EPIC - Electronic Privacy Information Center

09/25/2025

Today, Massachusetts took a major step toward privacy!

The MA Senate voted unanimously to pass the Massachusetts Data Privacy Act (MDPA), setting some of the strongest consumer protections in the country, including:

-Data minimization provisions limiting the collection of personal data

-A prohibition on the sale of sensitive data, including the location data of visitors to the state

-Enhanced protections for minors’ personal data

-Strong civil rights language to prohibit digital discrimination

“EPIC commends the Senate for passing the Massachusetts Data Privacy Act, which puts meaningful limits on the over-collection and abuse of our personal data,” said Caitriona Fitzgerald, Deputy Director, Electronic Privacy Information Center (EPIC). “The MDPA combines the best consumer protections from other state laws to provide Massachusetts residents with some of the strongest privacy protections in the country while minimizing new compliance obligations for companies. EPIC appreciates the leadership of Senate President Karen Spilka, Majority Leader Cynthia Creem, and Senator Michael Moore on this critical and timely issue.”

Massachusetts is the latest state to push for stronger privacy protections. The MDPA builds on Maryland’s 2024 law and raises the bar for states’ efforts to safeguard the privacy of their residents. A unanimous Senate vote signals real momentum to rein in Big Tech’s exploitation of our personal data. Next stop for the MDPA: the Massachusetts House of Representatives!

BOSTON, MA — The Massachusetts Senate voted unanimously today to pass the Massachusetts Data Privacy Act. EPIC and Consumer Reports strongly support the MDPA.

09/24/2025

Big win for privacy: Multiple U.S. Courts of Appeals ruled that carriers (e.g. Verizon, T-Mobile, etc.) must protect your cell phone location data. This closes a 5+ year saga over whether carriers can sell/share that data without consent.

In 1996, Congress created legal protections that limited the ability of phone carriers to use and disclose customer information. In 2018, news reports revealed that carriers were selling location data, violating consumer privacy and enabling illicit surveillance.

FCC fined carriers ~$200M. Carriers sued to overturn, arguing that location data isn’t protected unless during a live call, that the FCC lacked the authority to fine them, and that the FCC’s process for issuing fines is unconstitutional.

Two Circuit Courts disagreed: location data “plainly” qualifies as Customer Proprietary Network Information (CPNI ), which is protected from unauthorized access and misuse, and the FCC can enforce privacy rules.

The Fifth Circuit, despite agreeing with carriers about the constitutionality of FCC fines, said: “No one denies the Commission’s authority to enforce laws requiring telecommunications companies like AT&T to protect sensitive customer data.”

This summer, these Courts largely ruled in favor of subscriber location privacy, in at least one instance mirroring arguments from EPIC-led civil society amicus briefs. Carriers have a legal duty to protect your location data—even when you’re not on a call, and to conduct oversight of third parties who might exploit that data. This win represents a great stride for consumer privacy & data security.

It feels like a rare treat these days to be able to share positive updates related to our privacy and cybersecurity work. But we are happy to report that three different courts of appeals have issued favorable decisions this summer supporting strong protections for cell phone location data. Specific...

09/23/2025

EPIC’s Jeramie Scott speaks to WIRED about DHS data exposure:

“[T]he relative lack of transparency of the Trump administration and DHS's hostility to oversight measures suggests that if a similar data breach occurred now, the public might never know.”

“"Everyone should be concerned about the fact that things like this happen, and oversight has only deteriorated since this incident occurred."”

Read more here:

A misconfigured platform used by the Department of Homeland Security left national security information—including some related to the surveillance of Americans—accessible to thousands of people.

09/22/2025

EPIC is proud to endorse the Algorithmic Accountability Act of 2025, introduced by Rep. Yvette Clarke (D-NY) last week. The bill takes critical steps to ensure transparency, accountability, and fairness when automated systems are used to make decisions in housing, employment, education, credit, and other high-impact areas.

We’re joined by a broad network of advocates in endorsing this bill: AI For the People, Color of Change, Consumer Federation of America, Demand Progress, and Lawyers’ Committee for Civil Rights Under Law.

To learn more about EPIC’s work on AI and automated decision-making, read here:

The bill would place important transparency and accountability requirements on entities that use automated decision systems in making critical decisions about people’s lives.

09/18/2025

EPIC's Sara Geoghegan will join a panel discussion on "Anticipated Trends for the Data Broker Industry and Enforcement" at The Capitol Forum's 2025 Tech Conference on October 1 at 1:30 p.m. The conversation will explore how data brokers collect, package, and monetize personal information, and how regulatory actions can increase transparency and accountability. Register here: https://lnkd.in/e8GYsUaR

09/16/2025

Yesterday, the EPIC Champions of Freedom 2025 event brought together leaders, advocates, and privacy experts to address one of the most pressing challenges of our time: combating digital authoritarianism.

We were delighted to be joined by a distinguished panel of speakers who offered crucial insights:

Rohit Chopra – Former Director of the Consumer Financial Protection Bureau and former Commissioner at the Federal Trade Commission
Sandeep Vaheesan – Legal Director at the Open Markets Institute and author of Democracy in Power
Mark Samburg – Senior Counsel at Democracy Forward and former CFPB Chief of Staff
Paromita Shah – Founding Executive Director of Just Futures Law
Ava Smithing – Advocacy Director at the Young People’s Alliance

Their perspectives highlighted both the threats posed by digital authoritarianism and the strategies we can pursue to strengthen democratic institutions, protect human rights, and ensure accountability in the digital age.

We thank our speakers and attendees for contributing to an important and timely discussion. We couldn't do this important work without your support: https://epic.org/donate-to-epic/

09/10/2025

Yesterday, the Ninth Circuit rejected NetChoice’s request for a preliminary injunction against key provisions of SB 976. Most notably, the court refused to enjoin the law’s ban on delivering addictive feeds to minors without parental consent. EPIC filed an amicus brief urging this outcome, which was joined by the Tech Justice Law Project and 18 leading law and technology experts.

As a result of the Ninth Circuit’s decision, the addictive feeds ban and the law’s private mode provisions can now take effect. This is a huge victory in the fight for kids’ safety online.

EPIC regularly files amicus briefs in landmark tech accountability cases and advises legislators on constitutional strategies to regulate harmful platform design.

Read the court's opinion: :https://epic.org/wp-content/uploads/2025/09/SB976-9th-Cir-Opinion.pdf

Read EPIC's brief:https://epic.org/wp-content/uploads/2025/03/EPIC-Amicus-Brief-NetChoice-v-Bonta-SB-976.pdf

09/10/2025

Secure your spot today, registration for the EPIC Champions of Freedom 2025 event is filling up quickly! Our event will be held on Monday, September 15, from 5:00 PM – 8:00 PM at the True Reformer Building in Washington, D.C.

We will bring together featured speakers to offer insights and strategies about how we can work together to combat digital authoritarianism:

Rohit Chopra – Former Director of the Consumer Financial Protection Bureau and former Commissioner on the Federal Trade Commission
Sandeep Vaheesan – Legal Director at the Open Markets Institute and author of Democracy in Power: A History of Electrification in the United States
Mark Samburg – Senior Counsel at Democracy Forward and former CFPB Chief of Staff
Paromita Shah – Founding Executive Director of Just Futures Law
Ava Smithing – The Advocacy Director at the Young People’s Alliance

After the presentation, we will continue the conversation over refreshments at the reception. Doors open at 5PM and the speaking program will be begin promptly at 5:30PM. The speakers will also be live-streamed for registrants who cannot attend in person. Dress is business/cocktail attire.

This event is designed as a widely attended event under Congressional ethics rules. Expected attendance is approximately 200-225 people, including from advocates, government officials, Hill and agency staff, and academics. The fair market value of each ticket is $50.

Register at epic.org/sept15
If you have any questions about the event, please reach out to events@epic.org.

09/09/2025

EPIC's Sara Geoghegan will be speaking on GW's Ethical Tech Initiative and the GW Center for Law and Technology's panel discussion on the legal landscape of reproductive data privacy. We invite you to attend tomorrow Sept 10 at 12 p.m. and be part of the dialogue on protecting privacy rights!

09/09/2025

⚙️ Recently, Meta announced that it would be turning to AI to assess risks of new products and features. This is a move by Meta to offload its responsibility to its users by using “AI” as cover.
https://www.npr.org/2025/05/31/nx-s1-5407870/meta-ai-facebook-instagram-risks

As our blog post explains, conducting thorough risk assessments before deploying new products requires understanding of the context in which the product will be deployed, going beyond a technical assessment of the feature.

AI is not suited for assessing new products and the novel harms they might pose to users. AI is a pattern-recognizer and replicator, meaning that it will merely repeat the way Meta has approved products previously.

AI’s pattern-replication is a problem here—Meta’s track record on pushing out features that cause harm to users and society at large is terrible. Using AI to assess risks means replicating and automating the lax risk assessment practices Meta has engaged in for years.

To read more on how risk assessments should be conducted (spoiler alert: not using AI!), see our report here → https://epic.org/assessing-the-assessments/

And to read more in-depth about why Meta turning to AI is dangerous and how Meta’s leadership should take responsibility for the harms its products cause, see our post here → https://epic.org/does-meta-care-about-user-safety-its-turn-away-from-humans-to-ai-for-risk-assessments-says-no/

Despite increasing skepticism by the public and ongoing criticisms of unsafe, privacy-violating products, Meta recently announced that it is turning to AI to conduct risk assessments of new features and products. This move is the latest example of a Big Tech company avoiding responsible AI developme...

08/20/2025

EPIC joins 13 other advocacy organizations in sending a letter urging the to investigate Grok’s “Spicy Mode.” The feature allows users to easily create and distribute Non-Consensual Intimate Imagery, potentially violating and age verification laws. Learn more and read our full letter ➡️:

08/18/2025

🗓️ SAVE THE DATE: The EPIC Champions of Freedom 2025 will be held on Monday, September 15, from 5:00 PM – 8:00 PM at the True Reformer Building in Washington, D.C. EPIC established the Champions of Freedom Awards in 2004 to honor individuals and organizations that have worked to safeguard the right to privacy, open government, and democratic values with courage and integrity. RSVP at epic.org/sept15.

This year will be a bit different. Instead of giving out awards, we will bring together featured speakers to offer insights and strategies about how we can work together to combat digital authoritarianism. After the presentation from our featured speakers, we will continue the conversation over refreshments at the reception. Doors open at 5 PM and the speaking program will be begin promptly at 5:30 PM.

This event is designed as a widely attended event under Congressional ethics rules. Expected attendance is approximately 200-225 people, including from advocates, government officials, Hill and agency staff, and academics. The fair market value of each ticket is $50. The speakers will also be live-streamed for registrants who cannot attend in person. Dress is business/cocktail attire.

If you have any questions about the event, please reach out to events@epic.org.