Focusing public attention on emerging privacy and civil liberties issues

Federal Trade Commission

Latest News

  • FTC Adds Google+ to Antitrust Investigation: Bloomberg News has reported that the Federal Trade Commission has expanded its antitrust investigation of Google to include Google's social networking service, Google+. The report comes after Google announced that it would include personal data gathered from Google+ in the results of users' searches, a move that led EPIC to urge the FTC to investigate the company. EPIC said that "Google's business practices raise concerns related to both competition and the implementation of the Commission’s consent order," referring to a settlement that the FTC reached with Google that establishes new privacy safeguards for users of all Google products and services and subjects the company to regular privacy audits. Google first confirmed the FTC’s antitrust investigation in June 2011. Recently, the Senate held a hearing on Google's use of its dominance in the search market to suppress competition, and EPIC urged the Federal Trade Commission to investigate Google's use of Youtube search rankings to give preferential treatment to its own video content over non-Google content. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission. (Jan. 13, 2012)
  • EPIC Urges FTC Investigation into Facebook Timeline: EPIC sent a letter requesting that the Federal Trade Commission determine whether changes Facebook has made to the profiles of its users are consistent with the terms of a settlement reached between Facebook and the FTC. EPIC's letter states that "with Timeline, Facebook has once again taken control over the user's data from the user and has now made information that was essentially archived and inaccessible widely available without the consent of the user." The settlement requires Facebook to give users clear and prominent notice and obtain users' express consent before changing their privacy settings. EPIC sent a similar letter to the FTC about Timeline and the secret tracking of users in September 2011. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement. (Dec. 28, 2011)
  • EPIC Submits Comments on FTC Facebook Privacy Settlement: EPIC submitted comments to the FTC on a proposed settlement with Facebook. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 over Facebook’s decision to change its users' privacy settings in a way that made users' personal information more widely available to the public and to Facebook's business partners. The settlement bars Facebook from changing privacy settings without the affirmative consent of users or misrepresenting the privacy or security of users' personal information. However, EPIC said that the settlement is "insufficient to address the concerns originally identified by EPIC and the consumer coalition, as well as those findings established by the Commission." In order to address the issues raised by the complaints, respond to recent changes in Facebook's business practices like Timeline, and fulfill the FTC's duty to act in the public interest, EPIC recommended that the settlement be improved. Specifically, EPIC recommended that the FTC require Facebook to restore the privacy settings users had in 2009; give users access to all of the data that Facebook keeps about them; stop making facial recognition profiles without users' consent; make the results of the government privacy audits public; and stop secretly tracking users across the web. For more information, see EPIC: Facebook Privacy, and EPIC: FTC Facebook Settlement. (Dec. 28, 2011)
  • EPIC Submits Comments on Children's Online Privacy Rule: EPIC submitted comments to the FTC on a proposed rule for the Children's Online Privacy Protection Act. The proposed rule would revise the definition of Personally Identifiable Information to include identifiers such as cookies, IP addresses, and geolocation information. The new rules also contain data minimization and deletion requirements and simplified methods of obtaining parental consent for data collection. "The proposed revisions update the COPPA Rule by taking better account of the increased use of mobile devices by users and of new data collection practices by businesses," EPIC said. However, EPIC urged the FTC to further improve the rule by applying it to SMS and MMS messaging services, extending the definition of "personal information" to cover the combination of date of birth, gender, and ZIP code, and adding a data-breach notification requirement. EPIC previously testified before the Senate and filed comments with the agency. For more information, see EPIC: Children's Online Privacy Protection Act and EPIC: Federal Trade Commission. (Dec. 22, 2011)
  • Senate Opens Investigation Into Google Search: Senator Herb Kohl (D-WI) and Mike Lee (R-UT), Chairman and Ranking member of the Judiciary Antitrust Subcommittee, have sent a letter to FTC Chairman Jon Leibowitz, expressing concern about Google's business practices and the company's impact on competition in Internet search and commerce. In September, EPIC wrote to the FTC and described how Google biased YouTube search rankings to give preferential treatment to its own content following the acquisition of the Internet's largest video service provider. The EPIC letter preceded a Senate hearing on "The Power of Google: Serving Consumers or Threatening Competition?" EPIC testified before the Senate Antitrust Subcommittee in 2007 on Google's growing dominance of essential Internet services. (Dec. 20, 2011)
  • EPIC Launches Campaign Urging Public Comment on Facebook Privacy Settlement: EPIC launched the "Fix FB Privacy Fail" campaign to encourage the public to support improvements to a settlement between Facebook and the FTC. The settlement follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010 over Facebook’s decision to change its users' privacy settings in a way that made users' personal information more widely available to the public and to Facebook's business partners. Although the proposed settlement is far-reaching, there are several ways in which it could be improved. EPIC has recommended that the FTC require Facebook to restore the privacy settings users had in 2009; give users access to all of the data that Facebook keeps about them; stop making facial recognition profiles without users' consent; make the results of the government privacy audits public; and stop secretly tracking users across the web. The period for public comment on the proposed settlement ends on December 30. The campaign also allows users to sign on to the petition without using Facebook. For more information, see EPIC: FTC Facebook Settlement. (Dec. 13, 2011)
  • Federal Trade Commission Releases 2011 Do Not Call List, Warns of Do Not Call Scams: The FTC has released the 2011 National Do Not Call Registry Data Book, which includes extensive information on the Do Not Call Registry as well as tips for consumers. Over 209 million telephone numbers are now listed on the Do Not Call Registry. In 2011, over 2 million consumers filed complaints over unwanted telemarketing calls. In announcing the Data Book, the FTC also warned consumers that scammers are calling consumers and claiming to sign them up for the National Do Not Call Registry. The FTC said that these calls were not coming from the Commission or the Registry, and that consumers should ignore them. For more information, see EPIC: Federal Trade Commission, or EPIC: Telemarketing and the Telephone Consumer Protection Act. (Dec. 5, 2011)
  • Federal Trade Commission Announces Settlement in EPIC Facebook Privacy Complaint: The Federal Trade Commission has announced an agreement with Facebook that follows from complaints filed by EPIC and other consumer and privacy organizations in 2009 and 2010. In 2009, the EPIC first asked the FTC to investigate Facebook's decision to change its users' privacy settings in a way that made users' personal information, such as Friend lists and application usage data, more widely available to the public and to Facebook’s business partners. The violations are also detailed in the FTC’s 8-count complaint against the company. The proposed settlement agreement bars Facebook from making future changes privacy settings without the affirmative consent of users and requires the company to implement a comprehensive privacy protection program and submit to independent privacy audits for 20 years. The settlement does not adopt EPIC's recommendation that Facebook restore users' privacy settings to pre-2009 levels. Facebook CEO Mark Zuckerberg reacted to the settlement in a post on Facebook's blog, saying that he was "first to admit that we've made a bunch of mistakes." For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission. (Nov. 29, 2011)
  • Federal Trade Commission to Announce Settlement in EPIC Facebook Privacy Complaint: The Federal Trade Commission has scheduled a 1:00 pm EDT press conference to announce a privacy settlement with Facebook, following a complaint that was filed by EPIC and other consumer and privacy organizations. More news to follow. (Nov. 29, 2011)
  • FTC Releases Agenda for Facial Recognition Workshop: The Federal Trade Commission has announced the agenda and panelists for a workshop exploring the privacy and security issues raised by the increased use of facial recognition technology. The workshop will be held December 8, 2011 at the FTC Conference Center, and will feature diverse panelists with consumer protection, privacy, business, international, and academic backgrounds. EPIC Senior Counsel John Verdi will speak on the panel "Facial Detection & Recognition: Exploring the Policy Implications." EPIC has a complaint pending before the FTC over Facebook's use of facial recognition technology to build a secret database of users' biometric data and to enable the company to automatically tag users in photos. For more information, see EPIC: In re Facebook, and EPIC: Federal Trade Commission. (Nov. 22, 2011)
  • FTC Publishes Performance Report: The Federal Trade Commission has issued the 2011 Performance and Accountability Report. The report summarizes the agency’s accomplishments, shows how the agency has managed its resources, and explains how it plans to address future changes. According to the FTC, during 2011 the agency exceeded its privacy goals by providing 52 comments to foreign consumer protection and privacy agencies, conducting 14 technical assistance missions, and hosting one international consumer protection fellow. The agency’s privacy goals for the coming year include "issu[ing] a final report on protecting consumer privacy," and "examin[ing] malware and spyware threats to mobile devices . . . and malware distributed through social networks." The FTC report made no mention of several pending complaints, including EPIC's 2009 complaint regarding the changes by Facebook to its users' privacy settings. For more information, see EPIC: Federal Trade Commission and EPIC: Facebook and Facial Recognition. (Nov. 22, 2011)
  • WSJ: Facebook Close to Settlement with FTC over EPIC Complaint : The Wall Street Journal reports that the Federal Trade Commission is finalizing a settlement with Facebook that follows from a complaint from EPIC and a coalition of US consumer and privacy organizations. In 2009, the organizations urged the Commission to investigate Facebook's decision to change its users' privacy settings which made the personal information of Facebook users more widely available to Facebook's business partners and the public. According to the Wall Street Journal, the settlement would require Facebook to obtain "express affirmative consent" if Facebook makes "material retroactive changes," and to submit to independent privacy audits for 20 years. For more information, see EPIC: In re Facebook, EPIC: Facebook Privacy and EPIC: Federal Trade Commission. (Nov. 10, 2011)
  • EPIC Files Complaint, Urges FTC to Investigate Verizon's Recent Changes to Privacy Practices: EPIC filed a complaint with the Federal Trade Commission charging that Verizon Wireless has engaged in unfair and deceptive trade practices in violation of consumer protection law. After consumers entered into long-term contracts with Verizon Wireless, the company changed its business practices, and revealed detailed personal information of its customers, including location data, web browsing and search histories, and demographic data, to other companies EPIC also charges that Verizon Wireless has failed to establish adequate techniques to deidentify its customers. "Such practices are unfair and deceptive, contrary to the privacy and security interests of Verizon Wireless customers, and actionable by the Federal Trade Commission," the complaint states. EPIC's complaint regarding Facebook's facial recognition is still pending before the FTC. (Oct. 31, 2011)
  • EPIC-Led Coalition Calls for FTC Facebook Investigation: EPIC, joined by other privacy, consumer, and civil liberties groups, which include the American Civil Liberties Union, Consumer Action, American Library Association, and the Center for Digital Democracy asked the Federal Trade Commission to investigate Facebook. Facebook had been secretly tracking users after they logged off of Facebook’s webpage, and had recently announced changes in business practices that “[gave] the company far greater ability to disclose the personal information of its users to its business partners...” EPIC’s complaint regarding Facebook’s facial recognition is still pending before the FTC. For more information, see EPIC: Facebook Privacy and EPIC: Federal Trade Commission. (Sep. 29, 2011)
  • Lawmakers Say Undeletable Supercookies Raise "Serious Privacy Concerns": Representatives Joe Barton (R-TX) and Ed Markey (D-MA) wrote a letter asking the FTC to investigate whether the use of "supercookie" - cookies placed on users' computers by websites such as Hulu.com that cannot be deleted -constitutes an unfair or deceptive business practice. The representatives called this kind of tracking "unacceptable" and said that the cookies "take away consumer control over their own personal information." EPIC had earlier opposed the White House's use of persistent Google Analytics cookies that track users for up to two years and supported opt-in requirements for Internet tracking techniques that are transparent for the user and easily disabled. For more information, see EPIC: Cookies and EPIC: Federal Trade Commission. (Sep. 27, 2011)
  • Senate Holds Hearing on Google’s Anticompetitive Practices: Today's Senate Judiciary Committee hearing "The Power of Google: Serving Consumers or Threatening Competition?” examined Google’s use of its dominance in the search market to suppress competition. The company’s executive chairman, Eric Schmidt, testified on the first panel, while witnesses from Google’s rivals Yelp and Nextag appeared on the second panel. The hearing covered a wide range of issues, including search bias, Google’s proprietary search algorithm, and the downgrading of search rankings. EPIC testified before the the same committee in 2009 on Google’s growing dominance of essential Internet services, and recently sent a letter to the Federal Trade Commission regarding Google’s biasing of Youtube search rankings to give preferential treatment to its own video content. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission. (Sep. 21, 2011)
  • Federal Trade Commission Proposes New Rules for Children’s Online Privacy: Today the FTC proposed new rules for the Children’s Online Privacy Protection Act. The FTC rules would revise the definition of Personally Identifiable Information to include identifiers such as cookies and IP addresses, video and audio files containing a child's image or voice, and geolocation information. The new rules also contain data minimization and deletion requirements that promote Internet security, as well as simplified methods of obtaining parental consent for data collection, such as electronic submission and video verification. EPIC Executive Director Marc Rotenberg said that the proposed rules were "a well-reasoned and innovative approach to online privacy." EPIC had previously testified before the Senate and submitted comments to the agency. EPIC’s complaint regarding Facebook’s facial recognition is still pending before the FTC. For more information, see EPIC: Children’s Online Privacy. (Sep. 15, 2011)
  • US and European Consumer Groups Oppose Latest Industry Proposal for Self-Regulation: The Transatlantic Consumer Dialogue has sent a letter to U.S. and European Union officials, urging them to reject an advertising industry proposal to protect online privacy through self-regulation. The industry proposal relies on opt-out techniques that force consumers to click on small icons, hidden on the websites they visit. The TACD letter described the icon regime as “inadequate,” and said that it “is an insufficient means of [giving] notice to a user about the wide range of data collection that they routinely face.” In 1998, EPIC conducted the first evaluation of industry self-regulation to protect online privacy and concluded that "Notice is Not Enough." For more information, see EPIC: Online Tracking and Behavioral Profiling, and EPIC: FTC. (Sep. 9, 2011)
  • EPIC Urges FTC to Examine YouTube Search Rankings Following Google Acquisition: EPIC sent a letter to the FTC urging the Trade Commission to investigate the extent to which Google has used its dominance in the search market to influence the marketplace of online video content. EPIC pointed specifically to the Google acquisition of YouTube and the change in the YouTube search rankings that followed. EPIC said that Google substituted its own subjective, "relevance" ranking in place of objective search criteria, such as "Hits" or "Rankings," to preference Google's own video material over non-Google material. EPIC's letter includes detailed examples using the search term "privacy." Google has acknowledged that the Commission has opened an investigation into the company's business practices for possible antitrust violations. EPIC previously testified before the Senate Judiciary Antitrust Subcommittee on Google's growing dominance of essential Internet services. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission. (Sep. 8, 2011)
  • EPIC Settles Street View Case with Trade Commission: EPIC and the Federal Trade Commission have agreed to settle an open government lawsuit concerning the FTC's decision to close the investigation of Google Street View. EPIC sought documents from the Commission after Members of Congress had urged the agency to pursue an aggressive investigation and many privacy agencies around the world found that Google violated national privacy laws. The agency turned over to EPIC agency records which suggested that the agency believed it lacked enforcement authority. However, the closing letter in the case also indicated that the Commission never undertook an independent investigation to determine whether other violations of law may have occurred. The case is EPIC v. FTC, No. 11-cv-00881 (D.C. Dist. Ct 2011). For more information, see EPIC: Google Street View. (Aug. 26, 2011)
  • FTC Finds Mobile Phone App Violated Children's Privacy Law: W3 Innovations, a company that develops mobile phone games, settled charges with the Federal Trade Commission for violations of the Children's Online Privacy Protection Act (COPPA). In the first settlement concerning a mobile application, the Commission imposed a fine of $50,000 against the company for "illegally collecting and disclosing personal information from tens of thousands of children under age 13 without their parents prior consent." EPIC previously testified before the Senate Commerce Committee and submitted comments to the FTC on the need to update COPPA and to clarify the law's application to mobile and social networking services. EPIC also has pending complaints at the FTC regarding Facebook's facial recognition program and changes Facebook made to user privacy settings. For more information, see EPIC: FTC and EPIC: COPPA. (Aug. 16, 2011)
  • Federal Trade Commission Launches Google Antitrust Investigation: Google has acknowledged that the Federal Trade Commission has opened an investigation into the search company's business practices for possible antitrust violations. The investigation likely focuses on whether Google uses its dominance in the search field to inhibit competition in other areas. EPIC had previously opposed Google's acquisition of online advertiser Doubleclick, which was approved by the FTC over the objection of then Commissioner Pamela Harbor. EPIC later testified before the Senate Judiciary Antitrust Subcommittee on Google's growing dominance of essential Internet services. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission. (Jun. 27, 2011)
  • FCC and FTC Announce Public Meeting on Locational Privacy: The Federal Communications Commission and the Federal Trade Commission will co-host a Location Based Services Forum on June 28, 2011. The event will include representatives from industry, consumer advocacy groups, and academia discussing the benefits and risks of location based services and industry best practices. The agencies are calling for public comment on location based services. EPIC previously submitted comments to the FCC on locational privacy in 2001 and 2006, requesting that the Commission establish guidelines for the protection of users' locational privacy. In 2010, EPIC specifically warned two Congressional committees about the privacy risks of location services in mobile phones. For more information, see EPIC: Locational Privacy. (May. 25, 2011)
  • EPIC Briefing to Explore Google Street View and Wi-Fi Privacy: EPIC will host a Capitol Briefing on Wednesday, May 18, 2011 on "Street View, Privacy, & the Security of Wireless Networks." The luncheon symposium will feature a panel with FTC Director of Consumer Protection David Vladeck and Former FTC Commissioner Pamela Harbour, and other experts. Sky Hook CEO Ted Morgan will demonstrate Wi-Fi scanning. Many countries have launched investigations of Google Street View after investigators found that Google unlawfully collected Wi-Fi data and intercepted private communications traffic. EPIC has recommended that the US FCC undertake an investigation. The Briefing will be held at the Capitol Visitor’s Center in room HVC-201 from 11:30 am to 1:30 pm. Registration information. For More Information, see EPIC: Street View and EPIC: FTC and follow #wifiprivacy. (May. 17, 2011)
  • EPIC Sues Federal Trade Commission for Details on Spy-Fi Investigation: EPIC filed a Freedom of Information Act lawsuit against the Federal Trade Commission over the agency's failure to disclose to EPIC information about the FTC's decision to end the Google Spy-Fi investigation. EPIC is specifically seeking documents that the FTC widely circulated to members of Congress and their staff that provide the basis for the agency's decision. Privacy agencies around the world found that Google unlawfully intercepted private communications traffic. Yet documents obtained earlier by EPIC under the FOIA suggest that the FTC did not even examine the data Google gathered from private residential Wi-Fi routers in the United States. EPIC is hosting a Capitol Briefing on May 18th on "Street View, Privacy, and the Security of Wireless Networks." For more information, see EPIC: Street View and EPIC: FTC. (May. 12, 2011)
  • EPIC Proposes "Fair Information Practices" for Google: Today EPIC submitted detailed comments on a landmark privacy agreement that requires Google to adopt a "Comprehensive Privacy Plan" to safeguard the privacy and personal information of Internet users. In comments to the Federal Trade Commission, EPIC recommended that the FTC require Google to adopt and implement comprehensive Fair Information Practices, as part of the Privacy Program. EPIC also recommended encryption for Google's cloud-based services, new safeguards for reader privacy, limitations on data collection, and warrant requirements for data disclosures to government officials. EPIC said that similar privacy safeguards should be established for other Internet companies. The FTC investigation and settlement arises from a complaint filed by EPIC with the Commission in February 2010. For more information, see EPIC: In re Google Buzz and FTC - Public Comments on In Re Google. (May. 3, 2011)
  • Public Submits Comments on Proposed Google Consent Order: Today marks the end of the public comment period for the Federal Trade Commission's landmark Consent Order with Google regarding Buzz, Gmail, and all Google products and services. As part of the legal order, Google must adopt a "Comprehensive Privacy Plan" to safeguard its users data and personal information. EPIC launched an online petition and a "Fix Google Privacy" page to promote public participation in the FTC's deliberations. The FTC's action against Google follows a Complaint and an Amended Complaint, filed by EPIC on behalf of Gmail subscribers and other users. For more information, see EPIC: In re Google Buzz. (May. 2, 2011)
  • Senators Kerry and McCain introduce Internet Privacy Legislation: Senators John Kerry (D-MA) and John McCain (R-AZ) have introduced the "Commercial Privacy Bill of Rights Act of 2011," aimed at protecting consumers' privacy both online and offline. The Bill endorses several "Fair Information Practices," gives consumers the ability to opt-out of data disclosures to third-parties, and restricts the sharing of sensitive information. But the Bill does not allow for a private right of action, preempts better state privacy laws, and includes a "Safe Harbor" arrangement that exempts companies from significant privacy requirements. EPIC has supported privacy laws that provide meaningful enforcement, limit the ability of companies' to exploit loopholes for behavioral targeting, and ensure that the Federal Trade Commission can investigate and prosecute unfair and deceptive trade practices, as it did with Google Buzz. For more information, see EPIC: Online Tracking and Behavioral Profiling and EPIC: Federal Trade Commission. (Apr. 12, 2011)
  • EPIC Launches "Fix Google Privacy" Campaign: In response to the recent announcement that Google has agreed to adopt a "Comprehensive Privacy Plan," EPIC has launched "Fix Google Privacy," a campaign to encourage Internet users to offer their suggestions to improve safeguards for Google's products and services. Submissions to EPIC will be forwarded to the Federal Trade Commission and considered by the agency as part of the final Privacy Plan. All comments must be sent before May 2, 2011. For more information, see EPIC - In Re Google Buzz and FTC - Analysis to Aid Public Comments. (Apr. 5, 2011)
  • FTC Releases Annual Report, Highlights Consumer Protection: The Federal Trade Commission released the 2011 Annual Report, which emphasized the agency's actions in the consumer protection and anti-trust areas. The agency highlighted its work on privacy, data security, and technology and noted the settlement of several privacy cases, including Echometrix, Lifelock, Twitter, and U.S. Search. EPIC filed a complaint with the Commission concerning Echometrix, and still has complaints pending regarding changes in Facebook's privacy settings and Google cloud computing. For more information, see EPIC: Federal Trade Commission. (Apr. 1, 2011)
  • FTC Announces Agreement in EPIC Google Buzz Complaint: The Federal Trade Commission has reached a agreement with Google regarding Buzz, the social network service launched in early 2010. The FTC action follows a complaint and an amended complaint filed by EPIC on behalf of Gmail subscribers and other Internet users. The FTC agreement with Google is far-reaching. It is the most significant privacy decision by the Commission to date. For Internet users, it should lead to higher privacy standards and better protection for personal data. EPIC has pursued similar successful complaints at the FTC in the past, including Microsoft Passport and Choicepoint, the databroker firm. For more information, see EPIC - In re Google Buzz. (Mar. 30, 2011)
  • Senate Antitrust Agenda Includes Google, FTC Oversight: Senator Kohl (D-WI) has announced the agenda for the Senate Subcommittee on Antitrust, Competition Policy, and Consumer Rights. Among other issues, the Subcommittee will focus on competition in online markets and internet search, as well as oversight of the Justice Department and the Federal Trade Commission. EPIC had opposed Google's acquisition of online advertiser Doubleclick, which was approved by the FTC over the objection of former FTC Commissioner Pamela Harbor. EPIC later testified before the Antitrust committee on Google's growing dominance of essential Internet services. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission. (Mar. 14, 2011)
  • EPIC Says FTC Has Failed to Safeguard Consumer Privacy: In response to a request for comments on an FTC report on future action, EPIC criticized the Commission for failing to act on numerous privacy complaints currently pending before the Commission, including those involving Facebook privacy settings, Google Buzz, and Cloud Computing Services. EPIC recommended a comprehensive federal privacy law based on Fair Information Practices, support for Privacy Enhancing Technologies, and the establishment of an independent privacy agency.  The FTC report recommended the creation of a Do Not Track mechanism, the adoption of "privacy by design" techniques, and the use of simplified consumer privacy notices. For more information, see EPIC - Federal Trade Commission. (Feb. 18, 2011)
  • EPIC Pursues Investigation of FTC's Spy-Fi Noninvestigation: EPIC has filed an administrative appeal with the Federal Trade Commission, challenging the agency's failure to disclose to information about the FTC's decision to end the Google Spy-Fi investigation. EPIC is specifically seeking a slide presentation that the FTC provided to Congress about the matter. The agency has claimed that the presentation to Congress is exempt from disclosure under the Freedom of Information Act. Privacy agencies around the world found that Google intercepted private communications traffic. Yet documents obtained earlier by EPIC under the FOIA suggest that the FTC did not even examine the data Google gathered from private residential wifi routers in the US. For more information, see Google: Street View. (Feb. 11, 2011)
  • Federal Trade Commission Extends Deadline for Comments on Privacy Report: To provide business groups more time to express their views on consumer privacy, the FTC has extended the deadline for submitting comments on the agency's Internet privacy report to February 18th. The preliminary staff report "Protecting Consumer Privacy in an Era of Rapid Change: a Proposed Framework for Businesses and Policy Makers" recommends the creation of a Do Not Track mechanism, the adoption of "privacy by design" techniques, and the use of simplified consumer privacy notices. However, the FTC's report did not address the privacy implications of cloud computing and social networking, the need for a US privacy agency, or a comprehensive federal privacy law based on "Fair Information Practices," as privacy groups had urged. For more information, see EPIC: Federal Trade Commission and EPIC: Online Tracking and Behavioral Profiling. (Jan. 24, 2011)
  • FTC: Investigating Google Street View is a "waste of summer": In documents obtained by EPIC through a Freedom of Information Act request, a senior attorney with the Federal Trade Commission describes the Google WiFi investigation as a "wasted summer" and hopes that a Hill briefing on Google WiFi "won't be too much of a time suck." EPIC sought these documents after the FTC dropped its investigation of Google Streetview. Several countries, including the U.K., Germany, Spain, and Canada, have conducted similar investigations and determined that Google violated their privacy laws. In the U.S., the Federal Communications Commission opened an investigation after EPIC filed a complaint, asking the Commission to investigate violations of US wiretap law and the Communications Act. For more information, see EPIC: Google Street View. (Jan. 20, 2011)
  • Federal Trade Commission Recommends Do Not Track, Privacy by Design, and Short Privacy Notices: The Federal Trade Commission released a preliminary staff report on privacy, following a series of public roundtable discussions. The report recommends the establishment of a Do Not Track mechanism, the adoption of a "privacy by design" techniques, and the use of simplified consumer privacy notices. However, the FTC report did not address the privacy implications of cloud computing and social networking, the need for a US privacy agency, or a comprehensive federal privacy law based on "Fair Information Practices," as privacy groups had urged. For more information, see EPIC: Federal Trade Commission. (Dec. 2, 2010)
  • Wall Street Journal Confirms FCC Investigation of Google Street View Following EPIC Complaint: The Wall Street Journal reported today that the Federal Communications Commission has opened an investigation into Google's secretive interception and collection of wifi data collection. This occurred in thirty countries over a three year period and is linked to Google "Street View" vehicles which many thought simply captured digital images. In May, EPIC filed a complaint with the Commission, asking it to investigate Google's possible violations of federal wiretap law and the U.S. Communications Act. Investigations in other countries have revealed that Google secretly collected passwords, email, and sensitive medical data from millions of Internet users, and also built an extensive database of personal information associated with private residential wifi routers. The Federal Trade Commission recently ended its inquiry into Google Street View, even though members of Congress had urged a comprehensive investigation. For more information, see EPIC - Investigation of Google Street View. (Nov. 10, 2010)
  • FTC Appoints Executive Director, Chief Technology Officer: The Federal Trade Commission has announced that Eileen Harrington will be rejoining the Commission as the Executive Director. Harrington was recently the Chief Operating Officer at the U.S. Small Business Administration, following a 25-year stint at the Commission in a variety of positions. The Commission has also announced that Princeton University professor Dr. Edward W. Felton has been named as Chief Technologist, a new position that will focus on evolving technology and policy issues. Dr. Felten was the founding director for Princeton’s Center for Information Technology Policy. For more information, see EPIC: Federal Trade Commission. (Nov. 9, 2010)
  • Federal Trade Commission Closes Noninvestigation of Google Street View: The Federal Trade Commission has sent a letter to Google, ending an investigation that never began. In May, the Federal Trade Commission was asked by members of Congress to investigate Google's secretive collection of wifi data as part of Street View, a mapping program characterized by the collection of digital imagery. In a letter to Federal Communications Commission, EPIC further explained that Google's conduct likely violated federal wiretap law. Subsequent investigations in other countries revealed that Google secretly collected passwords, email, and sensitive medical data from millions of Internet users, and also built an extensive database of personal information associated with private residential wifi routers. However, the Federal Trade Commission never pursued an independent investigation of Street View, examined the data collected by Google in the United States, or even acknowledged the findings of other agencies. Investigations are still pending in several countries and 37 states in the U.S. For more information, see EPIC: Google Street View. (Oct. 27, 2010)
  • FTC Proposes Consent Decree in U.S. Search Case: The FTC is asking for comments on a proposed settlement of the agency's complaint against the company U.S. Search for deceptive practices. U.S. Search sold customers a "privacy lock" service that the company falsely claimed would prevent customers' personal information from appearing on the U.S. Search website. The proposed settlement requires U.S. Search to refund fees and bars the company from further deceptive practices, but does not stop them from charging a fee for an opt-out service. For more information, see EPIC: FTC. (Oct. 20, 2010)
  • EPIC Urges Federal Trade Commission to Strengthen Childrens' Privacy Rule: EPIC filed comments urging the Federal Trade Commission to improve the Childrens' Online Privacy Protection Act Rule. The rule is the principal federal protection for childrens' privacy, and limits how companies may collect and disclose childrens' personal information. "The need for the COPPA Rule has become increasingly urgent in light of new business practices and recent technological developments, such as social networking sites and mobile devices," EPIC wrote. "Existing provisions need to be strengthened and new provisions need to be added." In April, EPIC testified before Congress concerning childrens' privacy. For more, see EPIC: COPPA and EPIC: FTC. (Jul. 9, 2010)
  • Congressional Leaders Write to Google's Schmidt About "Spy-Fi": Congressmen Henry Waxman (D-CA), Joe Barton (R-TX), and Ed Markey (D-MA) have sent a detailed letter to Google CEO Eric Schmidt about the reports that Google Street View vehicles scarfed up Wi-Fi data in thirty countries, including the United States. The letter follows a complaint that EPIC has sent to the Julius Genachowski, chairman of the Federal Communications Commission, suggesting that Google may have violated federal wiretap laws. For more information, see Congress Urges FTC to Investigate Google. (May. 26, 2010)
  • New Facebook Privacy Complaint Filed with Trade Commission: Today, EPIC and 14 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection law. The complaint states that changes to user profile information and the disclosure of user data to third parties without consent "violate user expectations, diminish user privacy, and contradict Facebook’s own representations." The complaint also cites widespread opposition from Facebook users, Senators, bloggers, and news organizations. In a letter to Congress, EPIC urged the Senate and House Committees with jurisdiction over the FTC to monitor closely the Commission's investigation. The letter noted the FTC's failure to act on several pending consumer privacy complaints. For more information, see EPIC: Facebook Privacy. (May. 5, 2010)
  • EPIC Recommends Effective Consumer Privacy Standards, Calls Notice and Choice a "Failed Experiment": At the third FTC Privacy Roundtable, EPIC senior counsel John Verdi will recommend that the Commission push forward with effective and meaningful privacy safeguards for American consumers. Mr. Verdi will say that the "notice and choice" approach has failed, and will recommend that the FTC enforce Fair Information Practices, such as the OECD Privacy Guidelines. The discussion can be viewed via webcast. Additional information on the FTC roundtable event can be found here. For more information, see EPIC In re Google Buzz, EPIC In re Facebook, and EPIC In re Google and Cloud Computing. (Mar. 17, 2010)
  • Senate Confirms Julie Brill as FTC Commissioner: The Senate confirmed Julie Brill, former Vermont Assistant Attorney General, to fill a vacancy for FTC Commissioner. Brill served for over 20 years as Vermont’s Assistant Attorney General for Consumer Protection and Antitrust, and currently serves as Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice. Brill has had experience with several important consumer protection issues, including tobacco, food and drug, antitrust, and privacy and identity theft. Senator Leahy (D-VT) expressed support for Brill’s confirmation, proclaiming, “We again have an FTC that is on the side of the consumers. Julie Brill will help revitalize an FTC that has languished while consumers’ interests have given way to special interests.” (Mar. 4, 2010)
  • Federal Trade Commission Sets out Priorities But Lacks Strategy for Privacy Protection: The Federal Trade Commission released the Congressional budget justification summary for FY 2011 and performance plan for FY 2010-11. The FTC documents list three strategic goals: protect consumers, maintain competition, and advance performance. Objectives include improving consumer education, identifying and stopping “fraud, deception and unfair practices,” and “protecting American consumers in the global marketplace.” Although the FTC Implementation Plan includes the development of approaches to implement OECD Guidelines on consumer protection in the context of electronic commerce, there is no mention of implementing OECD Guidelines on privacy protection.  (Feb. 4, 2010)
  • EPIC Urges FTC to Protect Users' Privacy On Cloud Computing and Social Networking Services: EPIC submitted comments to the FTC prior to the agency’s second privacy roundtable. EPIC warned of the ongoing privacy risks associated with cloud computing and social networking privacy, highlighting the Google cloud computing complaint and Facebook privacy complaint filed by EPIC in 2009. The comments note that the FTC has failed to take any meaningful action with respect to either complaint, demonstrating the Commission's “lack of leadership and technical expertise.” EPIC's comments also draw attention to the success of international privacy initiatives, in hopes of encouraging the FTC to take meaningful action to protect American consumers. For more information, see EPIC: Cloud Computing and EPIC: Social Networking Privacy. (Jan. 28, 2010)
  • EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission: EPIC has filed a complaint with the Federal Trade Commission, urging the FTC to open an investigation into Facebook’s revised privacy settings. The EPIC complaint, signed by nine other privacy and consumer organizations, states that the  "changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations." EPIC cites widespread opposition from Facebook users, security experts, bloggers, and news organizations. A previous EPIC complaint to the FTC, concerning the data broker industry, produced the largest settlement in the FTC's history.  For more information, see EPIC: In re Facebook, Frequently Asked Questions Regarding EPIC's Facebook Complaint, and EPIC Facebook Privacy. EPIC PRESS RELEASE. (Dec. 17, 2009)
  • FTC Considers Emerging Privacy Concerns at First Privacy Roundtable: The Federal Trade Commission held the first of three privacy roundtables this week in Washington, DC. The well-attended event featured privacy and security experts from around the country, with each panel consisting of at least one industry representative and one privacy advocate. The failure of the current notice and choice model, the need to regulate behavioral targeting, concerns about government access to data, and the high privacy expectations of consumers were among recurring topics throughout the day. EPIC's Marc Rotenberg said it was important for the Commission to focus on emerging business practices and the impact on consumer privacy. The second privacy roundtable will be held on Data Privacy Day - January 28, 2010 - at the University of California, Berkeley School of Law. The FTC welcomes comments from the public in advance of the roundtable. (Dec. 9, 2009)
  • President Obama Nominates Brill and Ramirez for Federal Trade Commission: President Obama nominated Julie Brill and Edith Ramirez to be commissioners of the Federal Trade Commission. Brill, North Carolina’s top consumer advocate, serves as the senior deputy attorney general and chief of consumer protection and antitrust for the North Carolina Department of Justice. Ramirez, who specializes in intellectual property and complex litigation matters, is a partner in a Los Angeles, California law firm and has experience representing companies such as Mattel, Inc. and Northrop Grumman Corp. In a press release, President Obama stated, “These individuals bring a depth of experience to their respective roles, and I am confident they will serve my administration and the American people well. I look forward to working with them in the months and years ahead.” (Nov. 17, 2009)
  • EPIC to FTC: "Parental Control" Software Firm Gathers Data for Marketing: EPIC filed a complaint with the Federal Trade Commission against Echometrix, the developer of parental control software that monitors children’s online activity. Echometrix analyzes the information collected from children and sells the data to third parties for market-intelligence research. The EPIC complaint alleges that Echometrix engages in unfair and deceptive trade practices by representing that the software protects children online while simultaneously collecting and disclosing information about children's online activity. The complaint further alleges that Echometrix’s practices violate the Children’s Online Privacy Protection Act by collecting and disclosing information from children under the age of 13. The EPIC complaint asks the FTC to stop these practices, seek compensation for victims, and ensure that Echometrix’s collection and disclosure practices comply with COPPA. For more information on the Children’s Online Privacy Protection Act, see EPIC COPPA. (Sep. 29, 2009)
  • Federal Trade Commission to Host Privacy Roundtables: The Federal Trade Commission has announced a series of roundtables on consumer privacy, beginning December 7. These discussions will explore many issues, including consumer information collection, information management practices, new business practices, and the adequacy of existing privacy laws. Roundtable participants will include individuals from a wide range of related fields, including privacy and technology experts. The meetings are open and public comments are encouraged. EPIC has supported the FTC's privacy mission, but has also said that the agency needs to do a lot more to safeguard consumer privacy. For more information, see EPIC FTC page. (Sep. 16, 2009)
  • Trade Commission Prohibits Robocalls: The Federal Trade Commission is prohibiting commercial telemarketing calls to consumers after September 1, 2009. The agency amended the Telemarketing Sales Rule, which imposes a penalty of $16,000 per call, to cover sellers and telemarketers who transmit prerecorded messages to consumers who have not agreed in writing to accept such messages. The Telemarketing Rule is authorized under the Telemarketing and Consumer Fraud and Abuse Prevention Act. The new rule does not prohibit informational messages or calls by politicians, banks, telephone carriers, and charities. EPIC has urged the FCC to require strong privacy safeguards for telephone customers' personal information, and protect wireless subscribers from telemarketing. See also EPIC Telemarketing and Telephone Consumer Protection Act. (Aug. 28, 2009)
  • FTC Issues Final Breach Notification Rule for Electronic Health Information: The Federal Trade Commission issued a final rule requiring breach notification by vendors of medical records and related entities. In June, EPIC submitted comments recommending that all entities handling electronic health records be subject to the regulation and that the FTC should establish a central location to track and announce breaches. The FTC modified the rule accordingly. EPIC had also recommended that information "accessed" be treated as "acquired", substitute media notices be used as supplemental notification, verification of data breach notices be required, minimum security standards be created, penalties for violations be assessed, and the creation of "safe-harbors" for de-identified data be opposed. The rule was mandated under the American Recovery and Reinvestment Act. See EPIC Medical Privacy and EPIC Identity Theft. (Aug. 21, 2009)
  • Privacy and Consumer Groups Seek New FTC Commissioner: EPIC joined other privacy and consumer organizations on a letter to President Obama urging the appointment of a pro-consumer Commissioner to the Federal Trade Commission (FTC). The groups called for the appointment of someone with a “distinguished record of achievement in consumer affairs, with a demonstrated commitment to protecting the public.” The Commission has been one person short of its full membership since former Chair Deborah Platt Majoras left the agency last year. The President appointed Jon Leibowitz to serve as the current chair of the FTC. For more information, see EPIC’s page on the Federal Trade Commission. (Apr. 27, 2009)
  • Federal Trade Commission to Review EPIC Cloud Computing Complaint: The Federal Trade Commission will review EPIC's March 17, 2009 complaint, which describes Google's unfair and deceptive business practices concerning the firm's Cloud Computing Services. EPIC's complaint describes numerous data breaches involving user-generated information stored by Google, including the recently reported breach of Google Docs. EPIC's complaint "raises a number of concerns about the privacy and security of information collected from consumers online," federal regulators said. EPIC urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines. For more information, see EPIC's complaint to the FTC. EPIC's Cloud Computing Page. (Mar. 19, 2009)
  • EPIC Petitions FTC to Investigate Google, Cloud Computing Services: EPIC has formally asked the Federal Trade Commission to open an investigation into Google's Cloud Computing Services -- including Gmail, Google Docs, and Picasa -- to determine "the adequacy of the privacy and security safeguards." The petition follows the recent report of a breach of Google Docs. EPIC cited the growing dependence of American consumers, businesses, and federal agencies on cloud computing services, and urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines. (Mar. 17, 2009)
  • Trade Commission Issues Voluntary Guidelines for Online Tracking, Targeting, and Advertising: Today, the Federal Trade Commission released voluntary guidelines for Internet advertising and behavioral targeting. The guidelines set out four principles: "1) transparency and consumer control; 2) reasonable security and limited data retention for consumer data; 3) affirmative express consent for material retroactive changes to privacy promises; and 4) affirmative express consent to (or prohibition against) use of sensitive data." There is no means to enforce the guidelines, and Commissioners Jon Leibowitz and warned that they are insufficient to ensure consumers' privacy. Commissioner Harbour cautioned that the guidelines "focus too narrowly" and urged rulemakers to "take a more comprehensive approach to privacy." The guidelines are in part a response to EPIC's 2007 Complaint regarding the Google-Doubleclick merger raising concerns about the profiling of Internet users and the need to establish clear privacy safeguards as a condition of the merger. For more information, see EPIC's Complaint regarding the Google/DoubleClick merger and page Privacy? Proposed Google/DoubleClick Deal. (Feb. 12, 2009)
  • Consumer Groups Urge Trade Commission to Investigate Mobile Marketing: The Center for Digital Democracy and the U.S. Public Interest Research Group filed a complaint with the Federal Trade Commission to investigate the growing threat to consumer privacy in the mobile advertising world. Certain services track, analyze, and target the public and build secret profiles. Users are targeted based on their online behavior and their location. The complaint urges the Commission to define and clarify practices, review self-regulation, require notice and disclosure and also protect the public. Earlier, thirty Privacy Coalition members sent a letter to President-elect Barack Obama highlighting the importance of protecting consumer privacy in new network services. For more information, see EPIC's page on Privacy and Consumer Profiling. (Jan. 13, 2009)
  • EPIC Complaint Leads to Halt of Stalker Spyware Distribution. Following an EPIC complaint, a federal court has ordered CyberSpy Software to stop selling malicious computer software. In March, EPIC filed a complaint with the Federal Trade Commission alleging that the spyware purveyor engages in unfair and deceptive practices by: (1) promoting illegal surveillance; (2) encouraging "Trojan Horse" email attacks; and (3) failing to warn customers of the legal dangers arising from misuse of the software. The federal regulators agreed, and asked the court for a permanent injunction barring sales of CyberSpy's "stalker spyware," over the counter surveillance technology sold for individuals to spy on other individuals. The court entered a temporary restraining order on November 6, 2008. Further litigation is expected before the court rules on the government's request for a permanent ban. For more information, see EPIC's Personal Surveillance Technologies Page and Domestic Violence and Privacy Page. (Nov. 17, 2008)
  • EPIC Urges FTC to Establish Privacy Safeguards for RFID Tags. In comments to the Federal Trade Commission, EPIC reiterated recommendations (pdf) it made in 2004 to the consumer protection agency to address the risks to consumer safety of the unregulated use of RFID tags that reveal personal data. The FTC is hosting a "Transatlantic RFID Workshop on Consumer Privacy and Data Security" to discuss consumer concerns. The workshop follows an event, organized by the US Department of Commerce, promoting the benefits of RFID. Comments on RFID may be submitted to the FTC until October 23. For more, see EPIC's RFID Privacy page. (Sept. 22, 2008).
  • Trade Commission Approves Data Breach Settlements, But Fails to Impose Monetary Penalties. The Federal Trade Commission has finalized settlements with TJX, Reed Elsevier, and Seisint. The settlements arose from data breaches, which exposed the sensitive personal information of over 500,000 consumers and resulted in millions of dollars in financial fraud. Earlier this year, EPIC filed comments with the FTC urging the Commission to include civil penalties in the settlements. EPIC wrote that civil penalties are necessary to provide incentives for companies to safeguard personal data. EPIC also noted that the FTC imposed $10 million in civil penalties in the Choicepoint case. The final agreements impose security and audit responsibilities, but no financial penalties. For more on data breaches and ID theft, see EPIC's Identity Theft: Its Causes and Solutions Page. (Aug. 4, 2008)
  • EPIC v. FTC: EPIC Obtains Documents Detailing Conflict of Interest in Google-Doubleclick Merger Review. Pursuant to a settlement in a Freedom of Information Act lawsuit against the Federal Trade Commission, EPIC has obtained documents detailing former FTC Chairman Deborah Platt Majoras' conflict of interest in the Google-Doubleclick merger review. Majoras headed the Commission's review of the proposed $3.1 billion Google acquisition while her spouse's law firm represented Doubleclick. A July 17, 2007 memorandum obtained by EPIC flatly contradicts Majoras' claim that "no one at the FTC" knew of the conflict "until the afternoon of Tuesday, December 11, 2007." In 2007 EPIC and the Center for Digital Democracy urged the FTC to establish privacy safeguards as a condition of the merger. One week prior to the Commission's decision to approve the merger without conditions, EPIC learned that the Jones Day law firm represented Doubleclick. EPIC then submitted Freedom of Information requests to determine the role of the Jones Day firm in the merger review. For more, see EPIC's EPIC v. FTC Page. (July 8, 2008)
  • FTC Issues Additional CAN-SPAM Rules, Fails to Regulate Third-Party List Brokers This week, the Federal Trade Commission approved new rules for CAN-SPAM, the federal anti-spam law. The Commission stated that consumers cannot be charged a fee to opt out of spam. The FTC also determined that third-party list brokers (companies that sell email lists to spammers) are not subject to CAN-SPAM's opt-out requirements. In 2005, EPIC urged the FTC to impose opt-out requirements on third-party list brokers. EPIC stated that this requirement was consistent with CAN-SPAM's goal and was more effective than the present system, which requires consumers to opt out with individual companies. For more information, see EPIC's"SPAM - Unsolicited Commercial E-Mail Page." (May 15, 2008)
  • EPIC Urges Commission to Impose Civil Penalties in Data Breach Settlements. Today, EPIC filed comments with the Federal Trade Commission urging the FTC to include civil penalties in settlements with TJX, Reed Elsevier, and Seisint. The FTC recently concluded investigations of the companies' weak security policies, and reached preliminary settlements that would impose security and audit responsibilities, but no financial penalties. The FTC's investigations arose from the companies' unrelated 2004-2005 data breaches, which exposed the sensitive personal information of over 500,000 consumers and resulted in millions of dollars in alleged financial fraud. EPIC noted that civil penalties were necessary to provide incentives for companies to better safeguard personal consumer data in the future, and observed that the FTC imposed $10 million in civil penalties in the Choicepoint case. For more on data breaches and ID theft, see EPIC's Identity Theft: Its Causes and Solutions page. (Apr. 28, 2008)
  • EPIC Sues Trade Commission to Compel Disclosure of Documents Concerning Jones Day's Role in US Doubleclick Merger Review. Today, EPIC filed a Freedom of Information Act lawsuit (pdf) challenging the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The lawsuit follows EPIC's original request (pdf) and subsequent administrative appeal (pdf). During the FTC merger review, Jones Day publicly stated that it represented Doubleclick (pdf). After EPIC learned that Chairman Majoras' spouse is a Jones Day partner, EPIC moved for the recusal of the FTC Chairman, and emphasized that recusal had occurred in other similar matters involving conflicts of interest with the Jones Day firm. However, Chairman Majoras participated in the Google-Doubleclick review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy. (Mar. 14, 2008)
  • European Commission Approves Google-Doubleclick Merger, But European Privacy Laws Will Apply. The European Commission today approved the proposed Google-Doubleclick merger under its competition authority. Though the Commission did not consider privacy in the merger review, it did reaffirm the obligation of Google-Doubleclick to comply with European privacy laws. "The Commission's decision to clear the proposed merger is based exclusively on its appraisal under the EU Merger Regulation. It is without prejudice to the merged entity's obligations under EU legislation in relation to the protection of individuals and the protection of privacy with regard to the processing of personal data and the Member States' implementing legislation." Last year, EPIC filed a complaint (pdf) with the US Federal Trade Commission, urging the FTC to open an investigation into the proposed acquisition, specifically with regard to the ability of Google to record, analyze, track, and profile the activities of Internet users. In January testimony (pdf) before the European Parliament, EPIC urged the European Commission to establish privacy safeguards as a condition of the merger. See EPIC's Privacy? Proposed Google/Doubleclick Deal Page. (Mar. 11, 2008)
  • EPIC Urges Investigation of "Stalker Spyware". EPIC filed a complaint with the Federal Trade Commission against several purveyors of stalker spyware. Stalker spyware products are over the counter surveillance technologies sold for individuals to spy on other individuals -- and can be used by abusers to spy on their victims. The complaint alleges that these companies engage in unfair and deceptive practices by: (1) promoting illegal surveillance by abusers of their victims; (2) promoting "Trojan Horse" email attacks; and (3) failing to warn their customers of legal dangers of misuse of stalker spyware. The EPIC complaint asks the FTC to stop these practices, seek compensation for victims, and investigate other harms that stalker spyware may cause. For more information see EPIC's pages on Personal Surveillance Technologies, and Domestic Violence and Privacy. (Mar. 7, 2008)
  • Data Broker Merger Threatens Privacy. Reed-Elsevier, corporate parents of Lexis-Nexis, has made a move to acquire Choicepoint, the databroker. Consumer privacy will be seriously affected if the merger is approved without any privacy safeguards. The previous Google-Doubleclick merger involving two large databases of personal information similarly raised privacy as well as antitrust issues. Choicepoint is a large player in the commercial databroker market and has been the target of an EPIC privacy complaint and an FTC investigation and fine for the privacy harms its business practices cause. For more see EPIC's page on Choicepoint. (Feb. 21, 2008)
  • EPIC Challenges Trade Commission's Failure to Produce Documents Concerning Jones Day's Role in US Doubleclick Merger Review. In a Freedom of Information Act appeal(pdf), EPIC challenged the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The appeal follows EPIC's original request. During the FTC review, Jones Day publicly stated that it represented Doubleclick but later denied representing Doubleclick, after EPIC learned that Chairman Majoras' husband, John M. Majoras, is a Jones Day partner. EPIC moved for the recusal of the Chairman, and noted that recusal had occurred in other matters involving apparent conflicts of interest with the Jones Day firm. However, Chairman Majoras participated in the review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy. For more information, see EPIC's page Privacy? Proposed Google/Doubleclick Deal. (Feb. 13)
  • EPIC, Privacy Groups Renew Call for Investigation of Ask Eraser. EPIC filed a supplemental complaint (pdf) with the Federal Trade Commission today highlighting the ongoing consumer privacy threats posed by Ask.com's AskEraser product. The new complaint restates that Ask.com is engaging in an unfair and deceptive trade practice. Ask.com corrected one substantial problem with AskEraser following an earlier letter from EPIC, but EPIC makes clear in the new filing that Ask.com has failed to resolve the substantial threats to consumer privacy, and urges the FTC to move forward with an investigation. For more information, see the EPIC "Does Ask Eraser Really Erase?" Page. (Feb. 8, 2008)
  • Consumer Privacy Coalition Files FTC Complaint Against Ask.com. EPIC and five other groups filed a complaint (pdf) with the Federal Trade Commission alleging that Ask.com is engaging in unfair and deceptive trade practices with the representations concerning AskEraser, a search service that purports to protect privacy. Among the critical points highlighted by the consumer privacy coalition: (1) users must accept an AskEraser cookie and disable a genuine privacy feature in browsers that block cookies; (2) the AskEraser cookie is a unique persistent identifier that makes it easy for Ask.com, its business partners, and the government to track the activities of AskEraser users; and (3) Ask.com will disable the search delete feature -- the central purpose of the Ask Eraser service -- without notice to the user. The complaint follows a December letter (pdf) to Ask.com describing these security and privacy problems. (Jan. 19, 2008)
  • EPIC - "Federal Trade Commission failed to address the privacy implications of the Google-Doubleclick Merger". In a detailed statement issued today, EPIC said that the unique circumstances of the online advertising industry required the FTC to impose privacy safeguards as a condition of the Google- Doubleclick merger. EPIC said that the FTC "had reason to act and authority to act, and failed to do so." EPIC pointed out that the Commission ignored similar assessments from leaders in Congress and consumer protection agencies. EPIC said it would vigorously pursue Freedom of Information Act requests regarding the role of the Jones Day law firm in the merger review. EPIC concluded that the FTC's decision "does not end the discussion about competition and privacy protection in the context of merger review. Consumers around the world will be impacted by the business practices of the combined entity, and the consequences will have to be addressed." Attention turns next to a hearing before the European Parliament on January 21. EPIC has been invited to testify. (Dec. 20, 2008)
  • FTC Chair Dismisses Recusal Petition in Jones Day-Doubleclick Conflict of Interest Case, EPIC Files Expedited Open Government Request. FTC Chairman Deborah Majoras has refused to step down in the Commission's review of the Google-Doubleclick merger even though it was revealed this week that her husband's law firm is representing Doubleclick. EPIC and the Center for Digital Democracy have issued a statement. EPIC has also submitted a detailed Freedom of Information Act request seeking the expedited release of all documents concerning the participation of Jones Day in the Commission's review of Doubleclick as well as other matters involving consumer privacy. (Dec. 15, 2007)
  • EPIC, CDD Raise New Questions About FTC Chair's Possible Conflict of Interest. Today EPIC and the Center for Digital Democracy provided new information to the Federal Trade Commission concerning Jones Day's representation of Doubleclick in the pending merger review. The new filing makes clear that statements denying Jones Day participation in the matter are flatly contradicted by an earlier posting on the firm's web site. The EPIC/CDD filing also notes that the firm has subsequently removed the relevant web pages from its web site. The groups are filing a Freedom of Information Act request for all documents at the Commission regarding the matter and notifying Congressional oversight committees. See EPIC's page on Privacy? Proposed Google-DoubleClick merger. (Dec. 13, 2007)
  • Recusal of FTC Chairman Sought in Google-Doubleclick Case. In a motion (pdf) filed today with the Secretary of the Federal Trade Commission, EPIC and the Center for Digital Democracy seek the disqualification of FTC Chairman Deborah Platt Majoras from the pending review of the proposed Google-Doubleclick merger. The organizations recently learned that the husband of the FTC Chairman has taken on Doubleclick as a client for his Washington, D.C. law firm. See EPIC's page on Privacy? Proposed Google-DoubleClick Merger. (Dec. 12, 2007)
  • Leading Senators Urge Comprehensive Privacy Review of Proposed Google-Doubleclick Deal. In a letter (pdf) to the Federal Trade Commission, Senators Herb Kohl and Orrin Hatch, Chairman and Ranking Member of the Senate Judiciary Committee's Subcommittee on Antitrust, Competition Policy and Consumer Rights, urged the FTC to critically analyze the privacy and competition effects of Google's $3.1 billion proposed merger with Internet advertising company DoubleClick. "[T]his deal raises fundamental consumer privacy concerns worthy of serious scrutiny," the senators wrote. In complaints (pdf) to the FTC, EPIC, the Center for Digital Democracy and US PIRG have detailed the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. The European Commission Directorate on Competition has announced a four-month in-depth investigation into the proposed merger. For more information, see EPIC's page on Privacy? Proposed Google/DoubleClick Deal. (Nov. 20, 2007)
  • Google-Doubleclick Deal Looms Over Commission Workshop in DC. The Federal Trade Commission begins a two-day workshop today on Behavioral Targeting. EPIC has urged the Commission to establish meaningful privacy safeguards for consumers and impose conditions on the merger of the two Internet advertising giants, Google and Doubleclick. The Center for Digital Democracy and US PIRG have also recommend that the FTC protect consumers from harmful interactive marketing practices. See EPIC's page Privacy? Proposed Google/DoubleClick Deal. (Nov. 1, 2007)
  • EPIC Urges Congress to Monitor Google-Doubleclick Review. In a letter (pdf) to the Congressional Committee that funds the Federal Trade Commission, EPIC urged oversight of the Commission's review of the pending Google-Doubleclick merger. In complaints (pdf) to the FTC, EPIC, the Center for Digital Democracy and US PIRG have detailed the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. If the FTC fails to do so, "we believe there should be a comprehensive investigation of the factors that led to the FTC's decision," EPIC said. See EPIC's page on Privacy? Proposed Google/DoubleClick Deal. (Oct. 26, 2007)
  • EPIC to Senate: FTC Must Impose Privacy Standards Before Approving Google-Doubleclick Merger. In testimony (pdf) before the Senate Judiciary Committee on the pending Google-Doubleclick merger, EPIC Executive Director Marc Rotenberg said that the Federal Trade Commission should establish privacy safeguards as a condition of the merger. EPIC filed a complaint before the Commission (pdf) in April regarding the merger, similar to other complaints filed by EPIC in the Doubleclick-Abacus merger (pdf), the Microsoft Passport matter (pdf), and Choicepoint. Since the filing of the EPIC complaint, competition authorities around the world have opened investigations. Press Packet. More information at Privacy ? Google-Doubleclick. (Sept. 27, 2007)
  • EPIC, CDD, US PIRG File Additional Papers with FTC in Google-DoubleClick Merger. At the National Press Club today, EPIC, the Center for Digital Democracy, and US PIRG announced a second supplement (pdf) to the groups' original complaint (pdf) and subsequent supplement (pdf) with the Federal Trade Commission (FTC) concerning the proposed Google-DoubleClick merger. The amended complaint details new facts supporting the conclusion that the FTC should block Google's proposed acquisition of DoubleClick. Also today, the Canadian Internet Policy and Public Interest Clinic filed a formal complaint (pdf) with the Privacy Commissioner of Canada urging an investigation into the proposed merger. See EPIC's page on the proposed Google-DoubleClick merger. (Sept. 17, 2007)
  • Privacy Groups File Amended Complaint with FTC Regarding Google/DoubleClick Merger. EPIC, CDD, and US PIRG today filed a supplement (pdf) to the groups' original complaint (pdf) with the Federal Trade Commission (FTC) concerning the Google/DoubleClick merger. The new complaint explains the need for the FTC to consider consumer privacy interests in the context of a merger review involving the Internet's largest search profiling company and the Internet's largest targeted advertising company. The complaint provides additional evidence about Google and DoubleClick's business practices that fail to comply with generally accepted privacy safeguards, and proposes further steps that the Commission should take if the merger is to be approved. For more information see EPIC's page on Proposed Google/Doubleclick deal. (Jun. 6, 2007)
  • New York State Consumer Protection Board endorses EPIC's Google/DoubleClick Complaint. The New York State Consumer Protection Board has sent a letter to the Federal Trade Commission (FTC) endorsing EPIC's recent complaint to the FTC regarding the privacy implications of the Google/DoubleClick merger. The Board expressed its concern that the merger of these two companies would create "super-profiles" of users, exposing consumers to the risk of disclosure of their data to third-parties, as well as public disclosure as evidence in litigation or through data breaches. The Board urged the FTC to halt the merger until it has fully investigated Google's planned use of DoubleClick's data post-merger. For more information on the proposed merger, visit EPIC's FTC Google Complaint Page. (May 9, 2007)
  • EPIC Recommends Better Notification and Strong Privacy Safeguards for Security Breach Investigations. In comments (pdf) to the Federal Trade Commission today, EPIC urged the FTC to limit the disclosure of personal information related to security breach investigations. EPIC said that the Privacy Act exemption sought by the Commission was far too broad. EPIC recommended that the FTC significantly narrow the exemption by "creat[ing] tiers of access, allowing specific categories of individuals limited access to the data, according to the needs of the investigation." EPIC also said that the Commission should notify individuals whose personal data may have been improperly disclosed in a security breach before other government agencies are notified. For more information, see EPIC's Identity Theft Page. (Apr. 30, 2007)
  • White House ID Theft Report to be Released Today. Attorney General Gonzales and FTC Chairman Majoras will hold a press conference today to announce the release of the final report of President's Identity Theft Task Force. In January 2007, EPIC submitted comments to the Task Force that emphasized the need to establish better privacy and security practices to reduce the risk of identity theft, rather than simply expand law enforcement authority. EPIC criticized, "government and private agencies that collect and store excessive amounts of often unnecessary personal information in systems that lack adequate privacy and security safeguards." EPIC wrote, "The best long-term approach to the problem of identity theft is to minimize the collection of personal information and to develop alternative technologies and organizational practices." EPIC also recommended the adoption of privacy enhancing technologies, data minimization, and meaningful remedies when security breaches and privacy violations occur. See EPIC Identity Theft Page. (Apr. 23, 2007)
  • EPIC Files Complaint With FTC Regarding Google/DoubleClick Merger. EPIC, CDD and US PIRG today filed a complaint (pdf) with the Federal Trade Commission (FTC), urging the Commission to open an investigation into the proposed acquisition. The groups urged the FTC to assess the ability of Google to record, analyze, track, and profile the activities of Internet users with data that is both personally identifiable and data that is not personally identifiable. The groups further urged the FTC to require Google to publicly present a plan to comply with well-established government and industry privacy standards such as the OECD Privacy Guidelines. Pending the resolution of these and other issues, EPIC encouraged the FTC to halt the acquisition. See EPIC's FTC Google Complaint page. (Apr. 20, 2007)
  • Google Proposes Doubleclick Acquisition. The Internet search giant has announced a $3.1 billion purchase of the Internet advertising company Doubleclick that would make it possible to merge Internet user search histories and Internet user web site visits. In February 2000, when a similar acquisition was proposed, EPIC filed a complaint (pdf) with the Federal Trade Commission, alleging that Doubleclick was unlawfully tracking the online activities of Internet users and combining surfing records with detailed personal profiles contained in a national marketing database. The FTC opened an investigation and Doubleclick eventually acknowledged that it was a mistake to "merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards" and backed off the plan. For more information, EPIC's Cookies Page and Double Trouble. (Apr. 17, 2007)
  • FTC Reports that Identity Theft Again Tops List of Consumer Complaints. The annual report (pdf) by the Federal Trade Commission finds identity theft complaints, for the seventh year in a row, the number one concern of US consumers, accounting for 36 percent of the 674,354 complaints received. According to the FTC, Credit card fraud (25 percent) was the most common form of reported identity theft, followed by phone or utilities fraud (16 percent), bank fraud (16 percent), and employment fraud (14 percent). In Spanish. The FTC report appears to repudiate an industry-funded study that suggested a decline in identity theft. (Feb. 8, 2007)
  • FTC Fines Choicepoint for $15 Million in Consumer Privacy Case Following EPIC Complaint. The Federal Trade Commission has announced a settlement (pdf) with data broker Choicepoint, under which the company will pay $10 million to the Commission and $5 million to redress consumer harms. It is the largest civil penalty in FTC history. The Commision accused (pdf) Choicepoint of violating consumers' privacy rights and federal law through its shoddy security measures and record-handling procedures. Choicepoint will also have to institute better security procedures and be audited by an independent security firm every two years until 2026. The settlement does not, however, resolve EPIC's 2004 complaint that Choicepoint has been selling personal information outside of Fair Credit Reporting Act protections. For more information, see EPIC's Choicepoint page. (Jan. 26, 2006)
  • FTC Fines Directv $5.3M for Telemarketing Violations. The Federal Trade Commission today announced an agreement with satellite television provider Directv where the company agreed to pay $5.3 million to settle violations of the Do-Not-Call Telemarketing Registry. Directv was using telemarketing agents to call individuals on the Do-Not-Call Registry, and these agents were "abandoning" calls, that is, initiating a call and hanging up before the consumer can answer. Today's settlement was the largest amount levied against any company for violations of the Do-Not-Call rules. For more information, see EPIC's Telemarketing Page. (Dec. 13, 2005)
  • FTC Ends Experian Bait and Switch. The Federal Trade Commission has settled a complaint against credit reporting agency Experian for offering "free" credit reports that were actually expensive credit monitoring services. The company must change representations on its Web site and disgorge almost $1 million received in the bait and switch scam. EPIC filed a complaint against Experian with the FTC in September 2003, noting that although the company is legally responsible for the accuracy and security of credit reports, Experian was stoking consumers' fears on these issues in order to sell credit monitoring services. Individuals who want their free credit report can obtain it from www.annualcreditreport.com, the site established by Congress to provide three reports per year at no cost to the consumer. For more information, see EPIC's Fair Credit Reporting Act Page. (Aug. 16, 2005)
  • EPIC Urges FTC to Investigate Online Data Brokers. In a complaint to the Federal Trade Commission, EPIC urged the agency to investigate online data brokers, companies that promise to sell phone calling records, the identities of people who own private mail boxes, and the identities associated with AOL Screen names, Match.com profiles, and Lavalife profiles. The complaint argues that this information cannot be obtained without violating federal law or regulations. Both the Washington Post and Wall Street Journal have reported on the filing. (Jul. 8, 2005)
  • Groups to FTC: Kids' Privacy Improving, but Law Needs Enforcement. Consumer privacy groups have filed comments (also available in pdf) to the Federal Trade Commission as part of its review of the Children's Online Privacy Protection Act. The groups argue that COPPA has improved children's privacy online. There is a continuing need to continue to clarify COPPA via enforcement and research into the cutting edge techniques being used to direct websites at children. Further action is still needed to address the privacy concerns raised in the offline market for children's personal information. For more information, see EPIC's page on the Children's Online Privacy Protection Act. (Jun. 29, 2005)
  • Groups Urge FTC to Reevaluate FTC's Position on Choicepoint. EPIC and a coalition of privacy and consumer groups urged (pdf) Federal Trade Commission Chair Majoras to reevaluate the agency's position on commercial data brokers, as it was "very much in line with the views of the companies testifying before Congress, which had leaked or sold data to criminals, but was very far from the views expressed by consumer and privacy groups." The groups noted that the FTC itself contributed to current information privacy problems by approving self-regulatory principles authored by companies like Choicepoint and by allowing the sale of "credit headers" without privacy protections. The groups have called upon the FTC to "correct these extraordinary policy blunders and urge the application and enforcement of Fair Information Practices (FIPs) to the commercial data broker industry..." For more information, see EPIC's Choicepoint Page. (Mar. 17, 2005)
  • EPIC Report: FTC's Market Approach Has Failed to Protect Consumer Privacy. In conjunction with the opening of EPIC's first satellite office in San Francisco, California, EPIC has released a policy report arguing that self-regulation has failed to meaningfully address consumer privacy. New technologies and invasive practices from the online world are finding their way into the offline world and have dragged down the practices of ordinary retailers. This paper argues that the FTC and Congress should reevaluate their commitment to market approaches, and empower consumers with privacy law that incorporates Fair Information Practices. (Mar. 3, 2005)
  • EPIC Submits Comments to FTC Regarding Children's Online Activity. EPIC has submitted comments (pdf) to the Federal Trade Commission on its proposal to weaken the Children's Online Privacy Protection Act's parental notice requirements. EPIC challenged the underlying assumptions presented by the FTC in its proposal to make permanent the "Sliding Scale 2005" which addresses parental communications regarding their children's online activity. For more information see EPIC's Children's Online Privacy Protection Act Page. (Feb. 14, 2005)
  • Coalition Urges FTC to Unblock Links to Free Credit Site. EPIC and five privacy and consumer groups have called upon the FTC to order credit reporting agencies to stop blocking web hyperlinks to a site that provides free credit reports. The letter argues that blocking links violates federal regulations, and that, "Whether intentional or not, every subtle and not so subtle web design tactic has been employed to make www.annualcreditreport.com difficult to find and use." EPIC has posted a webpage that circumvents the blocking. For more information, see the EPIC FCRA Page. (Dec. 7, 2004)
  • Sen. Nelson Joins EPIC in Opposing Do-Not-Call Loophole. Senator Bill Nelson (D-FL) has called upon the Federal Trade Commission to abandon a proposed loophole to the telemarketing Do-Not-Call Registry. The loophole would allow companies to send recorded messages to persons with whom they have done business. In a letter (pdf) to the FTC, Nelson warned that the loophole threatens to erode consumer privacy and flood homes with unwanted messages. EPIC and Nelson are urging the public to comment on the loophole by January 10, 2005. For more information, see the EPIC Telemarketing Page. (Dec. 7, 2004)
  • Free Credit Report Site Blocks Web Links. Nationwide credit reporting agencies are required under federal law to provide a free credit report to residents of western states online starting December 1, 2004. However, the credit reporting agencies have blocked links to the free site, citing bogus security concerns. By blocking outside links, the companies create a greater risk of phishing because consumers have to type in the URL, and the companies can steer consumers to their expensive, unnecessary credit monitoring services, avoiding their duty to provide free reports. To get your free report, paste the following URL into your browser: http://www.annualcreditreport.com. (Dec. 4, 2004)
  • FTC Fails to Enforce Children's Privacy Law Against Amazon. Responding to a formal complaint from EPIC and several other privacy organizations, Federal Trade Commission staff have recommended (pdf) that the agency not pursue Amazon.com under the Children's Privacy Protection Act despite the fact that the "Toy Store" website targets children and collects personal information. The agency relied heavily on a single sentence in the company's privacy policy, and concluded that the site wasn't covered by the privacy law. For more information, see the EPIC COPPA Page. (Nov. 24, 2004)
  • FTC Files Brief Supporting Banks Against Privacy Law. The Federal Trade Commission and other federal agencies have filed an amicus brief (pdf) supporting national banks in their bid to invalidate a strong California financial privacy law. California Attorney General lamented that, 'These agencies are supposed to protect consumers. Apparently, they prefer protecting the profits of banks." For more information, see the EPIC ABA v. Lockyer Page. (Aug. 13, 2004)
  • EPIC Urges FTC to Safeguard Consumers' Interests at RFID Workshop. In testimony to the Federal Trade Commission on radio frequency identification technologies, EPIC called for the adoption of strong privacy guidelines to protect consumers against potential abuses of the tracking technology. For more information see the EPIC RFID web Page. (June 21, 2004)
  • FTC Urged to Create Privacy-Friendly Free Credit Report Site. In comments to the Federal Trade Commission, EPIC and Professor Dan Solove argued that the agency should implement a privacy-friendly central source for free credit reports. This centralized source, which was created by Congress in recent amendments to the Fair Credit Reporting Act, should provide free credit reports without allowing its users' data to be sold by credit reporting agencies. For more information, see the EPIC FCRA Page. (Apr. 16, 2004)
  • Court Upholds Do-Not-Call Registry. The U.S. Court of Appeals for the Tenth Circuit has upheld (pdf) the Federal Trade Commission Do-Not-Call Registry against a legal challenge brought by telemarketers. The decision allows the continued operation of the list, allows the government to levy fees on telemarketers for its operation, and recognizes that the FTC has the authority to create and operate the list. For more information, see the EPIC Telemarketing and Do-Not-Call Timeline Pages. (Feb. 17, 2004)
  • FCC Will Enforce DNC Registry. FTC Appeals Do Not Call Decision. Following the issuance of an order (pdf) by the 10th Circuit Court of Appeals denying a request to delay implementation of the Do-Not-Call Registry, the Federal Communications Commission announced that it will begin enforcing it beginning Wednesday, October 1. In a related case, the Federal Trade Commission has filed a notice that it will appeal (pdf) a Colorado district court's decision (pdf) that invalidated the Registry on First Amendment grounds. Individuals can still enroll in the registry by visiting donotcall.gov. For more information, see the EPIC Telemarketing Page. (Sept 29, 2003)
  • Federal Court Blocks FTC Do-Not-Call List. A federal court in Oklahoma has found (500k pdf) that the Federal Trade Commission exceeded its authority in creating the telemarketing Do-Not-Call registry. UPDATE: The House of Representatives has ratified the FTC's authority to create a Do-Not-Call list by a 412-8 vote. Senate action is still pending. The FTC has filed a stay to delay the effective date of the court's ruling. For more information, see the EPIC Telemarketing Page. (Sept 24, 2003)
  • UPDATE - EPIC Files Complaint with Federal Trade Commission about JetBlue and Acxiom, Also Seeks Government Records on Secret Government Profiling Program. Today EPIC filed a complaint with the Commission alleging that JetBlue and Acxiom violated federal consumer law when they transferred information on passengers in violation of their own privacy policies. EPIC also filed expedited Freedom of Information Act requests with several federal agencies. Press briefing at 1 pm EDT. For more information, see the EPIC Passenger Profiling page and the European Digital Rights Initiative. (Sept 22, 2003)
  • EPIC Urges FTC To Investigate Credit Reporting Marketing Practices. In a complaint filed with the Federal Trade Commission, EPIC has urged the agency to investigate the marketing practices of credit reporting agency Experian. The company broadly disseminates advertising offers for "free" credit reports, but actually provides an expensive credit monitoring service that individuals must cancel within thirty days. Experian's advertising is not only misleading, it also stokes fears of inaccuracy in credit reports in order to drive up sales of the company's products. For more information, see the EPIC FCRA Page. (Sept 17, 2003)
  • FTC Releases Strong ID Theft Findings, Weak Recommendations. The Federal Trade Commission released a report finding that identity theft imposes billions of dollars of costs, and millions of hours of wasted time upon society. However, the agency's recommendations to address identity theft were entirely reactive, and likely to exacerbate the crime. The recommendations primarily addressed how victims can recover from the crime, including the use of uniform identity theft affidavits. Additionally, the agency recommended that Congress preempt state credit laws, which will worsen the problem by preventing states from passing strong identity theft legislation. For more information, see the EPIC Privacy and Preemption Page. (Sept 5, 2003)
  • EPIC Comments on FTC Info Workshop. In comments submitted to the Federal Trade Commission's Information Flows Workshop, EPIC argued that there is strong support for Fair Information Practices to address business uses of personal information, and that businesses have used personal information to limit consumer choice, to raise prices, and to engage in fraud. The comments also question the integrity of industry-funded academics who have employed dubious research methods and specious arguments to stymie privacy regulations. EPIC's submission included a paper by Robert Gellman on the costs of not protecting privacy, and a law review article by Elizabeth Warren discussing the integrity of industry-funded academic groups, such as the Credit Research Center. For more information, see the EPIC Consumer Profiling Page. (Jun. 18, 2003)
  • FTC Holds Spam Forum. The Federal Trade Commission (FTC) has begun a three-day conference on spam. In anticipation of the event, the FTC released a study finding that 66% of spam in their sample contained a false claim. EPIC Deputy Counsel Chris Hoofnagle is participating in the forum on a panel addressing "Falsity in Sending of Spam." For more information, see the EPIC Spam Page. (Apr. 30, 2003)
  • Coalition Alleges Children's Privacy Violation. EPIC and 11 consumer organizations alleged in a complaint to the Federal Trade Commission (FTC) today that Amazon.com has illegally collected and disclosed children's personal information in violation of the Children's Online Privacy Protection Act (COPPA). The FTC has taken action in previous cases where companies direct web sites towards children and collect the personal information of children. For more information, see the press release and EPIC COPPA Page. (Apr. 22, 2003)
  • EPIC Urges Int'l Privacy Rules for FTC. EPIC has filed comments (pdf) recommending that the FTC address the privacy implications of the international transfer of personal information in consumer fraud investigations. The FTC is considering increasing data sharing (pdf) between the FTC, foreign law enforcement authorities, consumer protection agencies, ISPs and Web hosting companies. (Feb. 20, 2003)
  • FTC Considers Policies for WHOIS Data. On February 20, the Federal Trade Commission will explore "Cooperation Between the FTC and Domain Registration Authorities" (pdf) as part of a public workshop on partnerships against cross-border fraud. The FTC is considering the expanded use of information about Internet domain name registrants for law enforcement purposes. EPIC has filed comments (pdf) recommending that the FTC address the privacy, free speech, and consumer fraud implications of requiring domain name registrants to provide personal information. (Feb. 19, 2003)
  • FTC Announces National Do-Not-Call List. The FTC will establish a national DNC list that will accommodate both Internet and toll-free phone number enrollment. The new regulations also require telemarketers to transmit caller ID information, establish new rules for the use of preacquired account number information, and prohibit "abandoned" calls. For the list to operate, Congress will have to approve the levying of charges to the telemarketing industry in order to fund the program. EPIC and a coalition of consumer and civil liberties groups submitted detailed comments in favor of a DNC list. For more information, see the EPIC Telemarketing Page. (Dec. 18, 2002)
  • FTC Pursues Student Profilers. The FTC has settled a case with three student profiling companies for collecting information from schoolchildren in violation of federal law. The companies distributed surveys to children through teachers and guidance counselors under the pretense that the information was only for college admissions. However, the companies were selling the information to commercial marketers. For more information, see the EPIC Profiling Page and the EPIC FERPA Page. (Oct. 2, 2002)
  • EPIC Urges FTC to Adopt Effective Strategy for Passport. In comments to the Federal Trade Commission, EPIC and a coalition of advocacy groups urged the agency to amend its Consent Order regarding Microsoft Passport to include greater privacy protections. The groups commented that Passport users should have access to their entire profile, that security risks justify limits on the Passport system, and that the Commission should examine other developing authentication systems, such as AOL's Screen Name Service and Project Liberty. For more information, see the EPIC Passport Page. (Sept. 9, 2002)
  • FTC Announces Action Against Microsoft Passport. The Federal Trade Commission (FTC) has settled a privacy enforcement action against Microsoft for violations associated with the Passport identification and authentication system. The agreement (PDF) requires that Microsoft establish a comprehensive information security program for Passport, and that it must not misrepresent its practices of information collection and usage. In July and August 2001, EPIC and a coalition of consumer advocacy groups filed complaints detailing the privacy risks associated with Passport. For more information, see the FTC's complaint (PDF), the EPIC Passport Investigation Page and the EPIC Sign Out of Passport Page. (Aug. 8, 2002)
  • FTC Seeks Comment on Telemarketing Sales Rule. EPIC is urging individuals to comment on the Federal Trade Commission's (FTC) proposed changes to the Telemarketing Sales Rule (TSR). The TSR regulates how telemarketers can make sales calls. More information and suggested comments are available on the EPIC Telemarketing Page. (Feb. 7, 2002)
  • FTC Proposes Telemarketing Do-Not-Call List. The Federal Trade Commission has issued proposed changes to the Telemarketing Sales Rule (TSR) that would create a national Do-Not-Call (DNC) list for individuals who wish to avoid sales calls. The proposed changes would also prohibit the use of "pre-acquired account information" in telemarketing. The FTC has encouraged individuals to comment on the changes online. (Jan, 25, 2002)
  • Eli Lilly Settles with FTC over Privacy Violation. The Federal Trade Commission (FTC) has announced a settlement in a case involving Eli Lilly's accidental disclosure of the email addresses of 700 people who were subscribed to a mental health information list. Under the terms of the settlement the company will increase existing security and create an internal program to prevent future privacy violations. However, as the disclosure was unintentional, no fines will be imposed upon the company. The public may submit comments on the settlement for 30 days, after which the Commission will decide whether to make it final. The FTC acted in response to a July 2001 ACLU complaint highlighting Eli Lilly's negligence. (Jan. 18, 2002)
  • FTC Chairman Announces Privacy Agenda. On October 4, 2001, Timothy Muris, Chairman of the Federal Trade Commission (FTC) released a new privacy agenda for the agency. The agenda calls for a 50% increase in privacy resources, improved privacy complaint handling, more protection for consumers from spam, telemarketing, pretexting and ID theft, and increased enforcement of privacy policies and existing laws such as the Fair Credit Reporting Act (FCRA) and the Children's Online Privacy Protection Act (COPPA). The Chairman concluded, however, that it was "too soon" to recommend broad-based online privacy legislation. (Oct. 4, 2001)
  • Privacy Groups File Updated Complaint at FTC, Allege Microsoft Passport Constitutes an "Unfair and Deceptive Trade Practice." At a press conference on August 15 at the National Press Club, EPIC, Junkbusters, the Center for Media Education, and other organizations announced the filing of an updated complaint (PDF) with the Federal Trade Commission containing new allegations about Microsoft Passport, and urged the Commission to open an investigation. Last month, the organization filed the original complaint (PDF) that was acknowledged (PDF) by the FTC. (Aug. 15, 2001)
  • EPIC, Privacy Groups File Complaint at the FTC Regarding Windows XP. In a formal complaint (PDF) filed with the Federal Trade Commission, privacy and consumer groups allege that Microsoft is engaging in unfair and deceptive trade practices through the information collection capabilities of its new operating system.(Jul. 26, 2001)
  • Privacy Coalition Meets with New FTC Chairman. On July 17, members of the Privacy Coalition, a non-partisan coalition of consumer, civil liberties, educational, library, labor, and family-based groups met with FTC Chairman Timothy Muris. The Coalition presented a letter to the Chairman with recommendations for future FTC action on privacy issues. (Jul. 17, 2001)
  • EPIC Urges New FTC Chair to Focus on Privacy. EPIC and other public interest groups have sent a letter to Timothy Muris, the new Federal Trade Commission Chairman, urging him to take affirmative steps to protect individuals' privacy. (May 31, 2001)

Media Coverage

Resources

Overview of FTC Statutory Authority to Protect Privacy.

Internet and Consumer Privacy

  • The Federal Trade Commission held "computer database study" to examine personal information held by private companies used to locate individuals. A Public Workshop on Consumer Information Privacy was held on June 10-13, 1997.
  • Following the P-TRAK controversy, the Senate Commerce Committee sent a letter to the FTC on the Lexis-Nexis P-TRAK problem and other "violations of consumer privacy rights."
  • The FTC also held hearings in June 1996 on privacy issues. The conference report issued in December 1996 stresses "notice, choice, security, and access" but sidesteps major on-line privacy issues -- anonymity, spamming, sale of personal data. Transcripts from the hearings, June 4-5, 1996.
  • EPIC Letter to FTC urging strong support for on-line privacy, December 14, 1995.
  • Letter from Marc Klass to FTC supporting EPIC's call for an investigation of the direct marketing industry, Feb. 2, 1996.
  • Remarks of FTC Commissioner Christine A. Varney before the Privacy & American Business Conference, Washington, D.C., October 6, 1996.
  • Comments of FTC Commissioner Robert Pitofsky on Electronic Money, September 17, 1997.
  • Remarks of FTC Commissioner Christine A. Varney before the Privacy & American Business Conference, Washington, D.C., November 1, 1995.

Credit Reports

The FTC is also empowered to enforce the Fair Credit Reporting Act.