EPIC joined two former FCC chairs and five other consumer advocacy groups in an amicus brief to the U.S. Supreme Court on March 27 in consolidated cases regarding the FCC’s ability to hold wireless carriers accountable for selling customers’ location data without proper safeguards....

03/31/2026

Last week, EPIC's scholar-in-residence Justin Sherman posted a blog about which data brokers are selling U.S. data to foreign actors, according to California's registry. Then something strange happened.

Data brokers started reaching out, claiming that they do not in fact sell or share data with foreign actors (in this case defined as: North Korea, China, Russia, or Iran). But the information in California’s registry is provided by data brokers themselves, meaning brokers are the ones telling the state they do.

The apparent inaccuracy of registry entries for at least seven of these brokers underscores an important point: Attempting to conduct oversight on data brokers via self-reported data is a fool’s errand.

As Sherman noted: "In addition to brokers that say they erroneously reported that they did sell data to 'foreign actors' under California’s law, it is also possible that there are data brokers that erroneously reported that they did not sell data to said 'foreign actors' when they in fact did so."

EPIC has long advocated for more regulation of these companies. This situation exemplifies why.

Data brokers who can't accurately fill out a legal document to report information about their own business practices certainly can't be trusted to regulate themselves.

Read more:

On March 24, California released an updated registry of data brokers—companies in the business of collecting, inferring, aggregating, and selling people’s data

03/30/2026

EPIC Deputy Director Caitriona Fitzgerald spoke today at the IAPP Global Summit on a panel entitled “Less Is More: Why Data Minimization Matters to Privacy Laws.”

"The current state of online tracking and data abuse makes it pretty clear why data minimization matters,” she said. “Every minute of every day, our personal data is gathered in ways we don’t expect. A real data minimization rule is key to ensuring that data collection and use actually relate to the purposes the consumer expects."

The panel also featured Maureen Mahoney of CalPrivacy and Kate Goodloe of the Business Software Alliance, and IAPP’s Cobun Zweifel-Keegan moderated. The main conference runs through tomorrow, and workshops and trainings take place through Thursday.

For more information: https://iapp.org/

03/27/2026

On Thursday, EPIC Counsel Kara Williams gave testimony urging the Maryland Senate Finance Committee to amend a bill that seeks to regulate companion chatbots.

While EPIC supports the goals of the bill—preventing the devastating harms companion chatbots are causing— as drafted, the legislation is ineffective at solving these harms and opens Maryland up to significant litigation risk.

EPIC suggested several ways to amend the bill to make it workable, effective, and less vulnerable to First Amendment challenges, in part by tailoring its language to address chatbots more specifically.

“Big Tech companies are currently operating with very few rules and very little oversight, and they’ve proven time and time again that they cannot be trusted to self-regulate,” Williams testified. “Thus, it is essential that the Committee advance a bill that sets clear rules of the road for chatbot providers to protect Marylanders from chatbot harms.”

Read Williams’ testimony in full here:

EPIC suggested several ways to amend the bill to make it workable, effective, and less vulnerable to First Amendment challenges.

03/27/2026

EPIC's expert team is hard at work in service of a huge goal: stopping the surveillance state.

We've been developing new litigation strategies to hold surveillance companies accountable, urging limits on the government’s use of data brokers, pushing for federal legislation to limit law enforcement’s use of facial recognition, creating a detailed database of ICE’s surveillance machine, and much more.

And now more than ever, we need your support. Will you join the fight?

Learn more and donate here: https://epic.org/stop-the-surveillance-state/

03/26/2026

EPIC Senior Counsel Sara Geoghegan testified on March 23 before D.C. City Council's Committee on Health in support of the Personal Health Data Security Amendment Act of 2025.

The bill is designed to provide meaningful privacy protections for District residents’ sensitive health data. It would:

1. Prohibit geofencing around facilities that provide health services;
2. Require the entities that handle personal health data to publish clear privacy policies;
3. Mandate consent before the collection or disclosure of any personal health data; and
4. Create a right to deletion.

EPIC commended the bill’s sponsors while also urging the Council to remove the notice-and-choice provisions in the bill that tie limitations on data collection and use to language contained in privacy policies. Instead, the bill should include data minimization provisions that tie businesses’ obligations to the purpose for which data is collected—not what companies allow in their own privacy policies.

Read more about the bill, submit testimony, and watch the hearing here:

EPIC Senior Counsel Sara Geoghegan testified on March 23 before the D.C. City Council’s Committee on Health in support of the Personal Health Data Security Amendment Act of 2025. 

03/25/2026

🚨SOCIAL MEDIA COMPANIES HAVE BEEN NEGLIGENT, JURY FINDS IN LANDMARK PRODUCT LIABILITY CASE🚨

In a monumental win for social media safety advocates like EPIC, a California jury just found Meta and Google liable for designing their platforms to addict child users.

This verdict is in line with EPIC’s long-held position: Social media platforms are products. They are created and released by companies that must be held accountable when their products harm people, just like a charger that starts a fire or faulty airbags that fail to deploy in a car crash.

This is just the first of many seeking cases to hold tech giants liable for their harmful conduct. More than 2,000 plaintiffs are alleging social media companies like Meta, Snapchat, TikTok, and Alphabet knowingly designed addictive products that expose children to predators, exploitation, and self-harm.

Meta and YouTube face $3 million in compensatory damages for pain and suffering as well as other financial penalties. The jury will now consider whether the companies should pay further punitive damages for malice or fraud.

Read more:

Today, a jury in California found Meta and Google negligent for designing their platforms to addict child users in what is set to be one of the most important social media trials to date.

03/20/2026

We've nearly reached the end of , ☀️ an annual celebration of some of our favorite things here at EPIC: public records, open government, and freedom of information.

Much of our work at EPIC strives to ensure that the government is open about its data collection and privacy practices.

We often file lawsuits under open records laws such as the Freedom of Information Act (FOIA) to obtain information from the government about surveillance and privacy policy, which helps us, other organizations, and the public hold the government accountable.

FOIA requests are rarely easy—sometimes the government tells us they'll hand over the record we're asking for some time in the next 10 years—and they've been getting increasingly more difficult.

The number of federal FOIA requests has nearly doubled in the past five years, according to the DOJ, as staffing levels have remained stagnant. At the same time, the Trump Administration's massive layoffs have hollowed out FOIA offices, leaving them unable to keep up with demand.

EPIC has a long track record of suing under FOIA to obtain information that impacts critical privacy interests. We use the information obtained under the FOIA to educate the public about secretive government activity, reveal government misconduct, and change agency practices.

To continue doing that work, especially in today's fraught political environment, we need your support.

Consider joining EPIC's Stop the Surveillance State campaign today to help us keep government accountable.

Systems built to target ads and fuel tech profits have become systems of government control, and they are threatening the foundations of our democracy.

03/20/2026

The Trump Administration’s newly released recommendations for a national policy framework on AI protects corporate interests, not public interests.

It includes:

• Open instructions to preempt state laws that may “act contrary to the United States’ national strategy to achieve global AI dominance;”
• Directives to incorporate AI training into education and workforce training;
• A mandate to make federal datasets available for AI training; and
• Suggestions that AI infrastructure permitting should be “streamlined.”

The framework makes no mention of general privacy protections or AI’s use of personal data, but contains an entire section under the guise of protecting free speech which, in practice, is meant to ensure that AI companies carry conservative viewpoints.

The framework “it is light on protection and heavy on promotion of dangerous AI systems,” EPIC Executive Director and President Alan Butler said.

“The American people deserve better, and Congress should do better than this.”

Read more here:

The White House’s framework would promote corporate interests over the public interest. It is light on protection and heavy on promotion of dangerous AI systems. The American people deserve better, and Congress should do better than this.

03/19/2026

In a letter to OpenAI on Wednesday, EPIC and a diverse coalition of civil society groups and child safety advocates urged the company to withdraw its AI safety ballot initiative in California.

Despite its name, the Parents & Kids Safe AI Act, the initiative was designed to protect OpenAI, not children.

It cements child-safety protections that are too narrow, limits families' ability to sue, and sets the dangerous precedent that the companies responsible for these harms can write the rules that govern them.

“It is clear from the language of the initiative that OpenAI's interest is not in protecting kids through this initiative, but instead in protecting itself from liability, smothering its competitors, and dodging accountability by writing its own rulebook,” the letter reads. “We must get protections for our children right — especially in a state that has been a leader on tech policy.”

Read the letter in full here:

In a letter sent to OpenAI on Wednesday, EPIC and a diverse coalition of child safety advocates, civil society groups, and technology policy organizations called on OpenAI to fully withdraw its AI safety ballot initiative in California. 

03/19/2026

EPIC is proud to endorse the bipartisan Government Surveillance Reform Act. Sens. Ron Wyden and Mike Lee and Reps. Warren Davidson and Zoe Lofgren introduced the bill this week to protect Americans’ rights and tamp down on warrantless government surveillance.

The bill is part of broader efforts to reform Section 702 of the Foreign Intelligence Surveillance Act (FISA), which is up for reauthorization this year. It incorporates some key reforms that EPIC has called for, including:

1. Requiring a warrant before searching Americans’ communications that were collected without a warrant under Section 702;
2. Closing the data broker loophole that the federal government exploits to warrantlessly access information protected by the Fourth Amendment, including location and internet browsing data; and
3. Bolstering oversight and accountability through the courts, public reporting, and installing accountability requirements in FISA.

Learn more about the bill here:

This week, Senators Ron Wyden and Mike Lee, along with Representatives Warren Davidson and Zoe Lofgren, introduced the updated Government Surveillance Reform Act (GSRA) to protect Americans’ rights and tamp down on warrantless government surveillance. The bicameral, bipartisan bill is part of broa...