In a surprisingly brief opinion, the Ninth Circuit has upheld a decision to dismiss a privacy suit against Facebook concerning the collection of sensitive medical data. In Smith v. Facebook, users alleged that the company tracked their visits to healthcare websites, in violation of the websites' explicit privacy policies. In a little less than five pages, the Ninth Circuit decided that Facebook was not bound by the promises made not to disclose users' data to Facebook because Facebook has a provision, buried deep in its own policy, that allows Facebook to secretly collect such data. The court actually wrote that searches for medical information are not sensitive because the "data show only that Plaintiffs searched and viewed publicly available health information..." EPIC filed an amicus brief in the case, arguing that "consent is not an acid rinse that dissolves common sense." In 2011 Facebook settled charges with the FTC that it routinely changed the privacy settings of users to obtain sensitive personal data. The consent order resulted from detailed complaints brought by EPIC and several other consumer organizations.
In response to a public notice by the Data Privacy and Integrity Advisory Committee, EPIC submitted comments urging the CBP to halt implementation of the biometric border program. EPIC stressed the need for federal regulation to safeguard privacy and prevent the misuse of facial recognition technology. EPIC called for a public rulemaking for the federal entry/exit program. EPIC also criticized the Committee's draft recommendations for facial recognition. EPIC said that the transfer of personal data from the State Department to the CBP was unlawful and that the opt-opt procedures were ignored in practice. Documents EPIC previously obtained in a FOIA lawsuit against CBP revealed that facial scanning did not perform operational matching at a "satisfactory" level.
On December 10th, EPIC celebrates Human Rights Day, which commemorates the United Nations adoption of the Universal Declaration on Human Rights, the most widely translated text in the world. This year marks the 70th Anniversary of the UDHR, which was adopted on December 10, 1948. EPIC has called for the fundamental right to privacy (Article 12 of the UDHR) to be reaffirmed in the digital age. Article 12 states "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks." NGOs and Privacy experts have also expressed support for the Madrid Declaration, a substantial document that promotes international instruments for privacy protection, identifies new challenges, and calls for concrete actions. The complete text of the UDHR can be found in the 2018 EPIC Privacy Law Sourcebook, available at the EPIC Bookstore.
