You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

In Facebook Case, Ninth Circuit Ignores Privacy Risks of Visits to Healthcare Websites

In a surprisingly brief opinion, the Ninth Circuit has upheld a decision to dismiss a privacy suit against Facebook concerning the collection of sensitive medical data. In Smith v. Facebook, users alleged that the company tracked their visits to healthcare websites, in violation of the websites' explicit privacy policies. In a little less than five pages, the Ninth Circuit decided that Facebook was not bound by the promises made not to disclose users' data to Facebook because Facebook has a provision, buried deep in its own policy, that allows Facebook to secretly collect such data. The court actually wrote that searches for medical information are not sensitive because the "data show only that Plaintiffs searched and viewed publicly available health information..." EPIC filed an amicus brief in the case, arguing that "consent is not an acid rinse that dissolves common sense." In 2011 Facebook settled charges with the FTC that it routinely changed the privacy settings of users to obtain sensitive personal data. The consent order resulted from detailed complaints brought by EPIC and several other consumer organizations.


« EPIC to DHS Privacy Advisory Committee: End Facial Recognition | Main | Equifax Breach "Entirely Preventable": House Oversight Committee »

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security