Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 1 of 15

UNITED STATES DISTRICT COURT

FOR THE WESTERN DISTRICT OF TEXAS
AUSTIN DIVISION

INFORMED CONSENT ACTION NETWORK,

Plaintiff,
-against- Civil Action No. 1:21-cv-1179

CENTERS FOR DISEASE CONTROL AND

PREVENTION AND HEALTH AND HUMAN
SERVICES,

Defendants.

COMPLAINT FOR DECLARATORY AND INJUNCTIVE RELIEF

Plaintiff, as for its Complaint regarding Freedom of Information Act requests against the

above-captioned Defendants, alleges as follows:

INTRODUCTION

1. Between December 2020 and February 2021, the Food and Drug Administration

(“FDA”) issued Emergency Use Authorizations for three COVID-19 vaccines, 1 one of which

subsequently received FDA approval in August 2021. 2 While the FDA approved these vaccines,

the Centers for Disease Control and Prevention (“CDC”), an agency within the Department of

Health and Human Services (“HHS”), is charged with monitoring the safety of all vaccines,

including the COVID-19 vaccines approved by the FDA. The CDC claims that these “COVID-

1
https://www.fda.gov/news-events/press-announcements/fda-takes-key-action-fight-against-covid-19-issuing-
emergency-use-authorization-first-covid-19 (last visited December 23, 2021); https://www.fda.gov/news-
events/press-announcements/fda-takes-additional-action-fight-against-covid-19-issuing-emergency-use-
authorization-second-covid (last visited December 23, 2021); https://www.fda.gov/news-events/press-
announcements/fda-issues-emergency-use-authorization-third-covid-19-vaccine (last visited December 23, 2021).
2
https://www.fda.gov/news-events/press-announcements/fda-approves-first-covid-19-vaccine (last visited December
23, 2021).

Page 1 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 2 of 15

19 vaccines are being administered under the most intensive vaccine safety monitoring effort

in U.S. history[.]” 3

2. The federal government has mandated that millions of Americans receive these

vaccine products. HHS has also given pharmaceutical companies complete immunity for injuries

caused by those products. Mandating that millions of Americans inject a product for which they

cannot hold the manufacturer liable if the product injures them demands complete transparency,

especially when it comes to releasing the data underlying the product’s safety. FOIA exists

precisely so that the American people can obtain transparency and, in this case, obtain the data

which supports the CDC’s claims to intensive safety monitoring.

3. As for the pre-licensure data submitted by the pharmaceutical companies, the FDA

took the position in another FOIA action that, because it needs to deidentify that data, it needs at

least 75 years to produce the data to the public. 4 As for the post-licensure data, the FDA and CDC

have said that their prior primary existing safety monitoring program was incapable of determining

causation and were otherwise unreliable. The CDC has, however, deployed a new safety

monitoring system for the COVID-19 vaccines, v-safe, and the data within v-safe is already

available in deidentified form and could be forthwith released to the public.

4. V-safe is a smartphone app that allows vaccine recipients to “tell CDC about any

side effects after getting the COVID-19 vaccine.” 5 The purpose of the app “is to rapidly

characterize the safety profile of COVID-19 vaccines when given outside a clinical trial setting

3
https://www.cdc.gov/vaccines/acip/meetings/downloads/slides-2021-10-20-21/05-COVID-Hause-508.pdf (last
visited December 27, 2021).
4
See Public Health and Medical Professionals for Transparency v. Food and Drug Administration, 4:21-cv-01056-P
(N.D. Tex.), ECF Nos. 29 and 31.
5
https://www.cdc.gov/coronavirus/2019-ncov/vaccines/safety/vsafe.html (last visited December 23, 2021).

Page 2 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 3 of 15

and to detect and evaluate clinically important adverse events and safety issues that might impact

policy or regulatory decisions.” 6

5. Data submitted to v-safe is “collected, managed, and housed on a secure server by

Oracle,” 7 a private computer technology company. Although the CDC has “access to the

individualized survey data,” Oracle can only access “aggregate deidentified data for reporting.” 8

6. Plaintiff asked through its instant FOIA requests that the CDC produce the

deidentified data from the v-safe program in the same form that Oracle can access. Plaintiff

believes that to assure transparency regarding the government’s claim that COVID-19 vaccines

are “safe and effective,” 9 the public should have immediate access to all v-safe data, in deidentified

form, and therefore, once the CDC produces that data, Plaintiff intends to make it publicly

available. Despite the fact that the deidentified data already exists, it is already in the hands of a

private company, and the CDC has never objected to its production, the CDC has so far failed to

produce it to Plaintiff or to the American public. The federal government is thereby not only

failing to provide the transparency necessary to earn the American people’s trust regarding these

vaccines but is also failing to comply with FOIA.

7. Plaintiff Informed Consent Action Network (“Plaintiff”) is a non-profit

organization that advocates for informed consent and full transparency and disseminates

6
https://www.cdc.gov/vaccinesafety/pdf/V-safe-Protocol-508.pdf (last visited December 20, 2021).
7
https://www.cdc.gov/vaccinesafety/pdf/V-safe-Protocol-508.pdf p. 8 (last visited December 23, 2021).
8
https://www.cdc.gov/vaccinesafety/pdf/V-safe-Protocol-508.pdf p. 9 (last visited December 23, 2021) (emphasis
added).
9
See, e.g., https://www.fda.gov/media/146269/download (materials for February 26, 2021 meeting of the Vaccines
and Related Biological Products Advisory Committee (“VRBPAC”) stating “[r]eactogenicity profiles of mRNA
vaccines in v-safe monitoring are consistent with what was observed in clinical trials”) (last visited December 8,
2021); https://www.fda.gov/media/150054/download (materials from June 10, 2021 meeting of VRBPAC stating
“[i]nitial safety findings from Pfizer-BioNTech COVID-19 vaccination of 12-15-year-olds from v-safe and VAERS
surveillance are consistent with results from pre-authorization clinical trials”); https://www.cdc.gov/vaccines/acip/
meetings/downloads/slides-2021-10-20-21/05-COVID-Hause-508.pdf (materials from October 21, 2021 meeting of
Advisory Committee on Immunization Practices stating “[n]o unexpected patterns of adverse events were identified”).

Page 3 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 4 of 15

information necessary for same with regard to all medical interventions. It intends to make all v-

safe data immediately available to the public so that independent scientists can immediately

analyze that data. It believes that we need all hands on deck, both inside and outside the

government, to address serious and ongoing issues with the vaccine program, including waning

immunity, adverse reactions, etc. Locking out independent scientists from addressing these issues

is dangerous, irresponsible, unethical, and illegal.

8. To acquire the v-safe data, Plaintiff made three requests to the CDC pursuant to the

Freedom of Information Act (5 U.S.C. § 552, as amended) (“FOIA”) seeking information

regarding v-safe.

9. Plaintiff’s first request was for “[a]ll de-identified data submitted to v-safe since

January 1, 2020” (the “First Request”). The CDC issued a final response acknowledging that the

data exists, but it did not produce any data, despite the fact that Oracle has aggregate, de-identified

data, because “information in the app is not deidentified.” Plaintiff appealed the CDC’s response

to HHS, including pointing out to the CDC that its own documentation regarding v-safe explains

that “Oracle staff will not be able to view any individualized survey data (including variables with

personally identifiable information [PII]) but, rather, will have access to aggregate deidentified data

for reporting,” and hence that deidentified data should be produced to the public forthwith. Neither

the CDC nor HHS has substantively responded to that appeal.

10. Plaintiff’s second request was for “[a]ll documents concerning v-safe data

including but not limited to policies, procedures, processes related to v-safe, and communications

regarding same” (the “Second Request”). The CDC produced some documents to Plaintiff, but

notably failed to produce any communications. Plaintiff therefore submitted an administrative

appeal to HHS. Neither the CDC nor HHS has substantively responded to that appeal.

Page 4 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 5 of 15

11. Plaintiff’s third request was submitted in order to clarify any misunderstanding

about the First Request and sought “all data submitted to v-safe and subsequently deidentified . . .

from January 1, 2020 forward” (the “Third Request”). Again, despite the fact that Oracle has this

de-identified data, the CDC has not produced any documents in response to the Third Request and

instead administratively closed it.

12. Plaintiff brings this action to challenge the CDC and HHS’ failure to produce all

responsive documents, the CDC and HHS’ failure to timely respond to its appeals, and the CDC’s

administrative closure of the Third Request.

PARTIES

13. Plaintiff is a not-for-profit organization with an office located at 2025 Guadalupe

Street, Suite 260, Austin, Texas 78705.

14. The CDC is an agency within the Executive Branch of the United States

Government, organized within HHS. The CDC is an agency within the meaning of 5 U.S.C.

§ 552(f).

15. HHS is an agency within the Executive Branch of the United States Government.

HHS is an agency within the meaning of 5 U.S.C. § 552(f).

JURISDICTION AND VENUE

16. This Court has jurisdiction over this action pursuant to 5 U.S.C. § 552(a)(4)(B) and

28 U.S.C. § 1331. Venue is proper within this District pursuant to 5 U.S.C. § 552(a)(4)(B) and 28

U.S.C. § 1391.

Page 5 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 6 of 15

FACTS

A. COVID-19 Vaccines

17. In December 2020, the FDA issued emergency use authorizations for the Pfizer-

BioNTech 10 and Moderna 11 COVID-19 vaccines. In February 2021, the FDA issued an

emergency use authorization for the Janssen COVID-19 vaccine. 12 There have been subsequent

emergency use authorizations issued for these three vaccines for younger age groups, for boosters,

and for “mix and match” administration of the three vaccines. In August 2021, the FDA licensed

the Pfizer-BioNTech COVID-19 vaccine for individuals 16 years of age and older. 13

18. Although all three novel COVID-19 vaccines available in the United States were

developed at record pace, these products are being mandated for a majority of Americans under

the threat of losing their jobs, being separated from the military, being excluded from university,

and from participating in civil society. 14 The federal government has, for example, issued

mandates for private employees, public employees, and the military. 15 Some cities have gone as

10
https://www.fda.gov/news-events/press-announcements/fda-takes-key-action-fight-against-covid-19-issuing-emer
gency-use-authorization-first-covid-19 (last visited December 23, 2021).
11
https://www.fda.gov/news-events/press-announcements/fda-takes-additional-action-fight-against-covid-19-issu
ing-emergency-use-authorization-second-covid (last visited December 23, 2021).
12
https://www.fda.gov/news-events/press-announcements/fda-issues-emergency-use-authorization-third-covid-19-
vaccine (last visited December 23, 2021).
13
https://www.fda.gov/news-events/press-announcements/fda-approves-first-covid-19-vaccine (last visited
December 23, 2021).
14
https://www.whitehouse.gov/covidplan/ (last visited December 23, 2021).
15
https://www.whitehouse.gov/covidplan/ (last visited December 23, 2021); https://www.federal
register.gov/documents/2021/11/05/2021-23643/covid-19-vaccination-and-testing-emergency-temporary-standard
(last visited December 23, 2021); https://www.federalregister.gov/documents/2021/11/05/2021-23831/medicare-and-
medicaid-programs-omnibus-covid-19-health-care-staff-vaccination (last visited December 23, 2021);
https://media.defense.gov/2021/Aug/25/2002838826/-1/-1/0/MEMORANDUM-FOR-MANDATORY-CORONA
VIRUS-DISEASE-2019-VACCINATION-OF-DEPARTMENT-OF-DEFENSE-SERVICE-MEMBERS.PDF (last
visited December 23, 2021).

Page 6 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 7 of 15

far as to require COVID-19 vaccines for entry into restaurants, clubs, gyms, entertainment venues,

and indoor events. 16

19. While mandating this product, the federal government has also given the

pharmaceutical companies selling these vaccines, and anyone associated with administering them,

complete legal immunity for any injury caused by these vaccines. 42 U.S.C. § 247d-6d (providing

that any “manufacturer” of “any vaccine, used to … prevent or mitigate COVID-19” shall be

“immune from suit and liability under Federal and State law with respect to all claims … resulting

from … [its] use by an individual”). These pharmaceutical companies are even immune from

liability for willful misconduct unless the federal government, which promoted and licensed this

product, first brings this claim. Id.

20. In response to another lawsuit filed by over 347 scientists, public health

professionals and doctors seeking full disclosure of the data the FDA relied upon to license one of

these vaccines, the federal government took the position that it needs at least 75 years to fully

disclose that data to the public. The scientists, public health professionals and doctors sought this

data in order to conduct an independent evaluation, akin to peer review. 17 Until all the data is fully

released, they cannot perform this review since missing even one dataset could throw off any

analysis.18

21. So, to be clear, Americans are forced to receive these vaccine products, but if

injured, they cannot sue anyone associated with these vaccines, yet the government is refusing to

permit outside scientists to review the pre-licensure data supporting their safety.

16
https://sf.gov/information/vaccine-required (last visited December 23, 2021); https://www1.nyc.gov/site/doh
/covid/covid-19-vaccines-keytonyc.page (last visited December 23, 2021).
17
See www.phmpt.org.
18
See Public Health and Medical Professionals for Transparency v. Food and Drug Administration, 4:21-cv-01056-
P (N.D. Tex.), ECF Nos. 26 and 31.

Page 7 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 8 of 15

B. Vaccine Safety Monitoring

22. Because COVID-19 vaccines are being mandated for millions of Americans, it is

essential that our federal health agencies ensure that these products are safe and afford the

American people transparency regarding the data supporting that claim.

23. The CDC is one of the primary federal agencies responsible for monitoring vaccine

safety, including the safety of COVID-19 vaccines. The CDC claims that “COVID-19 vaccines

are being administered under the most intensive vaccine safety monitoring effort in U.S.

history[.]” 19

24. One of the ways the CDC claims to monitor the safety of COVID-19 vaccines is

through v-safe, 20 which “uses text messaging and web surveys to give personalized health check-

ins after [one] receives a COVID-19 vaccine.”21 The app allows users to “quickly tell CDC if

[they] have any side effects after getting a COVID-19 vaccine[,]” which “helps CDC monitor the

safety of COVID-19 vaccines in near real time.”

25. On May 20, 2021, the CDC published a document titled “V-safe active surveillance

for COVID-19 vaccine safety” (the “V-Safe Protocol”). 22 The document explains that “[t]he

purpose of v-safe surveillance is to rapidly characterize the safety profile of COVID-19 vaccines

when given outside a clinical trial setting and to detect and evaluate clinically important adverse

events and safety issues that might impact policy or regulatory decisions.” 23

19
https://www.cdc.gov/vaccines/acip/meetings/downloads/slides-2021-10-20-21/05-COVID-Hause-508.pdf (last
visited December 27, 2021).
20
See https://www.cdc.gov/coronavirus/2019-ncov/vaccines/safety.html (listing v-safe as one of the ways “CDC
expanded and strengthened the country’s ability to monitory vaccine safety”) (last visited December 27, 2021).
21
https://www.cdc.gov/coronavirus/2019-ncov/vaccines/safety/vsafe.html (last visited December 23, 2021).
22
https://www.cdc.gov/vaccinesafety/pdf/V-safe-Protocol-508.pdf (last visited December 23, 2021).
23
Id. at 3.

Page 8 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 9 of 15

26. The V-Safe Protocol indicates that “V-safe data will be collected, managed, and

housed on a secure server by Oracle.” 24 The V-Safe Protocol further provides:

Oracle staff will not be able to view any individualized survey

data (including variables with personally identifiable
information [PII]) but, rather, will have access to aggregate
deidentified data for reporting. CDC will have “read” access to
the individualized survey data, including PII, provided by Oracle.
On a continuous basis (either daily or weekly), these survey data
will be accessible to CDC through downloads from the secure
server. 25

The V-Safe Protocol further states, “No PII [personally identifiable information] will be included

in any v-safe analyses, manuscripts, or data sets shared through external data requests.” 26

27. The CDC’s V-Safe Protocol stresses the importance of this data and that it “is

anticipated that v-safe data will be shared with the scientific community and with the public

through manuscripts and public reports.” 27 Despite these claims, deidentified v-safe data is not

yet available to the public.

28. To ensure that the CDC acts in furtherance of its commitment to “openness and

accountability” and to gain access to critical data regarding the safety of COVID-19 vaccines,

Plaintiff made three separate FOIA requests to the CDC for information regarding v-safe

including, but not limited to, the deidentified data in Oracle’s possession.

C. The First Request (IR#0519)

29. On June 24, 2021, Plaintiff issued the First Request to the CDC seeking:

All de-identified data submitted to v-safe since January 1, 2020.

(Exhibit 1.)

24
Id. at 8.
25
Id. at 9 (emphasis added).
26
Id. at 10.
27
Id. at 12.

Page 9 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 10 of 15

30. On June 29, 2021, the CDC issued a letter to Plaintiff and assigned #21-01506-

FOIA to the First Request. (Exhibit 2.)

31. On July 29, 2021, the CDC issued a final response to Plaintiff and stated:

A search of our records failed to reveal any documents

pertaining to your request. The National Center for Emerging
and Zoonotic Infectious Diseases (NCEZID) communicated that
the v-safe data contains approximately 119 million medical
entries. The information in the app is not de-identified.

(the “First Response”). (Exhibit 3.)

32. The First Response acknowledges that data has been submitted to v-safe:

approximately 119 million medical entries exist. Plaintiff requested that data in de-identified form,

recognizing that personally identifying information may be exempt from disclosure. The First

Request captures data submitted to v-safe and subsequently de-identified by the CDC or by Oracle.

33. Therefore, on August 25, 2021, Plaintiff appealed the First Response on the basis

that the CDC failed to conduct an adequate search for the requested records (the “First Appeal”).

(Exhibit 4.) Plaintiff pointed out, inter alia, that the CDC’s own documentation makes plain that

“Oracle staff will not be able to view any individualized survey data (including variables with

personally identifiable information [PII]) but, rather, will have access to aggregate deidentified

data for reporting.” Id at 3. Plaintiff therefore repeated its request that this deidentified v-safe

data be made available to the public forthwith.

34. On August 27, 2021, HHS acknowledged the First Appeal and assigned it Tracking

No. 2021-00256-A-PHS. (Exhibit 5.)

35. To date, neither HHS nor the CDC have substantively responded to the First

Appeal. Therefore, Plaintiff is deemed to have exhausted its administrative remedies. See 5 U.S.C.

§ 552(a)(6)(C)(i).

Page 10 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 11 of 15

D. The Second Request (IR#0522)

36. On June 24, 2021, Plaintiff issued the Second Request to the CDC seeking:

All documents concerning v-safe data including but not limited

to policies, procedures, processes related to v-safe, and
communications regarding same.

(the “Second Request”). (Exhibit 6.)

37. On June 29, 2021, the CDC issued a letter to Plaintiff and assigned #21-01507 to

the Second Request. (Exhibit 7.)

38. On August 2, 2021, the CDC issued a final response to the Second Request and

stated:

We located 61 pages and one Excel Spreadsheet of responsive

records. After a careful review of these pages, no information
was withheld from release.

(the “Second Response”). (Exhibit 8.)

39. Despite the breadth of the request, the CDC’s production was limited to the May

20, 2021 V-safe Protocol, noted as version 3, and one excel data dictionary. This production is

woefully deficient, including because it did not include any communications sought as part of the

Second Request. Therefore, on October 28, 2021, ICAN appealed the Second Response on the

basis that the CDC failed to conduct an adequate search for the requested records (the “Second

Appeal”). (Exhibit 9.)

40. On November 2, 2021, HHS acknowledged the Second Appeal and assigned it Case

No. 2022-00010-A-PHS. (Exhibit 10.)

41. To date, neither HHS nor the CDC have substantively responded to the Second

Appeal. Therefore, Plaintiff is deemed to have exhausted its administrative remedies. See 5 U.S.C.

§ 552(a)(6)(C)(i).

Page 11 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 12 of 15

E. The Third FOIA Request (IR#0547)

42. On September 1, 2021, Plaintiff submitted a third FOIA request to the CDC in an

effort to clarify the First Request based on the agency’s response, and requested that the CDC:

Produce all data submitted to v-safe and subsequently

deidentified by the CDC and/or Oracle from January 1, 2020
forward.

(the “Third Request”). (Exhibit 11.)

43. On September 3, 2021, the CDC issued a letter to Plaintiff and assigned #21-02128

to the Third Request. (Exhibit 12.)

44. Also on September 3, 2021, the CDC issued a second letter to Plaintiff stating that

the Third Request “is a duplicate of” the First Request “and therefore has been administratively

closed as a duplicate request.” (Exhibit 13.)

45. Counsel for Plaintiff communicated with the CDC via email regarding the agency’s

administrative closure of the Third Request, but the CDC did not reverse its decision to close same.

(Exhibit 14.)

46. The CDC did not inform Plaintiff of its right to seek assistance from the FOIA

Public Liaison or its right to appeal. See 5 U.S.C. § 552(a)(6)(A)(i). See also Oglesby v. U.S. Dep’t

of Army, 920 F.2d 57, 65 (D.C. Cir. 1990) (“A response is sufficient for purposes of requiring an

administrative appeal if it includes: the agency’s determination of whether or not to comply with

the request; the reasons for its decision; and notice of the right of the requester to appeal to the

head of the agency if the initial agency decision is adverse.”); Shermco Indus. v Sec’y of U.S. Air

Force, 452 F.Supp. 306, 318 (N.D. Tex. 1978), rev’d on other grounds, 613 F.2d 1314 (5th Cir.

1980) (plaintiffs were not required to exhaust their administrative remedies when defendant failed

to provide plaintiffs with a complete determination because defendant’s response “does not include

Page 12 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 13 of 15

a list of the releasable and withheld documents, does not include a statement of the fees charged

for the releasable documents, and does not include a statement of why the agency believes waiver

or reduction of any fee charged is not in the public interest or does not benefit the general public.

The plaintiffs could not effectively appeal the . . . adverse decision on their FOIA request without

this information.”). Plaintiff has therefore exhausted its administrative remedies. See 5 U.S.C.

§ 552(a)(6)(C)(i).

HHS AND CDC FAILED TO TIMELY RESPOND TO PLAINTIFF’S APPEALS

47. Federal agencies must determine whether to comply with a FOIA request within 20

business days after receipt of such request. 5 U.S.C. § 552(a)(6)(A)(i). Similarly, federal agencies

must “make a determination with respect to any appeal within” 20 business days after receipt of

any appeal. 5 U.S.C. § 552(a)(6)(A)(ii). In “unusual circumstances,” the 20-day period may be

extended for no more than 10 business days “by written notice to the person making such request

setting forth the unusual circumstances for such extension and the date on which a determination

is to expected to be dispatched.” 5 U.S.C. § 552(a)(6)(B)(i).

48. In acknowledging the First Appeal and the Second Appeal, HHS informed Plaintiff

that its appeals fell “under ‘unusual circumstances’ in that [its] office will need to consult with

another office or agency that has substantial interest in the determination of the appeal.” (Exhibit

5; Exhibit 10.) Despite the alleged “unusual circumstances,” HHS was still obligated to “make a

determination with respect to” the appeals no later than 30 business days after receipt of same. 5

U.S.C. § 552(a)(6)(B)(i).

49. More than 30 business days have elapsed since Plaintiff submitted the First Appeal

and the Second Appeal, but Plaintiff still has not received a determination from the CDC on either

appeal. Therefore, the CDC has failed to comply with the time limit provisions of FOIA.

Page 13 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 14 of 15

CDC IMPROPERLY CLOSED THE THIRD REQUEST

50. Under FOIA, federal agencies are required to respond to requests for records that

are reasonably described. 5 U.S.C. § 522(a)(3)(A). Records are “reasonably described ‘if a

professional employee of the agency familiar with the subject matter can locate the records with a

‘reasonable amount of effort.’” Freedom Watch, Inc. v. CIA, 895 F. Supp. 2d 221, 228 (D.D.C.

2012).

51. In the First Response, the CDC claimed that data in the v-safe app is not

deidentified. Therefore, to clarify the request, Plaintiff issued the Third Request and sought data

submitted to v-safe that was subsequently de-identified (meaning, it was submitted by individuals

with identifying information and at some point after that it was deidentified). The Third Request

therefore reasonably described the requested records.

52. The CDC cannot claim that there are no records responsive to the First Request

because “information in the app is not de-identified” while, at the same time, claiming that the

request seeking data submitted to v-safe and then deidentified (either in response to the Third

Request or otherwise) is duplicative of the First Request. The CDC’s administrative closure of the

Third Request is therefore inconsistent with the purpose of FOIA, which is “to pierce the veil of

administrative secrecy and open agency action to the light of public scrutiny . . ..” Wis. Project v.

United States DOC, 317 F.3d 275, 279 (D. D.C. 2003) (internal quotation marks omitted).

53. It is public knowledge that the data submitted to v-safe already exists in a

deidentified format and that data should be produced to Plaintiff and the public forthwith.

WHEREFORE, Plaintiff prays that this Court:

a. Provide for expeditious proceedings in this action;

Page 14 of 15
 Case 1:21-cv-01179 Document 1 Filed 12/28/21 Page 15 of 15

b. Enter an order directing the CDC to produce all deidentified v-safe data within one

day from the date of any such order;

c. Enter an order directing the CDC to produce all other documents responsive to each

of the FOIA Requests within 10 days from the date of any such order;

d. Award Plaintiff its costs and reasonable attorneys’ fees incurred in this action as

provided by 5 U.S.C. § 552(a)(4)(E); and

e. Grant such other and further relief as the Court may deem just and proper.

Dated: December 28, 2021

SIRI & GLIMSTAD LLP

Aaron Siri, NY Bar No. 4321790

(pro hac vice to be filed)
Elizabeth A. Brehm, NY Bar No. 4660353
(pro hac vice to be filed)
Ursula Smith, Texas Bar No. 24120532 (pro
hac vice to be filed)
200 Park Avenue
17th Floor
New York, New York 10166
Tel: (212) 532-1091
[email protected]
[email protected]
[email protected]

Attorneys for Plaintiff

Page 15 of 15