The EPIC Privacy Suit: Our Crystal Ball Called It!

Back in January of this year, we reported on oral argument before the United States Court of Appeals for the District of Columbia Circuit in the case of the Electronic Privacy Information Center (EPIC) v. FAA.  EPIC was appealing the FAA’s refusal to promulgate privacy regulations as part of the small UAS rules.  According to EPIC, the FAA Modernization and Reform Act of 2012 required the FAA to consider privacy as part of the mandate to integrate UAS into the airspace.  The FAA countered this argument by claiming that Congress only intended the FAA to regulate the safety aspects of UAS operations, and that historically, the FAA has never regulated privacy or put limits on the use of cameras or other sensors placed on aircraft.

Based on the questioning from the Court at oral argument, we predicted that EPIC would lose its appeal.  We can now report that our prediction was correct.  Earlier this week, in a 12 page opinion, the D.C. Circuit ruled against EPIC and dismissed the case.

As it turns out, the Court did not even reach the merits of EPIC’s arguments.  Instead, the Court looked at whether EPIC could even properly bring the suit in the first place.  As a general rule, the law does not permit anyone who dislikes a particular government action to challenge it in court.  Rather, the person challenging the rule must actually be injured by the government action.

In order to meet this standing requirement, EPIC offered affidavits of two of its members who claimed that testing for drone package delivery services near where they live poses serious concerns for their privacy.  The Court noted, however, that this cannot form the basis of a challenge to the small UAS rule, as that rule does not actually permit air carrier operations such as on demand commercial package delivery.  The affidavits also complained of an injury caused by the use of autonomous drones to monitor public spaces.  The Court rejected this argument on the same grounds, as the small UAS rules do not permit such autonomous operations.  To the extent that the affidavits argued that the individuals suffered a generalized risk of a loss of privacy due to the likely increase in UAS operations, the Court found that these complaints were too “highly attenuated” to constitute an actual injury.

While EPIC’s suit was doomed by the lack of an identifiable injury, based on the way oral argument went, it appears clear that EPIC would have lost on the merits if the suit had gotten that far.  The FAA’s Congressional mandate only extends to aviation safety.  If Congress had wanted FAA to expand its oversight to privacy, it would have done so clearly and explicitly.  To the extent that privacy issues should be addressed in the future, there are other federal agencies that are far better suited to that task.

This entry was posted in General. Bookmark the permalink.

Leave a Reply