In the wake of October's massive distributed denial of service attack, two members of Congress have sent a letter to Federal Trade Commission Chairwoman Edith Ramirez urging the FTC to protect consumers from insecure Internet of Things devices. Rep. Frank Pallone, Jr. and Rep. Jan Schakowsky, senior members of the House Energy and Commerce Committee, wrote that the FTC should "immediately use all the tools at its disposal to ensure that manufacturers of IoT devices implement strong security measures." EPIC is at the forefront of policy work on the Internet of Things, recommending safeguards for connected cars, "smart homes," 'consumer products, and "always on" devices. EPIC recently urged the federal government to establish legal requirements to promote Privacy Enhancing Technologies, limit user tracking, minimize data collection, and "ensure security in both design and operation of Internet-connected devices."
La Quadrature du Net, a French privacy organization, has launched a legal challenge to “Privacy Shield,” a controversial framework for the transfer of personal data from Europe to the United States. This lawsuit follows a similar challenge brought by the Irish group Digital Rights Ireland. "Privacy Shield" was the response of EU and US politicians after the European Court of Justice determined that there was insufficient legal protection for transatlantic data transfers. NGOs in the United States and Europe had urged the adoption of a comprehensive framework for data protection and said that Privacy Shield was not adequate. EPIC also testified before Congress on the need to update US privacy law. EPIC is currently participating as amicus curiae in related case brought by privacy advocate Max Schrems.
The Article 29 Working Party, an expert group of European privacy officials, is pursuing investigations of WhatsApp and Yahoo. In a letter to Facebook, the Working Party stated that the decision to transfer confidential user data from WhatsApp to Facebook has raised "serious concerns," and urged WhatApp to halt data transfers pending completion of the investigation. Separately, the group urged Yahoo to provide information about the 2014 data breach which compromised 500 million accounts. The Article 29 also pressed the company to explain why it scanned customer emails for US intelligence agencies. EPIC recently filed a complaint with the FTC regarding WhatApp, arguing that it violated a 2014 and agreement and urging the Commission to block the transfer. EPIC has also testified before Congress about the need to adopt data breach legislation and launched the Data Protection 2016 campaign.
