Telecommunications Carrier’s Use of Customer Proprietary Network Information and Other Customer Information, FCC Docket No. 96-115. Urging the FCC to strongly protect the privacy of phone customers. 

The clinic filed a public comment on behalf of 12 nonprofit groups organized in defense of privacy rights under threat from potential changes to longstanding FCC policy. The comment advocated against the weakening of Consumer Proprietary Network Information (CPNI) reporting requirements, promulgated by the FCC in 2007 and enforced under the Telecommunications Act of 1996. All call metadata produced by virtue of the carrier-customer relationship (including location and recipient data) falls under the definition of CPNI, and its misuse has the potential to reveal fundamentally private information like one’s religious or socioeconomic status.

The CPNI certification requirements at issue mandated that telecommunication carriers appoint an internal officer or agent to personally certify their company has enacted the internal procedures necessary to safeguard collected CPNI. The rules also required carriers to publish an annual summary of CPNI-related complaints along with any actions taken against 3rd party data brokers of CPNI. 

The FCC requested public comments to reevaluate the compliance burden these requirements imposed on telecommunication carriers, a cost the clinic defended as integral to the security of CPNI. The comment also argued for the broader importance of strengthening CPNI protections in a rapidly changing data landscape, where the mishandling of such sensitive information threatens the privacy rights of all Americans.

Complaint and Request for Investigation of TikTok for Violations of the Children’s Online Privacy Protection Act and Implementing Rule. Urging the FTC to take action against social media company TikTok for ongoing children’s privacy violations..

The clinic filed a complaint to the Federal Trade Commission, on behalf of 19 children’s privacy groups and advocacy organizations, asking that the Commission investigate TikTok for violating its consent decree with the Commission regarding children’s privacy on its platform. TikTok (then musical.ly) had previously settled a complaint from the FTC which alleged that TikTok was in violation of the Children’s Online Privacy Protection Act. TikTok was required to pay a $5.7M fine, the largest for a COPPA violation up to that point, to be in compliance with COPPA, and to delete the personal information of children that it held on its servers. The clinic’s investigations and complaint found that TikTok was not in compliance with its consent decree, because among other things, it continued to lack mechanisms for obtaining verifiable parental consent as required by the COPPA rule, and because it had failed to delete children’s personal information from its servers.