EPIC - Food Marketing Institute v. Argus Leader Media

Food Marketing Institute v. Argus Leader Media

Concerning the withholding of “confidential” information requested under the Freedom of Information Act

Background|
EPIC's Interest|
Legal Documents|
Resources|
News

DOJ Releases 2019 FOIA Litigation and Compliance Report: The Department of Justice has released the 2019 FOIA Litigation and Compliance Report which details the DOJ's efforts to encourage agency compliance with the FOIA across federal agencies. DOJ updated the Guide to the Freedom of Information Act, with recent court decisions. The DOJ report also summarizes agency guidance, including the application of Exemption 4 after the Supreme Court expanded the definition of "confidential" information. On that issue, EPIC filed an amicus brief in Food Marketing Institute v. Argus Leader Media telling the Supreme Court that access to commercial records is critical for government oversight. EPIC celebrated Sunshine Week with the 2020 EPIC FOIA Gallery, highlighting important EPIC FOIA work from the past year, including EPIC's case for the release of the Mueller Report, EPIC v. Department of Justice. (Mar. 19, 2020)
Supreme Court Limits Access to Government Records, Drops Harm Requirement for Withholding "Confidential" Information: The Supreme Court today narrowed public access to government documents by expanding the definition of "confidential" information. The 6-3 decision by Justice Gorsuch in Food Marketing Institute v. Argus Leader Media overturns four decades of caselaw which held that a company must show substantial competitive harm to block an open government request. Writing in dissent, Justice Breyer, joined by Justices Ginsburg and Sotomayor, emphasized that the FOIA required some showing of harm to prevent public release of business records collected by federal agencies. "The whole point of FOIA is to give the public access to information it cannot otherwise obtain." In an amicus brief, EPIC warned the Court that removing the harm requirement "would deprive the public, and government watchdogs such as EPIC, of access to important information about 'what the government is up to.'" EPIC described several of its own FOIA cases -- including the now defunct airport body scanner program and the ongoing probe of Facebook -- where access to commercial records made possible meaningful oversight and reform. Twenty members of the EPIC Advisory Board, distinguished experts in law, technology, and public policy, signed the amicus brief. (Jun. 24, 2019)

More top news »

DOJ Releases 2019 FOIA Litigation and Compliance Report » (Mar. 19, 2020)

The Department of Justice has released the 2019 FOIA Litigation and Compliance Report which details the DOJ's efforts to encourage agency compliance with the FOIA across federal agencies. DOJ updated the Guide to the Freedom of Information Act, with recent court decisions. The DOJ report also summarizes agency guidance, including the application of Exemption 4 after the Supreme Court expanded the definition of "confidential" information. On that issue, EPIC filed an amicus brief in Food Marketing Institute v. Argus Leader Media telling the Supreme Court that access to commercial records is critical for government oversight. EPIC celebrated Sunshine Week with the 2020 EPIC FOIA Gallery, highlighting important EPIC FOIA work from the past year, including EPIC's case for the release of the Mueller Report, EPIC v. Department of Justice.

EPIC Says FTC Responsible for Cambridge Analytica » (Sep. 3, 2019)

EPIC has filed comments on the FTC's proposed consent order with the individuals responsible for the Cambridge Analytica breach that impacted 87 million Facebook users, and possibly the outcome of the Brexit vote. EPIC wrote: "the Cambridge Analytica breach could have been prevented if the Commission had enforced the Consent Order." EPIC pointed to numerous reports that Facebook's improper sharing of personal data with third party developers was known to the FTC after the 2011 Consent Order. EPIC is currently pursuing two cases against the FTC, one to obtain the release of the complete biennial audits, the other to block the FTC's proposed settlement that would leave the Facebook's business practices largely unchanged.

Court Grants Facebook's Motion to Intervene in EPIC v. FTC » (Aug. 28, 2019)

The D.C. District Court has granted Facebook's motion to intervene in EPIC's case against the Federal Trade Commission for the release of the biennial audits required by the 2011 Consent Order. The FTC turned over redacted reports to EPIC but withheld certain information, citing a confidential business information provision. EPIC explained to the court, the "release of the full audits is crucial for Congress, the States Attorneys General, and the public to evaluate how the Cambridge Analytica breach occurred." EPIC opposed Facebook's attempt to intervene but the Court granted Facebook's motion. Before the same judge, EPIC is also pursuing intervention in United States v. Facebook, a case concerning the proposed settlement between FTC and Facebook. Facebook's answer to EPIC's complaint is due September 3, 2019. The case is EPIC v. FTC, No. 18-942 (D.D.C).

EPIC Opposes Facebook's Intervention in FOIA Case for Release of FTC's Facebook Audits » (Jun. 17, 2019)

In a recent court filing, EPIC opposed Facebook's attempt to intervene in EPIC's lawsuit against the Federal Trade Commission for the release of records concerning the company's compliance with the 2011 Consent Order. EPIC told the court hearing EPIC v. FTC that Facebook does not have standing to intervene because it has not established that it would suffer a substantial competitive harm as a result of public disclosure of the information EPIC is seeking. EPIC also explained that under the Freedom of Information Act companies do not decide for themselves what information they wish to withhold from the public. EPIC's FOIA lawsuit is one of several activities that EPIC is pursuing to hold Facebook accountable for compliance under the 2011 consent order. In a related FOIA lawsuit, EPIC determined that there are more than 26,000 complaints against Facebook currently pending at the FTC. EPIC also launched the #EnforcetheOrder campaign to pressure the FTC to take enforcement action against Facebook. The case is EPIC v. FTC, No. 18-942 (D.D.C).

EPIC to Supreme Court: Access to Commercial Records is Critical for Government Oversight » (Mar. 22, 2019)

EPIC has filed an amicus brief urging the Supreme Court to protect the public's right to access commercial information held by federal agencies. EPIC described several of its own FOIA case -- including the now defunct airport body scanner program and the ongoing probe of Facebook -- where access to commercial records made possible meaningful oversight and reform. EPIC also warned that private parties, "acting on behalf of public agencies and with public funding," often hide their activities. EPIC wrote, "The public must have access to commercial information in agency records to conduct effective oversight of government programs that implicate privacy." EPIC has filed several amicus briefs for the US Supreme Court and other federal courts in Freedom of Information Act cases. Twenty members of the EPIC Advisory Board, distinguished experts in law, technology, and public policy, signed the brief. The case is Food Marketing Institute v. Argus Leader Media, No. 18-481.

EPIC Challenges FTC's Withholdings of Records Regarding Irish Audits of Facebook » (Nov. 21, 2018)

EPIC has submitted a Freedom of Information Act appeal challenging the Federal Trade Commission's withholdings of 42 pages of records about the Irish Data Protection Commissioner's inquiries regarding Facebook's compliance with the FTC Consent Order In response to EPIC's FOIA request the FTC released 413 pages of publicly available documents but withheld 42 pages in full under several exemptions, including an exemption protecting records compiled for law enforcement purposes. In 2011 the Irish Data Protection Commissioner initiated an audit of Facebook Ireland, a subsidiary of Facebook that is responsible for data protection for all Facebook users outside of the U.S. and Canada, to assess its compliance with both Irish Data Protection law and EU law. The 2011 audit found that the safeguards for third party applications did not ensure security for user data. The 2012 re-audit found a "satisfactory response" from Facebook regarding preventing third party applications from accessing unauthorized user information. Following the 2012 re-audit, the FTC and Irish Data Protection Commissioner signed a Memorandum of Understanding to mutually assist and exchange information to protect consumer privacy. Two years after the Irish Data Protection Commissioner determined a "satisfactory response," Cambridge Analytica improperly harvested the personal data of millions of users to use for political purposes. The FTC announced that it was reopening the Facebook investigation after the Cambridge Analytica scandal but to date, there has been no announcement, no report, and no fine. EPIC is holding FTC accountable to its 2011 consent order enforcement obligations in EPIC v. FTC seeking the full release of the Facebook Assessments and related records.

EPIC v. FTC: EPIC Obtains Facebook-FTC Emails About 2011 Consent Order » (Oct. 19, 2018)

In response to EPIC's Freedom of Information Act lawsuit, the FTC has released agency emails about the 2011 Facebook Consent Order. Following a detailed complaint by EPIC and other consumer privacy organizations, the FTC issued an order in 2011 that required biennial audits of Facebook's privacy practices. EPIC pursued public release of these reports and related emails to understand why the FTC failed to bring an enforcement action action against the company. Today the FTC released to EPIC 89 emails between the FTC and Facebook from the years 2011, 2012, 2013, 2014, 2015, 2016, 2017, and 2018. In March 2018, following the Cambridge Analytica data breach, the FTC announced it was reopening the Facebook investigation. To date, there is still no announcement, no report, and no fine.

EPIC v. FTC: EPIC Obtains Emails about Facebook Audits » (Oct. 15, 2018)

In response to EPIC's Freedom of Information Act lawsuit, the FTC has released communications about Facebook's biennial audits. The audits are required by the FTC's 2011 Consent Order with Facebook, which followed a detailed complaint by EPIC and other consumer privacy organizations. The emails show that the FTC had concerns about the scope of Facebook's 2015 assessment, stating "PwC's report does not demonstrate whether and how Facebook addressed the impact of acquisitions on its Privacy Program." In other email, the FTC expressed similar concerns about the 2017 assessment and whether the audit evaluated the company's acquisitions impact on Facebook's privacy program. EPIC had previously opposed Facebook's acquisition of WhatsApp and submitted detailed comments for the FTC's review of the merger remedy process. In March 2018, following the Cambridge Analytica breach, the FTC announced it was reopening the Facebook investigation, but still there is no announcement, no report, and no fine.

EPIC FOIA: EPIC Obtains Facebook Privacy Documents » (Sep. 12, 2018)

In response to an EPIC Freedom of Information Act lawsuit, the Federal Trade Commission has released supplemental materials from the biennial Facebook audits (production 1, production 2, production 3, production 4). The audits were required by the FTC's 2011 Consent Order with Facebook. The documents include letters from the FTC to Facebook inquiring about Facebook's relationship with Instagram and telling the company that "whenever a corporate change such as an acquisition may affect the design and/or implementation of the Company's privacy program, the Company must notify the Commission." EPIC opposed Facebook's acquisition of WhatsApp and submitted comments for the FTC's review of the merger remedy process. FTC reopened its investigation into Facebook in March after EPIC, consumer groups urged action. The UK Information Commissioner completed its initial investigation, published report, and issued a fine in July. The FTC begins hearings this week on competition and consumer protection in the 21st century.

In EPIC FOIA Case, FTC Releases New Information from Facebook Audits » (Jun. 26, 2018)

In response to an EPIC Freedom of Information Act lawsuit, the Federal Trade Commission today released materials, previously withheld, from the biennial Facebook audits. The audits were required by the FTC's 2011 Consent Order with Facebook. Heavily redacted versions of those audits were previously available on the FTC's website. But in March, following the Cambridge Analytica breach, EPIC filed an urgent FOIA request for the complete 2013, 2015, 2017 Facebook audits. (The 2017 audit covers the period the Cambridge Analytica breach.) In a detailed letter to Congress in April, EPIC explained that the FTC failed to review the reports and failed to enforce the 2011 consent order against Facebook. The documents released today to EPIC contain information that was not previously available to the public. EPIC is currently reviewing the documents obtained from the FTC.

FTC Commissioner Chopra: "FTC orders are not suggestions" » (May. 14, 2018)

Incoming Federal Trade Commissioner Rohit Chopra issued a memo today warning that the FTC will enforce its consent orders against companies that violate the law. "FTC orders are not suggestions," said Chopra. Chopra said the FTC should seek structural remedies as well as monetary fines. EPIC has repeatedly told the FTC to enforce its orders, and even sued the agency, EPIC v. FTC, for failing to enforce the order against Google following the Buzz fiasco. More recently, EPIC and a coalition of consumer groups told the FTC that the Cambridge Analytica breach could have been avoided had FTC enforced the 2011 Consent Order against Facebook. The FTC has since confirmed that it is investigating Facebook for the breach. According to the former Acting Director of the FTC's Bureau of Consumer Protection, "Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook."

Dutch Privacy Officials Find Google Violates National Privacy Law » (Dec. 16, 2014)

The Dutch Data Protection Authority has found that Google's 2012 privacy policy change violates Dutch data protection law. Google's policy change, which EPIC also opposed, consolidated user data across more than 60 separate services and gave Google the ability to track and profile users in extraordinary detail. The Dutch DPA has ordered Google to: (1) obtain "unambiguous consent of users for the combining of personal data" from different Google services; (2) describe in detail the personal data are used by each Google service; and (3) clearly explain to consumers that YouTube is a Google service. Google must comply with the Dutch officials' order by February 2015 or face $19 million in fines. In issuing the decision, Jacob Kohnstamm, chairman of the Dutch DPA, stated, "Google catches us in an invisible web of our personal data without telling us and without asking us for our consent. This has been ongoing since 2012 and we hope our patience will no longer be tested." In 2012, EPIC sued the Federal Trade Commission to block Google's 2012 policy change, which violated a 2011 FTC Consent Order. That Consent Order followed an extensive EPIC FTC Complaint and findings by the FTC concerning Google's business practices. For more information, see EPIC: EPIC v. FTC (Enforcement of the Google Consent Order), EPIC: In re Google Buzz, and EPIC: Federal Trade Commission.

Privacy Lawsuit Against Google for Policy Change Moves Forward » (Jul. 22, 2014)

A federal court in California has ruled that a class action privacy lawsuit against Google can continue. The plaintiffs are Android users who sued Google in 2012 after the company consolidated user data across many separate services, including Gmail, Google+, and Youtube. They allege that Google concealed a plan to modify its privacy policies and also that Google violated the privacy policy for GooglePlay. After dismissing similar claims, the court held that the case may now go forward. In 2012, EPIC objected to the same change in Google's policy and urged the Federal Trade Commission to block the change because of a 2011 consent order in which Google agreed not to combine user data without user consent. After the FTC failed to act, EPIC sued the agency. Members of Congress, state Attorneys General, European Justice Officials, technical experts, and IT managers in government and the private sector also expressed concern about the 2012 Google policy change. For more information, see EPIC: EPIC v. FTC (Google Consent Order) and EPIC: FTC.

European Privacy Authorities Give Google 3 Months to Comply with Law » (Jun. 20, 2013)

European data protection authorities have ordered Google to comply with data protection law or face fines. The French Data Protection Authority, which led the investigation into Google's consolidation of user data, said that "Google has not implemented any significant compliance measures" and gave the company three months to comply with its requirements. The decision follows an investigation triggered by the collapse of the Google privacy policy in March 2012, which allowed the company to combine user data across 60 Internet services to create detailed profiles on Internet users. Last year, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google that would have prohibited Google’s changes in business practices. Google's consolidation also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order.

FTC Releases 2012 Performance Report » (Nov. 20, 2012)

The Federal Trade Commission has released its performance and accountability report for 2012. The report summarizes the agency’s activities, shows how the agency has managed its resources, and explains how it plans to address future changes. Regarding consumer privacy, the agency cites the release of a new privacy report, the adoption of a consent order with Facebook, and a $22.5 million fine against Google as its primary accomplishments . The Commission reported that it acted on 90.6% of all consumer complaints that it received, though it did not indicate how many of these actions concerned consumer privacy. The agency’s goals for the coming year include “promot[ing] stronger privacy protections through policy initiatives on a range of topics such as data brokers, mobile devices, and comprehensive online data collection.” Earlier this year, EPIC brought suit against the Federal Trade Commission for its failure to enforce a 2011 consent order. EPIC has also routinely urged the FTC to take account of public comments when the agencies sets out proposed settlements and asks for public comments. For more information, see EPIC: Federal Trade Commission and EPIC: EPIC v. FTC (Enforcement of Google Consent Order).

French Data Protection Authority Sends New Questions to Google » (May. 25, 2012)

The CNIL, the French data protection authority, has sent Google new questions regarding its privacy practices after finding the company's previous response was “often incomplete or approximate." The French agency is acting on behalf of governments across Europe that have raised questions about recent changes in Google's business practices. "The fact that Google's position on personal data processings is still unclear on many points after an in-depth exchange with the CNIL raises additional concerns about Google's adequate information of its users," the letter says. Google executives met with the CNIL on Wednesday, but the data protection authority said that many of its concerns had still not been addressed. Google’s decision to consolidate user data from over 60 products and services has also been criticized in the US by Members of Congress, state Attorneys General, and IT managers in government and the private sector. EPIC brought an enforcement action to block the March 1, 2012 changes. For more information, see EPIC: Enforcement of Google Consent Order.

Pew Study: Search Engine Users Anxious About Collection of Personal Information » (Mar. 9, 2012)

A Pew study found that users of search engines were pleased with the quality of search results but opposed targeted advertising and search results, and were generally anxious about the collection of personal information by search engines. Specifically, 73 percent of those surveyed were opposed to search engines tracking their searches, and 68 percent opposed behavioral advertising. 83 percent of respondents reported using Google to conduct searches. Recently, Google began combining user data gathered from more than sixty Google products and services—including Google search--to create a single, comprehensive profile for each user. For more information, see EPIC: Search Engine Privacy and EPIC: EPIC v. FTC.

European Justice Minister Says Google Now in Violation of EU Law » (Mar. 1, 2012)

European Justice Minister Vivian Reding said today that Google's March 1 changes to its terms of service violate European Union law "in numerous respects." Commissioner Reding pointed to the failure of the company to obtain user consent, the lack of transparency, and the fact that most users do not read privacy policies. European privacy officials recently concluded that the changes do not comply with the European Union Data Protection Directive and asked the company to suspend its planned changes. In the US, EPIC has urged a federal court to require the Federal Trade Commission to determine whether Google's changes changes violate a 2011 Consent Order. The court denied the motion. The case is now on appeal. For more information, see EPIC v. FTC (Google Consent Order).

EU and US Consumer Groups to Google: "This plan is a mistake" » (Feb. 29, 2012)

The Transatlantic Consumer Dialogue, a coalition of leading consumer organizations in North America and Europe, today urged Google CEO Larry Page to drop the plan to combine user data on March 1. Citing the pending changes to Google's terms of service, the groups said "It is both unfair and unwise for you to 'change the terms of the bargain' as you propose to do." TACD said "consumers have relied on your policies and your terms of service in choosing your products." Late Friday, EPIC filed an emergency appeal with the DC Circuit of Appeals in an attempt to force the Federal Trade Commission to take action prior to March 1. For more information, see EPIC: EPIC v. FTC (Google Consent Order).

FTC Chairman: Google Users Face a "brutal choice" -- Europeans: "Google's new policy does not meet the requirements of the European Directive on Data Protection." » (Feb. 28, 2012)

Pressure is building as the March 1 deadline for Google's planned changes in user privacy approaches. In an interview with C-Span, the Chairman of the Federal Trade Commission said that users of Google services face a "brutal" choice." The head of the French Data Protection Agency, on behalf of European privacy agencies, has warned that Google's proposed change violates European Union privacy law. She is reiterated the recommendation of Europe's Justice Minister that Google suspend the change. In Washington, DC, EPIC has filed an emergency appeal with the DC Circuit Court of Appeals to force the FTC to enforce the 2011 consent order against Google. For more information, see EPIC v. FTC (Google Consent Order).

EPIC Appeals Court Ruling in Google Privacy Case » (Feb. 27, 2012)

Within hours after a federal court in Washington, DC ruled that it could not require the Federal Trade Commission to enforce a consent order against Google, EPIC filed an emergency appeal with the Court Appeals for the DC Circuit. EPIC has asked the appellate court to overturn the lower court decision before March 1, when Google will change its terms of service and consolidate user data without consent. For more information, see EPIC - EPIC v. FTC (Google Consent Order).

Privacy Groups to Rep. Bono-Mack: "Hold *Public* Hearings on Google Privacy Changes" » (Feb. 24, 2012)

Five privacy organizations, including EPIC, wrote today to Rep. Bono-Mack to urge the Chairwoman of a powerful Congressional committee to hold a public hearing on Google's proposed changes in business practices that will take effect March 1. Rep. Bono-Mack has held closed-door meetings with the Internet giant, but so far has scheduled no public hearings on the plan to consolidate user data, which EPIC alleges violates a 2011 Consent Order with the Federal Trade Commission. The consumer groups also asked the Congresswoman to urge Google to suspend its plan pending an investigation. They said there would be "overwhelming public support for this action" and cited recent statements from Members of Congress, Attorneys General, European Justice Officials, the President, technical experts, and IT managers in government and the private sector. For more information see EPIC: EPIC v. FTC.

Judge Rules that Courts Lacks Jurisdiction over FTC, Acknowledges "Serious Concerns" with Google Privacy Changes » (Feb. 24, 2012)

A federal court today dismissed EPIC's lawsuit against the FTC, because the "decision to enforce the Consent Order is committed to agency discretion and is not subject to judicial review." However, the Judge also said "the Court has not reached the question of whether the new policies would violate the consent order or if they would be contrary to any other legal requirements." And she said "the FTC, which has advised the Court that the matter is under review, may ultimately decide to institute an enforcement action." EPIC will appeal the decision on judicial review, asking the DC federal appeals court to rule that courts can require federal agencies to enforce final orders. For more, see EPIC: EPIC v. FTC (Google Consent Order).

State Attorneys General Cite Privacy Risks to Android Users, Demand Meeting with Google » (Feb. 22, 2012)

Attorneys general from 36 states and territories sent a letter to Google raising new questions about the plan to consolidate user data on March 1. "The new policy forces consumers to allow information across all of these products to be shared, without giving them the ability to opt out.," the letter says. The state AGs also say "this invasion of privacy is virtually impossible to escape for the nation's Android-powered smartphone users, who comprise nearly 50% of the national smartphone market. For these consumers, avoiding Google's privacy policy change may mean buying an entirely new phone at great personal expense." The AGs point out that Google told Android users "We will not reduce your rights under this Privacy Policy without your explicit consent." Last week, EPIC filed a lawsuit to force the Federal Trade Commission to require Google to honor its previous commitments to Google users. EPIC has alleged that the proposed changes in the company's practices violate a 2011 Consent Order. For more information, see EPIC: EPIC v. FTC (Google Consent Order).

EPIC Urges Federal Court To Hold FTC Accountable for Failure to Enforce Google Consent Order » (Feb. 21, 2012)

In a reply brief filed today in Washington, DC, EPIC said that the Federal Trade Commission's failure to enforce the Consent Order against Google prior to March 1 would cause "irreparable injury." EPIC cited Google's plans to combine user data without consent, and pointed to numerous cases that establish the need for the Court to assess the FTC's failure to act. Dismissing arguments asserted by the government that "FTC enforcement decisions are not subject to judicial review," EPIC said that Congress has clearly told the Federal Trade Commission to enforce its final orders. And in response to a claim that EPIC's request for action by March 1 is "arbitrary," EPIC wrote "If the government is unaware that Google plans to make a substantial change in its business practices on March 1, 2012, it should turn on a computer connected to the Internet." For more information, see EPIC, EPIC v. FTC (Google Consent Order).

FTC Files Opposition / Motion to Dismiss in EPIC v FTC » (Feb. 17, 2012)

The Federal Trade Commission today filed an opposition and a motion to dismiss in response to EPIC's complaint to compel the agency to enforce the October 2011 Consent Order against Google. The government stated that EPIC would "deprive the Commission of the discretion to exercise its enforcement authority." The government also charged that EPIC's lawsuit is "completely baseless." The papers were filed in federal District Court on the same day that the Wall Street Journal reported that Google had subverted the privacy settings of millions of users of the Internet browser software Safari. For more information see: EPIC: EPIC v. FTC (Google Consent Order).

"FOIA Matters" - EPIC Obtains Google Privacy Compliance Report » (Feb. 17, 2012)

As the result of a Freedom of Information Act request to the Federal Trade Commission, EPIC has obtained a full copy of Google's first Privacy Compliance Report. Last year, spurred by a complaint pursued by EPIC, the FTC reached a settlement with Google and required the company to file regular reports with the Commission detailing its steps to comply with the Consent order. However, the report obtained by EPIC raises new questions about the company's efforts to safeguard user privacy. EPIC has recently filed a lawsuit against the FTC to compel the agency to enforce the Consent Order. For more information see: EPIC: EPIC v. FTC (Google Consent Order) and EPIC: In re Google Buzz.

EPIC to FTC: Enforce the Google Consent Order » (Feb. 17, 2012)

Today EPIC wrote to the Federal Trade Commission urging it to enforce the consent order with Google in light of a recent Wall Street Journal article based on research from Stanford's Jonathan Mayer that described how Google had been circumventing the privacy settings of Safari users despite Google's promise to respect such settings. EPIC said that Google "took elaborate measures to circumvent the Safari privacy safeguards, and it benefited from the misrepresentations by the commercial value it surreptitiously obtained." EPIC has filed a lawsuit to force the FTC to require Google to comply with the Consent Order to protect the privacy interests of Google users. The FTC's Response to the EPIC motion is due February 17; EPIC's reply is due February 21, 2012. For more information, see EPIC: EPIC v. FTC (Google Consent Order).

Google Report Raises New Questions About Compliance with Consent Order » (Feb. 10, 2012)

The Google privacy compliance report, made public today, raises new questions about the company's failure to comply with an FTC Consent Order. The Order required Google to answer detailed questions about how it protects the personal information of Google users. But Google chose not to answer many of the questions. Most significantly, the company did not explain to the Commission the impact on user privacy of the proposed changes that will take place on March 1. EPIC has filed a lawsuit to force the Federal Trade Commission to require Google to comply with the Consent Order to protect the privacy interests of Google users. For more information, see EPIC v. FTC (Google Consent Order).

Federal Court Grants Accelerated Briefing Schedule in EPIC v. FTC » (Feb. 9, 2012)

In response to EPIC's complaint and motion to compel the Federal Trade Commission to enforce a consent order against Google, a federal district court judge has ordered an accelerated briefing schedule. The FTC's Response to the EPIC briefs is due February 17, EPIC's reply is due February 21, 2012. The Court's deadlines reflect Google's imminent, substantial changes to the company's business practices. Google intends to consolidate the personal data of Google users across 60 services on March 1. EPIC contends that these changes constitute a violation of the consent order with the Federal Trade Commission. For more information, see EPIC v. FTC (Google Consent Order).

Summary

The Food Marketing Institute challenges the Eighth Circuit's decision to require the USDA to release data on SNAP redemptions at individual stores. The Food Marketing Institute intervened after the USDA declined to appeal the district court's decision that Exemption 4 did not apply because "any potential competitive harm from the release of the requested SNAP data is speculative at best." The Eighth Circuit adopted D.C. Circuit's approach to whether information is "confidential" from National Parks & Conservation Association v. Morton, 498 F.2d 765, 770 (D.C. Cir. 1974). Under that test, Exemption 4's applicability turns on whether disclosure would likely cause substantial competitive harm. The Eighth Circuit found that there would be no substantial harm because the data would only cause a "marginal improvement in accuracy" of competitors' models. The court also said that a "likelihood of commercial usefulness" was "not the same as a likelihood of substantial competitive harm." Food Marketing filed a petition for review at the U.S. Supreme Court. The petition was granted.

Background

Factual Background

The Supplemental Nutrition Assistance Program (SNAP) is a federal program that provides nutritious food to low-income families. The U.S. Department of Agriculture (USDA) receives and maintains a record when a SNAP recipient makes an eligible purchase at a participating store.

The USDA releases monthly compilations of SNAP redemption data. The public can access national, state, and congressional-district level SNAP cost data on the USDA's website. The USDA, however, does not disclose the amount of SNAP redemptions at individual stores.

In 2011, respondent Argus Leader, a newspaper in Sioux Falls, North Dakota, filed a Freedom of Information Act request for SNAP data. Argus Leader requested the store identifier, name, address, store type, and total SNAP sales on an annual sales basis for 2005 to 2010. The USDA released most of the requested information but withheld the store-level SNAP sales data.

Legal Background

The Freedom of Information Act (FOIA) allows the public to request and receive information from executive branch agencies. The law presumes that information is releasable. However, there are nine exemptions. Exemption 4 covers (1) trade secrets, and (2) information that is (a) commercial or financial, (b) obtained from a person, and (c) privileged or confidential.

This case involves the proper test for when information is "confidential." Until 1974, courts had read "confidential" as information a company held as such, a subjective standard. In 1974, the D.C. Circuit adopted an objective test that requires showing substantial competitive harm in National Parks & Conservation Association v. Morton, 498 F.2d 765, 770 (D.C. Cir. 1974). In subsequent decisions, the D.C. Circuit has reaffirmed the National Parks standard. Several circuits, including the Eighth Circuit, have adopted the National Parks substantial competitive harm test.

Procedural History

U.S. District Court for the District of South Dakota

After the USDA refused to provide the requested information, Argus Leader brought suit. The USDA claimed that the store-level SNAP data was protected under the Exemption 4 as "confidential."

The District Court applied the D.C. Circuit's substantial competitive harm test. At trial, the USDA proposed two theories for substantial competitive harm: competitors could use the SNAP data to lure away clients and high SNAP sales could stigmatize stores. The court rejected both, finding that any potential competitive harm was speculative because the amount of information released is marginal compared to the data already available for competitor's models.

U.S. Court of Appeals for the Eighth Circuit

When the USDA declined to appeal the trial court's decision, a trade group, Food Marketing Institute, which represents grocery stores, appealed the case on the USDA's behalf. The Eighth Circuit found that there would be no substantial harm because the data would only cause a "marginal improvement in accuracy" of competitors' models. The court said that a "likelihood of commercial usefulness" was "not the same as a likelihood of substantial competitive harm." The court also found that there was no evidence stores would be stigmatized or stop accepting SNAP participants if the information were released.

In a footnote, the Eighth Circuit rejected Food Marketing's argument that "confidential" should be given its "dictionary definition." The Eighth Circuit, quoting the district court, found this argument precluded by "the Supreme Court's admonition that FOIA exemptions 'must be narrowly construed.'" The Eighth Circuit added that "Under FMI's reading, Exemption 4 would swallow FOIA nearly whole."

U.S. Supreme Court

The Supreme Court granted certiorari on two questions:

Whether the statutory term "confidential" in the Freedom of Information Act's Exemption 4 bears its ordinary meaning, thus requiring the government to withhold all "commercial or financial information" that is confidentially held and not publicly disseminated—regardless of whether a party establishes substantial competitive harm from disclosure—which would resolve at least five circuit splits.
Whether, in the alternative, if the Supreme Court retains the substantial-competitive-harm test, that test is satisfied when the requested information could be potentially useful to a competitor (as the U.S. Courts of Appeals for the 1st and 10th Circuits have held) or whether the party opposing disclosure must establish with near certainty a defined competitive harm like lost market share (as the U.S. Courts of Appeals for the 9th and District of Columbia Circuits have held, and as the U.S. Court of Appeals for the 8th Circuit required here).

EPIC's Interest

This case bears directly on EPIC's case against the FTC for Facebook assessments, EPIC v. FTC. EPIC seeks documents from the FTC that Facebook claims are "confidential" and thus should be withheld from the public.