Focusing public attention on emerging privacy and civil liberties issues

Federal Trade Commission

Latest News

  • EPIC Urges Federal Trade Commission to Strengthen Childrens' Privacy Rule: EPIC filed comments urging the Federal Trade Commission to improve the Childrens' Online Privacy Protection Act Rule. The rule is the principal federal protection for childrens' privacy, and limits how companies may collect and disclose childrens' personal information. "The need for the COPPA Rule has become increasingly urgent in light of new business practices and recent technological developments, such as social networking sites and mobile devices," EPIC wrote. "Existing provisions need to be strengthened and new provisions need to be added." In April, EPIC testified before Congress concerning childrens' privacy. For more, see EPIC: COPPA and EPIC: FTC. (Jul. 9, 2010)
  • Congressional Leaders Write to Google's Schmidt About "Spy-Fi": Congressmen Henry Waxman (D-CA), Joe Barton (R-TX), and Ed Markey (D-MA) have sent a detailed letter to Google CEO Eric Schmidt about the reports that Google Street View vehicles scarfed up Wi-Fi data in thirty countries, including the United States. The letter follows a complaint that EPIC has sent to the Julius Genachowski, chairman of the Federal Communications Commission, suggesting that Google may have violated federal wiretap laws. For more information, see Congress Urges FTC to Investigate Google. (May. 26, 2010)
  • New Facebook Privacy Complaint Filed with Trade Commission: Today, EPIC and 14 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection law. The complaint states that changes to user profile information and the disclosure of user data to third parties without consent "violate user expectations, diminish user privacy, and contradict Facebook’s own representations." The complaint also cites widespread opposition from Facebook users, Senators, bloggers, and news organizations. In a letter to Congress, EPIC urged the Senate and House Committees with jurisdiction over the FTC to monitor closely the Commission's investigation. The letter noted the FTC's failure to act on several pending consumer privacy complaints. For more information, see EPIC: Facebook Privacy. (May. 5, 2010)
  • EPIC Recommends Effective Consumer Privacy Standards, Calls Notice and Choice a "Failed Experiment": At the third FTC Privacy Roundtable, EPIC senior counsel John Verdi will recommend that the Commission push forward with effective and meaningful privacy safeguards for American consumers. Mr. Verdi will say that the "notice and choice" approach has failed, and will recommend that the FTC enforce Fair Information Practices, such as the OECD Privacy Guidelines. The discussion can be viewed via webcast. Additional information on the FTC roundtable event can be found here. For more information, see EPIC In re Google Buzz, EPIC In re Facebook, and EPIC In re Google and Cloud Computing. (Mar. 17, 2010)
  • Senate Confirms Julie Brill as FTC Commissioner: The Senate confirmed Julie Brill, former Vermont Assistant Attorney General, to fill a vacancy for FTC Commissioner. Brill served for over 20 years as Vermont’s Assistant Attorney General for Consumer Protection and Antitrust, and currently serves as Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice. Brill has had experience with several important consumer protection issues, including tobacco, food and drug, antitrust, and privacy and identity theft. Senator Leahy (D-VT) expressed support for Brill’s confirmation, proclaiming, “We again have an FTC that is on the side of the consumers. Julie Brill will help revitalize an FTC that has languished while consumers’ interests have given way to special interests.” (Mar. 4, 2010)
  • Federal Trade Commission Sets out Priorities But Lacks Strategy for Privacy Protection: The Federal Trade Commission released the Congressional budget justification summary for FY 2011 and performance plan for FY 2010-11. The FTC documents list three strategic goals: protect consumers, maintain competition, and advance performance. Objectives include improving consumer education, identifying and stopping “fraud, deception and unfair practices,” and “protecting American consumers in the global marketplace.” Although the FTC Implementation Plan includes the development of approaches to implement OECD Guidelines on consumer protection in the context of electronic commerce, there is no mention of implementing OECD Guidelines on privacy protection.  (Feb. 4, 2010)
  • EPIC Urges FTC to Protect Users' Privacy On Cloud Computing and Social Networking Services: EPIC submitted comments to the FTC prior to the agency’s second privacy roundtable. EPIC warned of the ongoing privacy risks associated with cloud computing and social networking privacy, highlighting the Google cloud computing complaint and Facebook privacy complaint filed by EPIC in 2009. The comments note that the FTC has failed to take any meaningful action with respect to either complaint, demonstrating the Commission's “lack of leadership and technical expertise.” EPIC's comments also draw attention to the success of international privacy initiatives, in hopes of encouraging the FTC to take meaningful action to protect American consumers. For more information, see EPIC: Cloud Computing and EPIC: Social Networking Privacy. (Jan. 28, 2010)
  • EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission: EPIC has filed a complaint with the Federal Trade Commission, urging the FTC to open an investigation into Facebook’s revised privacy settings. The EPIC complaint, signed by nine other privacy and consumer organizations, states that the  "changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations." EPIC cites widespread opposition from Facebook users, security experts, bloggers, and news organizations. A previous EPIC complaint to the FTC, concerning the data broker industry, produced the largest settlement in the FTC's history.  For more information, see EPIC: In re Facebook, Frequently Asked Questions Regarding EPIC's Facebook Complaint, and EPIC Facebook Privacy. EPIC PRESS RELEASE. (Dec. 17, 2009)
  • FTC Considers Emerging Privacy Concerns at First Privacy Roundtable: The Federal Trade Commission held the first of three privacy roundtables this week in Washington, DC. The well-attended event featured privacy and security experts from around the country, with each panel consisting of at least one industry representative and one privacy advocate. The failure of the current notice and choice model, the need to regulate behavioral targeting, concerns about government access to data, and the high privacy expectations of consumers were among recurring topics throughout the day. EPIC's Marc Rotenberg said it was important for the Commission to focus on emerging business practices and the impact on consumer privacy. The second privacy roundtable will be held on Data Privacy Day - January 28, 2010 - at the University of California, Berkeley School of Law. The FTC welcomes comments from the public in advance of the roundtable. (Dec. 9, 2009)
  • President Obama Nominates Brill and Ramirez for Federal Trade Commission: President Obama nominated Julie Brill and Edith Ramirez to be commissioners of the Federal Trade Commission. Brill, North Carolina’s top consumer advocate, serves as the senior deputy attorney general and chief of consumer protection and antitrust for the North Carolina Department of Justice. Ramirez, who specializes in intellectual property and complex litigation matters, is a partner in a Los Angeles, California law firm and has experience representing companies such as Mattel, Inc. and Northrop Grumman Corp. In a press release, President Obama stated, “These individuals bring a depth of experience to their respective roles, and I am confident they will serve my administration and the American people well. I look forward to working with them in the months and years ahead.” (Nov. 17, 2009)
  • EPIC to FTC: "Parental Control" Software Firm Gathers Data for Marketing: EPIC filed a complaint with the Federal Trade Commission against Echometrix, the developer of parental control software that monitors children’s online activity. Echometrix analyzes the information collected from children and sells the data to third parties for market-intelligence research. The EPIC complaint alleges that Echometrix engages in unfair and deceptive trade practices by representing that the software protects children online while simultaneously collecting and disclosing information about children's online activity. The complaint further alleges that Echometrix’s practices violate the Children’s Online Privacy Protection Act by collecting and disclosing information from children under the age of 13. The EPIC complaint asks the FTC to stop these practices, seek compensation for victims, and ensure that Echometrix’s collection and disclosure practices comply with COPPA. For more information on the Children’s Online Privacy Protection Act, see EPIC COPPA. (Sep. 29, 2009)
  • Federal Trade Commission to Host Privacy Roundtables: The Federal Trade Commission has announced a series of roundtables on consumer privacy, beginning December 7. These discussions will explore many issues, including consumer information collection, information management practices, new business practices, and the adequacy of existing privacy laws. Roundtable participants will include individuals from a wide range of related fields, including privacy and technology experts. The meetings are open and public comments are encouraged. EPIC has supported the FTC's privacy mission, but has also said that the agency needs to do a lot more to safeguard consumer privacy. For more information, see EPIC FTC page. (Sep. 16, 2009)
  • Trade Commission Prohibits Robocalls: The Federal Trade Commission is prohibiting commercial telemarketing calls to consumers after September 1, 2009. The agency amended the Telemarketing Sales Rule, which imposes a penalty of $16,000 per call, to cover sellers and telemarketers who transmit prerecorded messages to consumers who have not agreed in writing to accept such messages. The Telemarketing Rule is authorized under the Telemarketing and Consumer Fraud and Abuse Prevention Act. The new rule does not prohibit informational messages or calls by politicians, banks, telephone carriers, and charities. EPIC has urged the FCC to require strong privacy safeguards for telephone customers' personal information, and protect wireless subscribers from telemarketing. See also EPIC Telemarketing and Telephone Consumer Protection Act. (Aug. 28, 2009)
  • FTC Issues Final Breach Notification Rule for Electronic Health Information: The Federal Trade Commission issued a final rule requiring breach notification by vendors of medical records and related entities. In June, EPIC submitted comments recommending that all entities handling electronic health records be subject to the regulation and that the FTC should establish a central location to track and announce breaches. The FTC modified the rule accordingly. EPIC had also recommended that information "accessed" be treated as "acquired", substitute media notices be used as supplemental notification, verification of data breach notices be required, minimum security standards be created, penalties for violations be assessed, and the creation of "safe-harbors" for de-identified data be opposed. The rule was mandated under the American Recovery and Reinvestment Act. See EPIC Medical Privacy and EPIC Identity Theft. (Aug. 21, 2009)
  • Privacy and Consumer Groups Seek New FTC Commissioner: EPIC joined other privacy and consumer organizations on a letter to President Obama urging the appointment of a pro-consumer Commissioner to the Federal Trade Commission (FTC). The groups called for the appointment of someone with a “distinguished record of achievement in consumer affairs, with a demonstrated commitment to protecting the public.” The Commission has been one person short of its full membership since former Chair Deborah Platt Majoras left the agency last year. The President appointed Jon Leibowitz to serve as the current chair of the FTC. For more information, see EPIC’s page on the Federal Trade Commission. (Apr. 27, 2009)
  • Federal Trade Commission to Review EPIC Cloud Computing Complaint: The Federal Trade Commission will review EPIC's March 17, 2009 complaint, which describes Google's unfair and deceptive business practices concerning the firm's Cloud Computing Services. EPIC's complaint describes numerous data breaches involving user-generated information stored by Google, including the recently reported breach of Google Docs. EPIC's complaint "raises a number of concerns about the privacy and security of information collected from consumers online," federal regulators said. EPIC urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines. For more information, see EPIC's complaint to the FTC. EPIC's Cloud Computing Page. (Mar. 19, 2009)
  • EPIC Petitions FTC to Investigate Google, Cloud Computing Services: EPIC has formally asked the Federal Trade Commission to open an investigation into Google's Cloud Computing Services -- including Gmail, Google Docs, and Picasa -- to determine "the adequacy of the privacy and security safeguards." The petition follows the recent report of a breach of Google Docs. EPIC cited the growing dependence of American consumers, businesses, and federal agencies on cloud computing services, and urged the Commission to take "such measures as are necessary" to ensure the safety and security of information submitted to Google. Previous EPIC complaints have led the Commission to order Microsoft to revise the security standards for Passport and to require Choicepoint to change its business practices and pay $15 m in fines. (Mar. 17, 2009)
  • Trade Commission Issues Voluntary Guidelines for Online Tracking, Targeting, and Advertising: Today, the Federal Trade Commission released voluntary guidelines for Internet advertising and behavioral targeting. The guidelines set out four principles: "1) transparency and consumer control; 2) reasonable security and limited data retention for consumer data; 3) affirmative express consent for material retroactive changes to privacy promises; and 4) affirmative express consent to (or prohibition against) use of sensitive data." There is no means to enforce the guidelines, and Commissioners Jon Leibowitz and warned that they are insufficient to ensure consumers' privacy. Commissioner Harbour cautioned that the guidelines "focus too narrowly" and urged rulemakers to "take a more comprehensive approach to privacy." The guidelines are in part a response to EPIC's 2007 Complaint regarding the Google-Doubleclick merger raising concerns about the profiling of Internet users and the need to establish clear privacy safeguards as a condition of the merger. For more information, see EPIC's Complaint regarding the Google/DoubleClick merger and page Privacy? Proposed Google/DoubleClick Deal. (Feb. 12, 2009)
  • Consumer Groups Urge Trade Commission to Investigate Mobile Marketing: The Center for Digital Democracy and the U.S. Public Interest Research Group filed a complaint with the Federal Trade Commission to investigate the growing threat to consumer privacy in the mobile advertising world. Certain services track, analyze, and target the public and build secret profiles. Users are targeted based on their online behavior and their location. The complaint urges the Commission to define and clarify practices, review self-regulation, require notice and disclosure and also protect the public. Earlier, thirty Privacy Coalition members sent a letter to President-elect Barack Obama highlighting the importance of protecting consumer privacy in new network services. For more information, see EPIC's page on Privacy and Consumer Profiling. (Jan. 13, 2009)
  • EPIC Complaint Leads to Halt of Stalker Spyware Distribution. Following an EPIC complaint, a federal court has ordered CyberSpy Software to stop selling malicious computer software. In March, EPIC filed a complaint with the Federal Trade Commission alleging that the spyware purveyor engages in unfair and deceptive practices by: (1) promoting illegal surveillance; (2) encouraging "Trojan Horse" email attacks; and (3) failing to warn customers of the legal dangers arising from misuse of the software. The federal regulators agreed, and asked the court for a permanent injunction barring sales of CyberSpy's "stalker spyware," over the counter surveillance technology sold for individuals to spy on other individuals. The court entered a temporary restraining order on November 6, 2008. Further litigation is expected before the court rules on the government's request for a permanent ban. For more information, see EPIC's Personal Surveillance Technologies Page and Domestic Violence and Privacy Page. (Nov. 17, 2008)
  • EPIC Urges FTC to Establish Privacy Safeguards for RFID Tags. In comments to the Federal Trade Commission, EPIC reiterated recommendations (pdf) it made in 2004 to the consumer protection agency to address the risks to consumer safety of the unregulated use of RFID tags that reveal personal data. The FTC is hosting a "Transatlantic RFID Workshop on Consumer Privacy and Data Security" to discuss consumer concerns. The workshop follows an event, organized by the US Department of Commerce, promoting the benefits of RFID. Comments on RFID may be submitted to the FTC until October 23. For more, see EPIC's RFID Privacy page. (Sept. 22, 2008).
  • Trade Commission Approves Data Breach Settlements, But Fails to Impose Monetary Penalties. The Federal Trade Commission has finalized settlements with TJX, Reed Elsevier, and Seisint. The settlements arose from data breaches, which exposed the sensitive personal information of over 500,000 consumers and resulted in millions of dollars in financial fraud. Earlier this year, EPIC filed comments with the FTC urging the Commission to include civil penalties in the settlements. EPIC wrote that civil penalties are necessary to provide incentives for companies to safeguard personal data. EPIC also noted that the FTC imposed $10 million in civil penalties in the Choicepoint case. The final agreements impose security and audit responsibilities, but no financial penalties. For more on data breaches and ID theft, see EPIC's Identity Theft: Its Causes and Solutions Page. (Aug. 4, 2008)
  • EPIC v. FTC: EPIC Obtains Documents Detailing Conflict of Interest in Google-Doubleclick Merger Review. Pursuant to a settlement in a Freedom of Information Act lawsuit against the Federal Trade Commission, EPIC has obtained documents detailing former FTC Chairman Deborah Platt Majoras' conflict of interest in the Google-Doubleclick merger review. Majoras headed the Commission's review of the proposed $3.1 billion Google acquisition while her spouse's law firm represented Doubleclick. A July 17, 2007 memorandum obtained by EPIC flatly contradicts Majoras' claim that "no one at the FTC" knew of the conflict "until the afternoon of Tuesday, December 11, 2007." In 2007 EPIC and the Center for Digital Democracy urged the FTC to establish privacy safeguards as a condition of the merger. One week prior to the Commission's decision to approve the merger without conditions, EPIC learned that the Jones Day law firm represented Doubleclick. EPIC then submitted Freedom of Information requests to determine the role of the Jones Day firm in the merger review. For more, see EPIC's EPIC v. FTC Page. (July 8, 2008)
  • FTC Issues Additional CAN-SPAM Rules, Fails to Regulate Third-Party List Brokers This week, the Federal Trade Commission approved new rules for CAN-SPAM, the federal anti-spam law. The Commission stated that consumers cannot be charged a fee to opt out of spam. The FTC also determined that third-party list brokers (companies that sell email lists to spammers) are not subject to CAN-SPAM's opt-out requirements. In 2005, EPIC urged the FTC to impose opt-out requirements on third-party list brokers. EPIC stated that this requirement was consistent with CAN-SPAM's goal and was more effective than the present system, which requires consumers to opt out with individual companies. For more information, see EPIC's"SPAM - Unsolicited Commercial E-Mail Page." (May 15, 2008)
  • EPIC Urges Commission to Impose Civil Penalties in Data Breach Settlements. Today, EPIC filed comments with the Federal Trade Commission urging the FTC to include civil penalties in settlements with TJX, Reed Elsevier, and Seisint. The FTC recently concluded investigations of the companies' weak security policies, and reached preliminary settlements that would impose security and audit responsibilities, but no financial penalties. The FTC's investigations arose from the companies' unrelated 2004-2005 data breaches, which exposed the sensitive personal information of over 500,000 consumers and resulted in millions of dollars in alleged financial fraud. EPIC noted that civil penalties were necessary to provide incentives for companies to better safeguard personal consumer data in the future, and observed that the FTC imposed $10 million in civil penalties in the Choicepoint case. For more on data breaches and ID theft, see EPIC's Identity Theft: Its Causes and Solutions page. (Apr. 28, 2008)
  • EPIC Sues Trade Commission to Compel Disclosure of Documents Concerning Jones Day's Role in US Doubleclick Merger Review. Today, EPIC filed a Freedom of Information Act lawsuit (pdf) challenging the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The lawsuit follows EPIC's original request (pdf) and subsequent administrative appeal (pdf). During the FTC merger review, Jones Day publicly stated that it represented Doubleclick (pdf). After EPIC learned that Chairman Majoras' spouse is a Jones Day partner, EPIC moved for the recusal of the FTC Chairman, and emphasized that recusal had occurred in other similar matters involving conflicts of interest with the Jones Day firm. However, Chairman Majoras participated in the Google-Doubleclick review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy. (Mar. 14, 2008)
  • European Commission Approves Google-Doubleclick Merger, But European Privacy Laws Will Apply. The European Commission today approved the proposed Google-Doubleclick merger under its competition authority. Though the Commission did not consider privacy in the merger review, it did reaffirm the obligation of Google-Doubleclick to comply with European privacy laws. "The Commission's decision to clear the proposed merger is based exclusively on its appraisal under the EU Merger Regulation. It is without prejudice to the merged entity's obligations under EU legislation in relation to the protection of individuals and the protection of privacy with regard to the processing of personal data and the Member States' implementing legislation." Last year, EPIC filed a complaint (pdf) with the US Federal Trade Commission, urging the FTC to open an investigation into the proposed acquisition, specifically with regard to the ability of Google to record, analyze, track, and profile the activities of Internet users. In January testimony (pdf) before the European Parliament, EPIC urged the European Commission to establish privacy safeguards as a condition of the merger. See EPIC's Privacy? Proposed Google/Doubleclick Deal Page. (Mar. 11, 2008)
  • EPIC Urges Investigation of "Stalker Spyware". EPIC filed a complaint with the Federal Trade Commission against several purveyors of stalker spyware. Stalker spyware products are over the counter surveillance technologies sold for individuals to spy on other individuals -- and can be used by abusers to spy on their victims. The complaint alleges that these companies engage in unfair and deceptive practices by: (1) promoting illegal surveillance by abusers of their victims; (2) promoting "Trojan Horse" email attacks; and (3) failing to warn their customers of legal dangers of misuse of stalker spyware. The EPIC complaint asks the FTC to stop these practices, seek compensation for victims, and investigate other harms that stalker spyware may cause. For more information see EPIC's pages on Personal Surveillance Technologies, and Domestic Violence and Privacy. (Mar. 7, 2008)
  • Data Broker Merger Threatens Privacy. Reed-Elsevier, corporate parents of Lexis-Nexis, has made a move to acquire Choicepoint, the databroker. Consumer privacy will be seriously affected if the merger is approved without any privacy safeguards. The previous Google-Doubleclick merger involving two large databases of personal information similarly raised privacy as well as antitrust issues. Choicepoint is a large player in the commercial databroker market and has been the target of an EPIC privacy complaint and an FTC investigation and fine for the privacy harms its business practices cause. For more see EPIC's page on Choicepoint. (Feb. 21, 2008)
  • EPIC Challenges Trade Commission's Failure to Produce Documents Concerning Jones Day's Role in US Doubleclick Merger Review. In a Freedom of Information Act appeal(pdf), EPIC challenged the Federal Trade Commission's failure to make public documents relating to the role of the Jones Day law firm in the Google-Doubleclick merger review. The appeal follows EPIC's original request. During the FTC review, Jones Day publicly stated that it represented Doubleclick but later denied representing Doubleclick, after EPIC learned that Chairman Majoras' husband, John M. Majoras, is a Jones Day partner. EPIC moved for the recusal of the Chairman, and noted that recusal had occurred in other matters involving apparent conflicts of interest with the Jones Day firm. However, Chairman Majoras participated in the review and voted to approve the merger without conditions, despite privacy groups' warnings that the merger would threaten consumer privacy. For more information, see EPIC's page Privacy? Proposed Google/Doubleclick Deal. (Feb. 13)
  • EPIC, Privacy Groups Renew Call for Investigation of Ask Eraser. EPIC filed a supplemental complaint (pdf) with the Federal Trade Commission today highlighting the ongoing consumer privacy threats posed by Ask.com's AskEraser product. The new complaint restates that Ask.com is engaging in an unfair and deceptive trade practice. Ask.com corrected one substantial problem with AskEraser following an earlier letter from EPIC, but EPIC makes clear in the new filing that Ask.com has failed to resolve the substantial threats to consumer privacy, and urges the FTC to move forward with an investigation. For more information, see the EPIC "Does Ask Eraser Really Erase?" Page. (Feb. 8, 2008)
  • Consumer Privacy Coalition Files FTC Complaint Against Ask.com. EPIC and five other groups filed a complaint (pdf) with the Federal Trade Commission alleging that Ask.com is engaging in unfair and deceptive trade practices with the representations concerning AskEraser, a search service that purports to protect privacy. Among the critical points highlighted by the consumer privacy coalition: (1) users must accept an AskEraser cookie and disable a genuine privacy feature in browsers that block cookies; (2) the AskEraser cookie is a unique persistent identifier that makes it easy for Ask.com, its business partners, and the government to track the activities of AskEraser users; and (3) Ask.com will disable the search delete feature -- the central purpose of the Ask Eraser service -- without notice to the user. The complaint follows a December letter (pdf) to Ask.com describing these security and privacy problems. (Jan. 19, 2008)
  • EPIC - "Federal Trade Commission failed to address the privacy implications of the Google-Doubleclick Merger". In a detailed statement issued today, EPIC said that the unique circumstances of the online advertising industry required the FTC to impose privacy safeguards as a condition of the Google- Doubleclick merger. EPIC said that the FTC "had reason to act and authority to act, and failed to do so." EPIC pointed out that the Commission ignored similar assessments from leaders in Congress and consumer protection agencies. EPIC said it would vigorously pursue Freedom of Information Act requests regarding the role of the Jones Day law firm in the merger review. EPIC concluded that the FTC's decision "does not end the discussion about competition and privacy protection in the context of merger review. Consumers around the world will be impacted by the business practices of the combined entity, and the consequences will have to be addressed." Attention turns next to a hearing before the European Parliament on January 21. EPIC has been invited to testify. (Dec. 20, 2008)
  • FTC Chair Dismisses Recusal Petition in Jones Day-Doubleclick Conflict of Interest Case, EPIC Files Expedited Open Government Request. FTC Chairman Deborah Majoras has refused to step down in the Commission's review of the Google-Doubleclick merger even though it was revealed this week that her husband's law firm is representing Doubleclick. EPIC and the Center for Digital Democracy have issued a statement. EPIC has also submitted a detailed Freedom of Information Act request seeking the expedited release of all documents concerning the participation of Jones Day in the Commission's review of Doubleclick as well as other matters involving consumer privacy. (Dec. 15, 2007)
  • EPIC, CDD Raise New Questions About FTC Chair's Possible Conflict of Interest. Today EPIC and the Center for Digital Democracy provided new information to the Federal Trade Commission concerning Jones Day's representation of Doubleclick in the pending merger review. The new filing makes clear that statements denying Jones Day participation in the matter are flatly contradicted by an earlier posting on the firm's web site. The EPIC/CDD filing also notes that the firm has subsequently removed the relevant web pages from its web site. The groups are filing a Freedom of Information Act request for all documents at the Commission regarding the matter and notifying Congressional oversight committees. See EPIC's page on Privacy? Proposed Google-DoubleClick merger. (Dec. 13, 2007)
  • Recusal of FTC Chairman Sought in Google-Doubleclick Case. In a motion (pdf) filed today with the Secretary of the Federal Trade Commission, EPIC and the Center for Digital Democracy seek the disqualification of FTC Chairman Deborah Platt Majoras from the pending review of the proposed Google-Doubleclick merger. The organizations recently learned that the husband of the FTC Chairman has taken on Doubleclick as a client for his Washington, D.C. law firm. See EPIC's page on Privacy? Proposed Google-DoubleClick Merger. (Dec. 12, 2007)
  • Leading Senators Urge Comprehensive Privacy Review of Proposed Google-Doubleclick Deal. In a letter (pdf) to the Federal Trade Commission, Senators Herb Kohl and Orrin Hatch, Chairman and Ranking Member of the Senate Judiciary Committee's Subcommittee on Antitrust, Competition Policy and Consumer Rights, urged the FTC to critically analyze the privacy and competition effects of Google's $3.1 billion proposed merger with Internet advertising company DoubleClick. "[T]his deal raises fundamental consumer privacy concerns worthy of serious scrutiny," the senators wrote. In complaints (pdf) to the FTC, EPIC, the Center for Digital Democracy and US PIRG have detailed the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. The European Commission Directorate on Competition has announced a four-month in-depth investigation into the proposed merger. For more information, see EPIC's page on Privacy? Proposed Google/DoubleClick Deal. (Nov. 20, 2007)
  • Google-Doubleclick Deal Looms Over Commission Workshop in DC. The Federal Trade Commission begins a two-day workshop today on Behavioral Targeting. EPIC has urged the Commission to establish meaningful privacy safeguards for consumers and impose conditions on the merger of the two Internet advertising giants, Google and Doubleclick. The Center for Digital Democracy and US PIRG have also recommend that the FTC protect consumers from harmful interactive marketing practices. See EPIC's page Privacy? Proposed Google/DoubleClick Deal. (Nov. 1, 2007)
  • EPIC Urges Congress to Monitor Google-Doubleclick Review. In a letter (pdf) to the Congressional Committee that funds the Federal Trade Commission, EPIC urged oversight of the Commission's review of the pending Google-Doubleclick merger. In complaints (pdf) to the FTC, EPIC, the Center for Digital Democracy and US PIRG have detailed the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. If the FTC fails to do so, "we believe there should be a comprehensive investigation of the factors that led to the FTC's decision," EPIC said. See EPIC's page on Privacy? Proposed Google/DoubleClick Deal. (Oct. 26, 2007)
  • EPIC to Senate: FTC Must Impose Privacy Standards Before Approving Google-Doubleclick Merger. In testimony (pdf) before the Senate Judiciary Committee on the pending Google-Doubleclick merger, EPIC Executive Director Marc Rotenberg said that the Federal Trade Commission should establish privacy safeguards as a condition of the merger. EPIC filed a complaint before the Commission (pdf) in April regarding the merger, similar to other complaints filed by EPIC in the Doubleclick-Abacus merger (pdf), the Microsoft Passport matter (pdf), and Choicepoint. Since the filing of the EPIC complaint, competition authorities around the world have opened investigations. Press Packet. More information at Privacy ? Google-Doubleclick. (Sept. 27, 2007)
  • EPIC, CDD, US PIRG File Additional Papers with FTC in Google-DoubleClick Merger. At the National Press Club today, EPIC, the Center for Digital Democracy, and US PIRG announced a second supplement (pdf) to the groups' original complaint (pdf) and subsequent supplement (pdf) with the Federal Trade Commission (FTC) concerning the proposed Google-DoubleClick merger. The amended complaint details new facts supporting the conclusion that the FTC should block Google's proposed acquisition of DoubleClick. Also today, the Canadian Internet Policy and Public Interest Clinic filed a formal complaint (pdf) with the Privacy Commissioner of Canada urging an investigation into the proposed merger. See EPIC's page on the proposed Google-DoubleClick merger. (Sept. 17, 2007)
  • Privacy Groups File Amended Complaint with FTC Regarding Google/DoubleClick Merger. EPIC, CDD, and US PIRG today filed a supplement (pdf) to the groups' original complaint (pdf) with the Federal Trade Commission (FTC) concerning the Google/DoubleClick merger. The new complaint explains the need for the FTC to consider consumer privacy interests in the context of a merger review involving the Internet's largest search profiling company and the Internet's largest targeted advertising company. The complaint provides additional evidence about Google and DoubleClick's business practices that fail to comply with generally accepted privacy safeguards, and proposes further steps that the Commission should take if the merger is to be approved. For more information see EPIC's page on Proposed Google/Doubleclick deal. (Jun. 6, 2007)
  • New York State Consumer Protection Board endorses EPIC's Google/DoubleClick Complaint. The New York State Consumer Protection Board has sent a letter to the Federal Trade Commission (FTC) endorsing EPIC's recent complaint to the FTC regarding the privacy implications of the Google/DoubleClick merger. The Board expressed its concern that the merger of these two companies would create "super-profiles" of users, exposing consumers to the risk of disclosure of their data to third-parties, as well as public disclosure as evidence in litigation or through data breaches. The Board urged the FTC to halt the merger until it has fully investigated Google's planned use of DoubleClick's data post-merger. For more information on the proposed merger, visit EPIC's FTC Google Complaint Page. (May 9, 2007)
  • EPIC Recommends Better Notification and Strong Privacy Safeguards for Security Breach Investigations. In comments (pdf) to the Federal Trade Commission today, EPIC urged the FTC to limit the disclosure of personal information related to security breach investigations. EPIC said that the Privacy Act exemption sought by the Commission was far too broad. EPIC recommended that the FTC significantly narrow the exemption by "creat[ing] tiers of access, allowing specific categories of individuals limited access to the data, according to the needs of the investigation." EPIC also said that the Commission should notify individuals whose personal data may have been improperly disclosed in a security breach before other government agencies are notified. For more information, see EPIC's Identity Theft Page. (Apr. 30, 2007)
  • White House ID Theft Report to be Released Today. Attorney General Gonzales and FTC Chairman Majoras will hold a press conference today to announce the release of the final report of President's Identity Theft Task Force. In January 2007, EPIC submitted comments to the Task Force that emphasized the need to establish better privacy and security practices to reduce the risk of identity theft, rather than simply expand law enforcement authority. EPIC criticized, "government and private agencies that collect and store excessive amounts of often unnecessary personal information in systems that lack adequate privacy and security safeguards." EPIC wrote, "The best long-term approach to the problem of identity theft is to minimize the collection of personal information and to develop alternative technologies and organizational practices." EPIC also recommended the adoption of privacy enhancing technologies, data minimization, and meaningful remedies when security breaches and privacy violations occur. See EPIC Identity Theft Page. (Apr. 23, 2007)
  • EPIC Files Complaint With FTC Regarding Google/DoubleClick Merger. EPIC, CDD and US PIRG today filed a complaint (pdf) with the Federal Trade Commission (FTC), urging the Commission to open an investigation into the proposed acquisition. The groups urged the FTC to assess the ability of Google to record, analyze, track, and profile the activities of Internet users with data that is both personally identifiable and data that is not personally identifiable. The groups further urged the FTC to require Google to publicly present a plan to comply with well-established government and industry privacy standards such as the OECD Privacy Guidelines. Pending the resolution of these and other issues, EPIC encouraged the FTC to halt the acquisition. See EPIC's FTC Google Complaint page. (Apr. 20, 2007)
  • Google Proposes Doubleclick Acquisition. The Internet search giant has announced a $3.1 billion purchase of the Internet advertising company Doubleclick that would make it possible to merge Internet user search histories and Internet user web site visits. In February 2000, when a similar acquisition was proposed, EPIC filed a complaint (pdf) with the Federal Trade Commission, alleging that Doubleclick was unlawfully tracking the online activities of Internet users and combining surfing records with detailed personal profiles contained in a national marketing database. The FTC opened an investigation and Doubleclick eventually acknowledged that it was a mistake to "merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards" and backed off the plan. For more information, EPIC's Cookies Page and Double Trouble. (Apr. 17, 2007)
  • FTC Reports that Identity Theft Again Tops List of Consumer Complaints. The annual report (pdf) by the Federal Trade Commission finds identity theft complaints, for the seventh year in a row, the number one concern of US consumers, accounting for 36 percent of the 674,354 complaints received. According to the FTC, Credit card fraud (25 percent) was the most common form of reported identity theft, followed by phone or utilities fraud (16 percent), bank fraud (16 percent), and employment fraud (14 percent). In Spanish. The FTC report appears to repudiate an industry-funded study that suggested a decline in identity theft. (Feb. 8, 2007)
  • FTC Fines Choicepoint for $15 Million in Consumer Privacy Case Following EPIC Complaint. The Federal Trade Commission has announced a settlement (pdf) with data broker Choicepoint, under which the company will pay $10 million to the Commission and $5 million to redress consumer harms. It is the largest civil penalty in FTC history. The Commision accused (pdf) Choicepoint of violating consumers' privacy rights and federal law through its shoddy security measures and record-handling procedures. Choicepoint will also have to institute better security procedures and be audited by an independent security firm every two years until 2026. The settlement does not, however, resolve EPIC's 2004 complaint that Choicepoint has been selling personal information outside of Fair Credit Reporting Act protections. For more information, see EPIC's Choicepoint page. (Jan. 26, 2006)
  • FTC Fines Directv $5.3M for Telemarketing Violations. The Federal Trade Commission today announced an agreement with satellite television provider Directv where the company agreed to pay $5.3 million to settle violations of the Do-Not-Call Telemarketing Registry. Directv was using telemarketing agents to call individuals on the Do-Not-Call Registry, and these agents were "abandoning" calls, that is, initiating a call and hanging up before the consumer can answer. Today's settlement was the largest amount levied against any company for violations of the Do-Not-Call rules. For more information, see EPIC's Telemarketing Page. (Dec. 13, 2005)
  • FTC Ends Experian Bait and Switch. The Federal Trade Commission has settled a complaint against credit reporting agency Experian for offering "free" credit reports that were actually expensive credit monitoring services. The company must change representations on its Web site and disgorge almost $1 million received in the bait and switch scam. EPIC filed a complaint against Experian with the FTC in September 2003, noting that although the company is legally responsible for the accuracy and security of credit reports, Experian was stoking consumers' fears on these issues in order to sell credit monitoring services. Individuals who want their free credit report can obtain it from www.annualcreditreport.com, the site established by Congress to provide three reports per year at no cost to the consumer. For more information, see EPIC's Fair Credit Reporting Act Page. (Aug. 16, 2005)
  • EPIC Urges FTC to Investigate Online Data Brokers. In a complaint to the Federal Trade Commission, EPIC urged the agency to investigate online data brokers, companies that promise to sell phone calling records, the identities of people who own private mail boxes, and the identities associated with AOL Screen names, Match.com profiles, and Lavalife profiles. The complaint argues that this information cannot be obtained without violating federal law or regulations. Both the Washington Post and Wall Street Journal have reported on the filing. (Jul. 8, 2005)
  • Groups to FTC: Kids' Privacy Improving, but Law Needs Enforcement. Consumer privacy groups have filed comments (also available in pdf) to the Federal Trade Commission as part of its review of the Children's Online Privacy Protection Act. The groups argue that COPPA has improved children's privacy online. There is a continuing need to continue to clarify COPPA via enforcement and research into the cutting edge techniques being used to direct websites at children. Further action is still needed to address the privacy concerns raised in the offline market for children's personal information. For more information, see EPIC's page on the Children's Online Privacy Protection Act. (Jun. 29, 2005)
  • Groups Urge FTC to Reevaluate FTC's Position on Choicepoint. EPIC and a coalition of privacy and consumer groups urged (pdf) Federal Trade Commission Chair Majoras to reevaluate the agency's position on commercial data brokers, as it was "very much in line with the views of the companies testifying before Congress, which had leaked or sold data to criminals, but was very far from the views expressed by consumer and privacy groups." The groups noted that the FTC itself contributed to current information privacy problems by approving self-regulatory principles authored by companies like Choicepoint and by allowing the sale of "credit headers" without privacy protections. The groups have called upon the FTC to "correct these extraordinary policy blunders and urge the application and enforcement of Fair Information Practices (FIPs) to the commercial data broker industry..." For more information, see EPIC's Choicepoint Page. (Mar. 17, 2005)
  • EPIC Report: FTC's Market Approach Has Failed to Protect Consumer Privacy. In conjunction with the opening of EPIC's first satellite office in San Francisco, California, EPIC has released a policy report arguing that self-regulation has failed to meaningfully address consumer privacy. New technologies and invasive practices from the online world are finding their way into the offline world and have dragged down the practices of ordinary retailers. This paper argues that the FTC and Congress should reevaluate their commitment to market approaches, and empower consumers with privacy law that incorporates Fair Information Practices. (Mar. 3, 2005)
  • EPIC Submits Comments to FTC Regarding Children's Online Activity. EPIC has submitted comments (pdf) to the Federal Trade Commission on its proposal to weaken the Children's Online Privacy Protection Act's parental notice requirements. EPIC challenged the underlying assumptions presented by the FTC in its proposal to make permanent the "Sliding Scale 2005" which addresses parental communications regarding their children's online activity. For more information see EPIC's Children's Online Privacy Protection Act Page. (Feb. 14, 2005)
  • Coalition Urges FTC to Unblock Links to Free Credit Site. EPIC and five privacy and consumer groups have called upon the FTC to order credit reporting agencies to stop blocking web hyperlinks to a site that provides free credit reports. The letter argues that blocking links violates federal regulations, and that, "Whether intentional or not, every subtle and not so subtle web design tactic has been employed to make www.annualcreditreport.com difficult to find and use." EPIC has posted a webpage that circumvents the blocking. For more information, see the EPIC FCRA Page. (Dec. 7, 2004)
  • Sen. Nelson Joins EPIC in Opposing Do-Not-Call Loophole. Senator Bill Nelson (D-FL) has called upon the Federal Trade Commission to abandon a proposed loophole to the telemarketing Do-Not-Call Registry. The loophole would allow companies to send recorded messages to persons with whom they have done business. In a letter (pdf) to the FTC, Nelson warned that the loophole threatens to erode consumer privacy and flood homes with unwanted messages. EPIC and Nelson are urging the public to comment on the loophole by January 10, 2005. For more information, see the EPIC Telemarketing Page. (Dec. 7, 2004)
  • Free Credit Report Site Blocks Web Links. Nationwide credit reporting agencies are required under federal law to provide a free credit report to residents of western states online starting December 1, 2004. However, the credit reporting agencies have blocked links to the free site, citing bogus security concerns. By blocking outside links, the companies create a greater risk of phishing because consumers have to type in the URL, and the companies can steer consumers to their expensive, unnecessary credit monitoring services, avoiding their duty to provide free reports. To get your free report, paste the following URL into your browser: http://www.annualcreditreport.com. (Dec. 4, 2004)
  • FTC Fails to Enforce Children's Privacy Law Against Amazon. Responding to a formal complaint from EPIC and several other privacy organizations, Federal Trade Commission staff have recommended (pdf) that the agency not pursue Amazon.com under the Children's Privacy Protection Act despite the fact that the "Toy Store" website targets children and collects personal information. The agency relied heavily on a single sentence in the company's privacy policy, and concluded that the site wasn't covered by the privacy law. For more information, see the EPIC COPPA Page. (Nov. 24, 2004)
  • FTC Files Brief Supporting Banks Against Privacy Law. The Federal Trade Commission and other federal agencies have filed an amicus brief (pdf) supporting national banks in their bid to invalidate a strong California financial privacy law. California Attorney General lamented that, 'These agencies are supposed to protect consumers. Apparently, they prefer protecting the profits of banks." For more information, see the EPIC ABA v. Lockyer Page. (Aug. 13, 2004)
  • EPIC Urges FTC to Safeguard Consumers' Interests at RFID Workshop. In testimony to the Federal Trade Commission on radio frequency identification technologies, EPIC called for the adoption of strong privacy guidelines to protect consumers against potential abuses of the tracking technology. For more information see the EPIC RFID web Page. (June 21, 2004)
  • FTC Urged to Create Privacy-Friendly Free Credit Report Site. In comments to the Federal Trade Commission, EPIC and Professor Dan Solove argued that the agency should implement a privacy-friendly central source for free credit reports. This centralized source, which was created by Congress in recent amendments to the Fair Credit Reporting Act, should provide free credit reports without allowing its users' data to be sold by credit reporting agencies. For more information, see the EPIC FCRA Page. (Apr. 16, 2004)
  • Court Upholds Do-Not-Call Registry. The U.S. Court of Appeals for the Tenth Circuit has upheld (pdf) the Federal Trade Commission Do-Not-Call Registry against a legal challenge brought by telemarketers. The decision allows the continued operation of the list, allows the government to levy fees on telemarketers for its operation, and recognizes that the FTC has the authority to create and operate the list. For more information, see the EPIC Telemarketing and Do-Not-Call Timeline Pages. (Feb. 17, 2004)
  • FCC Will Enforce DNC Registry. FTC Appeals Do Not Call Decision. Following the issuance of an order (pdf) by the 10th Circuit Court of Appeals denying a request to delay implementation of the Do-Not-Call Registry, the Federal Communications Commission announced that it will begin enforcing it beginning Wednesday, October 1. In a related case, the Federal Trade Commission has filed a notice that it will appeal (pdf) a Colorado district court's decision (pdf) that invalidated the Registry on First Amendment grounds. Individuals can still enroll in the registry by visiting donotcall.gov. For more information, see the EPIC Telemarketing Page. (Sept 29, 2003)
  • Federal Court Blocks FTC Do-Not-Call List. A federal court in Oklahoma has found (500k pdf) that the Federal Trade Commission exceeded its authority in creating the telemarketing Do-Not-Call registry. UPDATE: The House of Representatives has ratified the FTC's authority to create a Do-Not-Call list by a 412-8 vote. Senate action is still pending. The FTC has filed a stay to delay the effective date of the court's ruling. For more information, see the EPIC Telemarketing Page. (Sept 24, 2003)
  • UPDATE - EPIC Files Complaint with Federal Trade Commission about JetBlue and Acxiom, Also Seeks Government Records on Secret Government Profiling Program. Today EPIC filed a complaint with the Commission alleging that JetBlue and Acxiom violated federal consumer law when they transferred information on passengers in violation of their own privacy policies. EPIC also filed expedited Freedom of Information Act requests with several federal agencies. Press briefing at 1 pm EDT. For more information, see the EPIC Passenger Profiling page and the European Digital Rights Initiative. (Sept 22, 2003)
  • EPIC Urges FTC To Investigate Credit Reporting Marketing Practices. In a complaint filed with the Federal Trade Commission, EPIC has urged the agency to investigate the marketing practices of credit reporting agency Experian. The company broadly disseminates advertising offers for "free" credit reports, but actually provides an expensive credit monitoring service that individuals must cancel within thirty days. Experian's advertising is not only misleading, it also stokes fears of inaccuracy in credit reports in order to drive up sales of the company's products. For more information, see the EPIC FCRA Page. (Sept 17, 2003)
  • FTC Releases Strong ID Theft Findings, Weak Recommendations. The Federal Trade Commission released a report finding that identity theft imposes billions of dollars of costs, and millions of hours of wasted time upon society. However, the agency's recommendations to address identity theft were entirely reactive, and likely to exacerbate the crime. The recommendations primarily addressed how victims can recover from the crime, including the use of uniform identity theft affidavits. Additionally, the agency recommended that Congress preempt state credit laws, which will worsen the problem by preventing states from passing strong identity theft legislation. For more information, see the EPIC Privacy and Preemption Page. (Sept 5, 2003)
  • EPIC Comments on FTC Info Workshop. In comments submitted to the Federal Trade Commission's Information Flows Workshop, EPIC argued that there is strong support for Fair Information Practices to address business uses of personal information, and that businesses have used personal information to limit consumer choice, to raise prices, and to engage in fraud. The comments also question the integrity of industry-funded academics who have employed dubious research methods and specious arguments to stymie privacy regulations. EPIC's submission included a paper by Robert Gellman on the costs of not protecting privacy, and a law review article by Elizabeth Warren discussing the integrity of industry-funded academic groups, such as the Credit Research Center. For more information, see the EPIC Consumer Profiling Page. (Jun. 18, 2003)
  • FTC Holds Spam Forum. The Federal Trade Commission (FTC) has begun a three-day conference on spam. In anticipation of the event, the FTC released a study finding that 66% of spam in their sample contained a false claim. EPIC Deputy Counsel Chris Hoofnagle is participating in the forum on a panel addressing "Falsity in Sending of Spam." For more information, see the EPIC Spam Page. (Apr. 30, 2003)
  • Coalition Alleges Children's Privacy Violation. EPIC and 11 consumer organizations alleged in a complaint to the Federal Trade Commission (FTC) today that Amazon.com has illegally collected and disclosed children's personal information in violation of the Children's Online Privacy Protection Act (COPPA). The FTC has taken action in previous cases where companies direct web sites towards children and collect the personal information of children. For more information, see the press release and EPIC COPPA Page. (Apr. 22, 2003)
  • EPIC Urges Int'l Privacy Rules for FTC. EPIC has filed comments (pdf) recommending that the FTC address the privacy implications of the international transfer of personal information in consumer fraud investigations. The FTC is considering increasing data sharing (pdf) between the FTC, foreign law enforcement authorities, consumer protection agencies, ISPs and Web hosting companies. (Feb. 20, 2003)
  • FTC Considers Policies for WHOIS Data. On February 20, the Federal Trade Commission will explore "Cooperation Between the FTC and Domain Registration Authorities" (pdf) as part of a public workshop on partnerships against cross-border fraud. The FTC is considering the expanded use of information about Internet domain name registrants for law enforcement purposes. EPIC has filed comments (pdf) recommending that the FTC address the privacy, free speech, and consumer fraud implications of requiring domain name registrants to provide personal information. (Feb. 19, 2003)
  • FTC Announces National Do-Not-Call List. The FTC will establish a national DNC list that will accommodate both Internet and toll-free phone number enrollment. The new regulations also require telemarketers to transmit caller ID information, establish new rules for the use of preacquired account number information, and prohibit "abandoned" calls. For the list to operate, Congress will have to approve the levying of charges to the telemarketing industry in order to fund the program. EPIC and a coalition of consumer and civil liberties groups submitted detailed comments in favor of a DNC list. For more information, see the EPIC Telemarketing Page. (Dec. 18, 2002)
  • FTC Pursues Student Profilers. The FTC has settled a case with three student profiling companies for collecting information from schoolchildren in violation of federal law. The companies distributed surveys to children through teachers and guidance counselors under the pretense that the information was only for college admissions. However, the companies were selling the information to commercial marketers. For more information, see the EPIC Profiling Page and the EPIC FERPA Page. (Oct. 2, 2002)
  • EPIC Urges FTC to Adopt Effective Strategy for Passport. In comments to the Federal Trade Commission, EPIC and a coalition of advocacy groups urged the agency to amend its Consent Order regarding Microsoft Passport to include greater privacy protections. The groups commented that Passport users should have access to their entire profile, that security risks justify limits on the Passport system, and that the Commission should examine other developing authentication systems, such as AOL's Screen Name Service and Project Liberty. For more information, see the EPIC Passport Page. (Sept. 9, 2002)
  • FTC Announces Action Against Microsoft Passport. The Federal Trade Commission (FTC) has settled a privacy enforcement action against Microsoft for violations associated with the Passport identification and authentication system. The agreement (PDF) requires that Microsoft establish a comprehensive information security program for Passport, and that it must not misrepresent its practices of information collection and usage. In July and August 2001, EPIC and a coalition of consumer advocacy groups filed complaints detailing the privacy risks associated with Passport. For more information, see the FTC's complaint (PDF), the EPIC Passport Investigation Page and the EPIC Sign Out of Passport Page. (Aug. 8, 2002)
  • FTC Seeks Comment on Telemarketing Sales Rule. EPIC is urging individuals to comment on the Federal Trade Commission's (FTC) proposed changes to the Telemarketing Sales Rule (TSR). The TSR regulates how telemarketers can make sales calls. More information and suggested comments are available on the EPIC Telemarketing Page. (Feb. 7, 2002)
  • FTC Proposes Telemarketing Do-Not-Call List. The Federal Trade Commission has issued proposed changes to the Telemarketing Sales Rule (TSR) that would create a national Do-Not-Call (DNC) list for individuals who wish to avoid sales calls. The proposed changes would also prohibit the use of "pre-acquired account information" in telemarketing. The FTC has encouraged individuals to comment on the changes online. (Jan, 25, 2002)
  • Eli Lilly Settles with FTC over Privacy Violation. The Federal Trade Commission (FTC) has announced a settlement in a case involving Eli Lilly's accidental disclosure of the email addresses of 700 people who were subscribed to a mental health information list. Under the terms of the settlement the company will increase existing security and create an internal program to prevent future privacy violations. However, as the disclosure was unintentional, no fines will be imposed upon the company. The public may submit comments on the settlement for 30 days, after which the Commission will decide whether to make it final. The FTC acted in response to a July 2001 ACLU complaint highlighting Eli Lilly's negligence. (Jan. 18, 2002)
  • FTC Chairman Announces Privacy Agenda. On October 4, 2001, Timothy Muris, Chairman of the Federal Trade Commission (FTC) released a new privacy agenda for the agency. The agenda calls for a 50% increase in privacy resources, improved privacy complaint handling, more protection for consumers from spam, telemarketing, pretexting and ID theft, and increased enforcement of privacy policies and existing laws such as the Fair Credit Reporting Act (FCRA) and the Children's Online Privacy Protection Act (COPPA). The Chairman concluded, however, that it was "too soon" to recommend broad-based online privacy legislation. (Oct. 4, 2001)
  • Privacy Groups File Updated Complaint at FTC, Allege Microsoft Passport Constitutes an "Unfair and Deceptive Trade Practice." At a press conference on August 15 at the National Press Club, EPIC, Junkbusters, the Center for Media Education, and other organizations announced the filing of an updated complaint (PDF) with the Federal Trade Commission containing new allegations about Microsoft Passport, and urged the Commission to open an investigation. Last month, the organization filed the original complaint (PDF) that was acknowledged (PDF) by the FTC. (Aug. 15, 2001)
  • EPIC, Privacy Groups File Complaint at the FTC Regarding Windows XP. In a formal complaint (PDF) filed with the Federal Trade Commission, privacy and consumer groups allege that Microsoft is engaging in unfair and deceptive trade practices through the information collection capabilities of its new operating system.(Jul. 26, 2001)
  • Privacy Coalition Meets with New FTC Chairman. On July 17, members of the Privacy Coalition, a non-partisan coalition of consumer, civil liberties, educational, library, labor, and family-based groups met with FTC Chairman Timothy Muris. The Coalition presented a letter to the Chairman with recommendations for future FTC action on privacy issues. (Jul. 17, 2001)
  • EPIC Urges New FTC Chair to Focus on Privacy. EPIC and other public interest groups have sent a letter to Timothy Muris, the new Federal Trade Commission Chairman, urging him to take affirmative steps to protect individuals' privacy. (May 31, 2001)

Media Coverage

Resources

Overview of FTC Statutory Authority to Protect Privacy.

Internet and Consumer Privacy

  • The Federal Trade Commission held "computer database study" to examine personal information held by private companies used to locate individuals. A Public Workshop on Consumer Information Privacy was held on June 10-13, 1997.
  • Following the P-TRAK controversy, the Senate Commerce Committee sent a letter to the FTC on the Lexis-Nexis P-TRAK problem and other "violations of consumer privacy rights."
  • The FTC also held hearings in June 1996 on privacy issues. The conference report issued in December 1996 stresses "notice, choice, security, and access" but sidesteps major on-line privacy issues -- anonymity, spamming, sale of personal data. Transcripts from the hearings, June 4-5, 1996.
  • EPIC Letter to FTC urging strong support for on-line privacy, December 14, 1995.
  • Letter from Marc Klass to FTC supporting EPIC's call for an investigation of the direct marketing industry, Feb. 2, 1996.
  • Remarks of FTC Commissioner Christine A. Varney before the Privacy & American Business Conference, Washington, D.C., October 6, 1996.
  • Comments of FTC Commissioner Robert Pitofsky on Electronic Money, September 17, 1997.
  • Remarks of FTC Commissioner Christine A. Varney before the Privacy & American Business Conference, Washington, D.C., November 1, 1995.

Credit Reports

The FTC is also empowered to enforce the Fair Credit Reporting Act.