Daily updates on privacy stories in the news.

Defend Privacy. Support EPIC.

Supreme Court to Rule on Privacy of Hotel Records

Today the Supreme Court agreed to hear Los Angeles v. Patel, a challenge to a local ordinance that allows police to inspect hotel guest registries without a warrant or judicial supervision. A federal appeals court ruled that the LA law was "facially" unconstitutional because the authority could violate the Fourth Amendment. The Supreme Court will consider both the scope of privacy protections for hotel guests and also whether the Fourth Amendment prohibits laws that allow unlawful searches. The second issue has far-reaching consequences because many recent laws authorize the police searches without judicial review. Thus far, courts have only considered "as applied" challenges on a case-by-case basis. EPIC will likely file an amicus brief in the Supreme Court case in support of the decision of the federal appeals court. For more information, see EPIC: Los Angeles v. Patel and EPIC: Amicus Briefs.

Obama Issues Executive Order to Strengthen Consumer Privacy

President Obama signed an Executive Order today to Improve the Security of Consumer Financial Transactions. The Order will require enhanced security features for government financial transactions, including chip-and-PIN technology which has greatly reduced financial fraud and identity crimes in Europe. The Executive Order states that "the Government must further strengthen the security of consumer data and encourage the adoption of enhanced safeguards nationwide in a manner that protects privacy and confidentiality..." The White House also announced a series of measures to safeguard consumer financial security, including more secure payment systems, efforts to reduce identity theft and support "algorithmic transparency." EPIC has endorsed many of these proposals. The White House also announced a summit on cybersecurity and consumer protection. For more information, see EPIC: "Cybersecurity and Data Protection in the Financial Sector" (House 2011), EPIC: "Cybersecurity and Data Protection in the Financial Sector" (Senate 2011), and EPIC: Identity Theft.

Data Protection Commissioners Urge Limits on "Big Data"

The International Data Protection Commissioners have adopted a resolution on Big Data. The resolution endorses several privacy safeguards, including purpose specification, data minimization, individual data access, anonymization, and meaningful consent when personal data is used for big data analysis. The data protection commissioners also passed a resolution supporting the UN High Commissioner's report on Privacy in the Digital Age and the Mauritius Declaration on the Internet of Things. Earlier this year, EPIC joined by 24 organizations petitioned the White House to accept public comments on its review of Big Data and the Future of Privacy. EPIC also submitted extensive comments detailing the privacy risks of big data and calling for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. For more information, see EPIC: Big Data and EPIC: Internet of Things.

EPIC Obtains New Documents About Lack of Student Privacy Enforcement

EPIC has obtained new documents from the Department of Education detailing parent and student complaints about the misuse of education records. The Department released the documents in response to an EPIC Freedom of Information Act request. EPIC is expecting to receive more documents about the agency's enforcement of the Family Educational Rights and Privacy Act. Other documents that EPIC has uncovered reveal that schools and districts have disclosed students' personal records without consent, possibly in violation of the federal student privacy law. The documents also reveal that the Department failed to investigate many FERPA complaints. For more information, see EPIC: Department of Education's FERPA Enforcement, EPIC: Student Privacy, and EPIC: Open Government.

Italy Launches Internet Bill of Rights

The Italian Parliament has proposed a Declaration of Internet Rights. The Declaration addresses a wide range of issues including Internet Access, Protection of Personal Data, Anonymity, the Right to be Forgotten, and Internet Governance. Italy, currently chair of the European Council, plays a leading role in European Union policy in 2014 and has made progress on data protection as a top priority. EPIC spoke earlier this year to the Italian Parliament about the need for a strong framework to protect the rights of Internet users. For more information, see Civil Society Seoul Declaration and Madrid Privacy Declaration.

Japan Adopts "Right to Be Forgotten"

A Japanese court has ordered Google to delete about half of the search result for a man linked to a crime he didn't commit. Judge Nobuyuki Seki of the Tokyo District Court said that the search results "infringe personal rights," and had harmed the plaintiff. A recent poll also found that 61 percent of Americans favor the EU Court of Justice decision regarding the right to be forgotten. And Canada is now debating the establishment of a similar legal right. For more information, see EPIC: Right to Be Forgotten,] EPIC: Public Opinions and Privacy, and EPIC: Expungement.

Supreme Court Strikes Down Voter ID Law

The US Supreme Court has ruled that officials in Wisconsin may not requires voters to present photo ID before voting in an upcoming election. A federal court in Texas also struck down a state voter ID requirement saying it disproportionately burdened minority voters. In 2007 EPIC raised similar arguments in an amicus brief for the US Supreme Court in Crawford v. Marion County. EPIC said of the Indiana ID law, “Not only has the state failed to establish the need for the voter identification law or to address the disparate impact of the law, the state’s voter ID system is imperfect, and relies on a flawed federal identification system.” The Supreme Court upheld the law. Justice Souter dissented, saying “this statute imposes a disproportionate burden upon those without” government-issued photo IDs. For more information, see EPIC: Voter Photo ID and Privacy and EPIC: Voting Privacy.

NSA Releases "12333" Report, Fails to Address Bulk Collection

The NSA released a privacy report on its surveillance activities under 12333, an Executive Order that provides broad authority for data collection. But the report only addresses a narrow aspect of the EO 12333 collection - protections for U.S. persons in the context of targeted signal intelligence activities. The report fails to address bulk collection or privacy protections for non-U.S. persons. A previously disclosed internal audit revealed that the NSA violated both legal rules and privacy restrictions thousands of times each year since 2008. Another document shows how NSA analysts are trained to avoid giving "extraneous information" to their "FAA overseers" when they want to target an individual. The NSA privacy report did not address these previous violations. Earlier this year, EPIC urged the Privacy and Civil Liberties Oversight Board to review the surveillance activities conducted under EO 12333. EPIC is also pursuing several FOIA matters to learn more about the use of 12333 authorities. For more information, see EPIC: Executive Order 12333.

At OECD Global Forum, EPIC Urges "Algorithmic Transparency"

Speaking to delegates at the OECD Global Forum for the Knowledge Economy in Tokyo, EPIC President Marc Rotenberg urged OECD member countries to endorse "algorithmic transparency," the principle that data processes that impact individuals be made public. Mr. Rotenberg explained that companies are too secretive about what they collect and how they use personal data. Mr. Rotenberg also spoke about the growing risk of identity theft and cited the recent data breaches at Target, Home Depot, and JP Morgan, and urged OECD countries to update privacy laws. Earlier this year, EPIC submitted extensive comments on the White House's review of "Big Data and the Future of Privacy." EPIC called for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. For more information, see EPIC - Big Data, The Public Voice, CSISAC.