CDD Filings Digital Citizen
Program Areas
-
In the Matter of Petition of Public Knowledge, Center for Digital Democracy, Consumer Watchdog, Consumer Federation of America, and TURN —The Utility Reform Network Introduction: 47 U.S.C. §551 and 47 U.S.C. § 338(i) (collectively referred to as “privacy rules”) require that cable and satellite providers (herein referred to as “cable operators”) obtain the “written or electronic consent of the subscriber concerned” prior to the collection and use of that information for advertising purposes. Cable operators are also required to provide a written statement to their subscribers, which clearly and conspicuously informs the subscriber of the nature of the use of their personally identifiable information. Through these rules, Congress and the Federal Communications Commission have emphasized the importance of giving consumer’s control over how their information is being used. Despite this, cable operators have continued to use large amounts of their customers’ data without properly obtaining customer consent or informing subscribers of the extent of the use of their information. The Commission should enforce the relevant privacy provisions to ensure that cable operators only use subscriber information when they have the consent required by law. Cable Operators Collect and Share Large Amounts of Customer Data to Generate Targeted Advertising. The use of consumer data to target consumers for advertising is on the rise. Exactly how and to what extent cable operators are leveraging their customer’s data has been extensively documented in a recent report by the Center for Digital Democracy. Cable operators increasingly gather their customers’ personal information, share and combine that information with third parties, and use it to target customers for advertising on an individual level. Verizon, Comcast, Google, AT&T, Time Warner, Cablevision and others have incorporated powerful layers of data collection and digital marketing technologies to better target individuals. AT&T’s TV Blueprint, for example, “gives advertisers working with AT&T the ability to reach people based on factors like device, operating system, whether or not they’re heavy data users or the status of their carrier contract,” using “sophisticated second-by-second set- top box data” and other information. AT&T pulls data “from millions of set-top boxes” and analyzes consumer viewing history and uses these data to target consumers based on their viewing profile. Companies like Cablevision leverage granular data and precise details of household viewing behavior, and combine it with third-party data covering other intimate details of consumers’ lives to analyze and target specific individuals with video advertising across a range of screens. In their own words, “this set-top box level targeting lets marketers target customers that fit particular trends, profiles, demographics and attributes, and they can also pair the Cablevision data with their own or third-party data.” Cablevision and AT&T are not alone in their pervasive use of consumer data. Comcast recently acquired Visible World, which boasts of using data “from millions of enabled Smart TVs” as part of its advertising targeting service. Data points used to target consumers include income, ethnicity, education level, what kind of car they drive, purchase history, and location of their residence. Further, Comcast has acquired companies like This Technology, which is capable of inserting personalized content into network streams—including advertising messages tailored for specific individuals. These programs illustrate how cable providers give advertisers the ability to easily access and use a customer’s information, without that customer knowing the extent to which that information is being used. While these practices are broadly indicative of the ways many cable operators improperly use subscriber data, AT&T, Cablevision, and Comcast are among the most egregious. The Commission should investigate these practices and find that they violate the privacy rules. --- Full filed complaint attached below.
-
CDD Calls on FCC to Protect Consumer Privacy on Broadband Networks
Comments show ISP "Big Data" techniques used to target consumers and discusses limited capabilities of FTC
The Center for Digital Democracy (CDD), a nonprofit organization representing the interests of consumers in the digital marketplace, strongly supports the Federal Communication Commission’s (FCC) proposal to empower individuals to make effective decisions regarding their privacy on broadband networks. Broadband Internet access service (BIAS) plays a powerful and distinctive role in the commercial digital media marketplace, requiring precisely the set of sensible safeguards offered by the Notice of Proposed Rulemaking (NPRM). CDD believes it is entirely necessary and consistent with the Communications Act that the commission extend longstanding consumer-protection policies for the telephone network into the modern broadband context. The role of the network in the broadband marketplace has a distinct purpose compared to so-called “edge” content providers: to facilitate a fairly managed and efficient connection between the subscriber/consumer and the content and/or services of their choice. Given their network-management role, BIAS providers have unique capabilities in terms of monitoring the communications and activities of their subscribers, enabling the capture and use of an extensive array of personal and other consumer information. Positioned by necessity at the center of subscribers’ wireline or wireless broadband use, and holding a “digital key” that can help analyze much of their users’ digitally connected behaviors, BIAS providers have unlimited opportunities to influence the decisions consumers make via data-collection-related applications and services. Consumers today confront a far-reaching and largely invisible data-gathering apparatus that tracks and analyzes their every move online. For example, as the FTC has acknowledged, the growth of cross-device tracking, enabling the identification of a particular consumer’s use of personal computers, mobile phones, tablets, and increasingly even television, and combining multiple sources of data for the development of a targeting profile, illustrates how recent advances in digital data collection pose growing threats to consumer privacy. Indeed, the journal of the Association of National Advertisers explained just last month, “cross-device marketing … allows unprecedented access to individual consumers via personal or shared household devices. … Data-driven cross-device marketers gain exclusive access to a slew of advantageous marketing enhancements, including consistent messaging across all devices … .” Leading BIAS providers promise such cross-device targeting capabilities. Lacking the ability to enact regulations to protect privacy (except for children 12 and under), the FTC has been powerless to ensure consumer protection from cross-device tracking practices, let alone from the growing myriad of practices that gather consumer data from social media, mobile app, online video usage, programmatic targeting, and many other practices. Without the authority to issue regulations on privacy-related matters connected to consumer financial services, for example, the FTC has been forced to rely on its Section 5 authority related to unfair and deceptive practices. In practical terms, this has enabled the digital-data industry to recognize that there are no real constraints to their rapidly expanding collection, analysis, and use of consumer data. The FTC has long recognized that its inability to issue regulations has placed the agency at a serious disadvantage, and has called for the enactment of new regulatory authority. For example, as former FTC Chairman Jon Leibowitz testified before Congress in 2009, in order for the agency “to perform a greater and more effective role protecting consumers … changes in the law and additional authority to promulgate needed rules …” are required. As CDD explained in its March 2016 report on the growth of digital data gathering by leading ISPs (and filed separately in this proceeding), companies such as ATT, Comcast, Verizon, Cablevision, and Charter have made significant investments in their ability to capture, process, and take advantage of a consumer’s information across all the devices they use daily. They are using cloud- and IP-based management systems to deliver data-connected advertising and marketing; have invested in or allied with real-time programmatic marketing technologies that, in milliseconds, make personalized ad-related decisions on which consumers to target and for what product; and have acquired numerous companies that strengthen their hold and use of consumer information, including data gathered by their consumers’ use of apps, online video, and mobile phones... Key characteristics of the BIAS data collection apparatus include: [see attached comments for full submission] -
Set-top Box market should be open, but consumers and privacy protected, CDD tells FCC
Calls for Safeguards for sensitive data, including protecting youth, seniors, and use of ethnic/racial information in FCC"s Navigational Device Proceeding
The Center for Digital Democracy (CDD), which works to empower and protect consumers in the digital marketplace, endorses the Federal Communications Commission’s (FCC) important proposal to provide both choice and competition in the provision of navigational devices for video and related content. CDD strongly believes that the FCC should proceed with its plan to allow third parties to build and sell navigational devices. We support giving these developers/providers access to the information proposed in the NPRM, including Service Discovery, Entitlement, and Content Delivery data. For decades, a handful of powerful cable—and now also telephone—companies have held a monopoly over the design, availability, and use of set-top boxes. This has resulted in greater costs to subscribers, including an especially unfair burden on low- or limited-income consumers. The set-top stranglehold has impaired competition and programming diversity, and has undermined consumer privacy. --- Full PDF of filing attached. -
This brief is submitted on behalf of several Consumer Privacy Organizations who seek to protect consumers from data breach, financial fraud, and identity theft. The Consumer Privacy Organizations associated with the EPIC amicus brief believe that a court order to compel Apple to develop a technique to break security features designed to keep out third parties will result in an increase in crime against consumers. The Electronic Privacy Information Center (“EPIC”) is a public interest research center in Washington, D.C., established in 1994 to focus public attention on emerging privacy and civil liberties issues. EPIC was specifically established to advocate for the use of strong encryption technology and for the development of related Privacy Enhancing Technologies. EPIC led the effort in the United States in the 1990s to support strong encryption tools and played a key role in the development of the international framework for cryptography policy that favored the deployment of strong security measures to safeguard personal information. EPIC also published the first comparative studies of international encryption policy. (See EPIC Cryptography and Libert 1998: An International Survey of Encryption Policy.) The Center for Digital Democracy (CDD) is one of the leading consumer protection and privacy organizations in the United States. Since its founding in 2001, CDD has been at the forefront of research, public education, and advocacy protecting consumers in the digital age. Constitutional Alliance is privately funded nonpartisan non-profit organiation whose stated mission is to "preserve state and national sovereignty, and the unalienable rights to life, liberty and the pursuit of happiness as pronounced in the Declaration of Independence and protected under the Bill of Rights of the United States of America." Consumer Action empowers underrepresented consumers nationwide to assert their rights in the marketplace and financially prosper through multilingual financial education materials, community outreach, and issue-focused advocacy. Consumer Watchdog is a nonprofit organization dedicated to educating and advocating on behalf of consumers for over 25 years.11 Its mission is to provide an effective voice for the public interest. Consumer Watchdog’s programs include health care reform, oversight of insurance rates, energy policy, protecting privacy rights, protecting legal rights, corporate reform, and political accountability. The Cyber Privacy Project researches and educates the public about privacy issues raised in today’s networked world. Patient Privacy Rights (“PPR”) works to empower individuals and prevent widespread discrimination based on health information using a grassroots, community organizing approach. PPR educates consumers, champions smart policies, and exposes and holds industry and the government accountable. The Privacy Rights Clearinghouse (“PRC”) is a nonprofit consumer education and advocacy organization based in San Diego, California. Established in 1992, the PRC focuses on consumers’ rights and interests relating to informational privacy, answers individual consumer inquiries, and maintains a robust website of practical privacy protection tips. Privacy Times provides accurate reporting, objective analysis and thoughtful insight into the events that shape the ongoing debate over privacy and Freedom of Information. --- See full brief attached.
-
Advocates Charge Google with Deceiving Parents about Content on YouTube Kids
App for preschoolers is rife with videos that are potentially harmful to children
Washington, DC – Tuesday, May 19 – Two leading child and consumer advocacy groups have filed an important update to their Federal Trade Commission complaint against Google’s YouTube Kids app for false and deceptive marketing. In a letter sent to the Commission today, the groups charged that Google is deceiving parents by marketing YouTube Kids as a safe place for children under five to explore when, in reality, the app is rife with videos that would not meet anyone’s definition of “family friendly.” A review by the Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD) has found a significant amount of content that would be extremely disturbing and/or potentially harmful for young children to view, including: Explicit sexual language presented amidst cartoon animation Videos that model unsafe behaviors such as playing with lit matches, shooting a nail gun, juggling knives, tasting battery acid, and making a noose A profanity-laced parody of the film Casino featuring Bert and Ernie from Sesame Street Graphic adult discussions about family violence, pornography, and child suicide Jokes about pedophilia and drug use Advertising for alcohol products CDD and CCFC provided a video (link is external) to the FTC today documenting an array of inappropriate content that can found on YouTube Kids. “Federal law prevents companies from making deceptive claims that mislead consumers," said Aaron Mackey, the coalition’s attorney at Georgetown Law's Institute for Public Representation. "Google promised parents that YouTube Kids would deliver appropriate content for children, but it has failed to fulfill its promise. Parents rightfully feel deceived by YouTube Kids." Google claims that YouTube Kids was “built from the ground up with little ones in mind” and is “packed full of age-appropriate videos.” The app includes a search function that is voice-enabled for easy use for preschool children. Google says it uses “a mix of automated analysis, manual sampling, and input from our users to categorize and screen out videos and topics that may make parents nervous.” Google also assures parents that they “can rest a little easier knowing that videos in the YouTube Kids app are narrowed down to content appropriate for kids.” But, as the complaint explains: Google does not, in fact, “screen out the videos that make parents nervous” and its representations of YouTube Kids as a safe, child-friendly version of YouTube are deceptive. Parents who download the app are likely to expose their children to the very content they believed they would avoid by using the preschool version of YouTube. In addition to the unfair and deceptive marketing practices we identified in our initial request for an investigation, it is clear that Google is deceiving parents about the effectiveness of their screening processes and the content on YouTube Kids. “In the rush to expand its advertising empire to preschoolers, Google has made promises about the content on YouTube Kids that it is incapable of keeping,” said Josh Golin, Associate Director of CCFC. “As a parent, I was shocked to discover that an app that Google claims is safe for young children to explore includes so much inappropriate content from the Wild West of YouTube.” Today’s letter is an update to the advocates’ April 7, 2015 FTC complaint that charged Google with engaging in unfair and deceptive practices towards children and their parents. That complaint detailed how YouTube Kids featured ads and other marketing material that took advantage of children’s developmental vulnerabilities. It also noted that the “blending of children’s programming content with advertising material on television has long been prohibited because it is unfair and deceptive to children. The fact that children are viewing the videos on a tablet or smart phone screen instead of on a television screen does not make it any less unfair and deceptive.” The complaint also called on the FTC to address the failure by Google to disclose that many makers of so-called “user-generated” videos featuring toys and candy have relationships with those product's manufacturers. “The same lack of responsibility Google displayed with advertising violations on YouTube Kids is also apparent in the content made available on the app,” observed Dale Kunkel, Professor of Communication at University of Arizona. “There is a serious risk of harm for children who might see these videos. It’s clear Google simply isn’t ready to provide genuinely appropriate media products for children.” Added Jeff Chester, executive director of CDD, “Google gets an 'F' when it comes to protecting America’s youngest kids. The failure of the most powerful and technologically advanced media company to create a safe place for America’s youngest kids requires immediate action by the FTC.” Today’s letter to the FTC is available below. The coalition’s original FTC complaint is available at http://bit.ly/1LeQHCN. The compilation of YouTube Kids video clips can be viewed at https://vimeo.com/127837914 (link is external). -
News
Consumer, Privacy, Child Health Groups Challenge Federal Trade Commission’s Proposed Settlement with TRUSTe
Consumer, Children’s, and Privacy Groups Challenge Federal Trade Commission’s Proposed Settlement with TRUSTe (True Ultimate Standards Everywhere, Inc.) As Too Lenient Stronger Sanctions Needed for TRUSTe’s Violation of the Public Trust Consumers—Especially Parents—Materially Harmed by Years of Deception Washington, DC: The Center for Digital Democracy (CDD), through its counsel the Institute for Public Representation and on behalf of the American Academy of Child and Adolescent Psychiatry, Campaign for Commercial Free Childhood, Consumer Action, Consumer Federation of America, Consumer Watchdog, and The Rudd Center for Food Policy and Obesity, filed comments today at the Federal Trade Commission (FTC) in response to that agency’s proposed Agreement and Consent Order with True Ultimate Standards Everywhere, Inc. (“TRUSTe”). In November, after conducting an investigation, the FTC filed a complaint against TRUSTe, a company that has been issuing various “privacy seals” since 1997. The display of such seals indicate that a website has been reviewed annually by TRUSTe to ensure it is compliance with TRUSTe’s program requirements designed to protect consumer privacy. In fact, according to the FTC TRUSTe deceived consumers in two important respects. First, TRUSTe failed in over one thousand instances between 2006 and 2013 to conduct the annual re-certifications that it told consumers and the FTC it was conducting. Second, the company failed to require the companies using its privacy seals to change references to TRUSTe’s nonprofit status after it became a for-profit operation in 2008. As CDD’s filing makes clear, these violations are especially significant coming from a company that is entrusted with verifying the self-regulatory privacy-protection efforts of thousands of companies—including some of the biggest in the world—and covering such important areas of concern as the Children’s Online Privacy Protection Act (COPPA) and the EU-US Safe Harbor framework for transatlantic data transfers. Thus while the filing applauds the FTC’s enforcement action against TRUSTe, it finds the proposed sanctions—a $200,000 fine and additional recordkeeping and reporting requirements concerning the COPPA safe harbor program—to be far too lenient. “Safe harbors such as TRUSTe,” the filing points out, “play a pivotal role protecting children’s privacy by prohibiting the collection, use or disclosure of personal information without meaningful notice to parents and advance, verifiable parental consent, limiting the amount of data collected from children and protecting the security of data that is collected.” Unfortunately, because the FTC neither revealed the websites and services that were not properly re-certified, nor estimated the number of consumers who were affected by these violations, consumers—including parents concerned for their children’s privacy—are left wondering just how much meaningful privacy protection they have online. In addition to calling for a significant increase in the size of TRUSTe’s payment (citing individual companies that have paid as much as $1 million for their COPPA violations in the past), CDD’s filing called for all COPPA safe harbor reports (including those filed by TRUSTe) be made available to the public on the FTC’s website in a timely manner. Angela Campbell, co-director of the Institute for Public Representation, emphasized that “Parents rely on seal programs such as TRUSTe when deciding whether a particular website is appropriate for their children. Misrepresentations such as these have the potential to put millions of children at risk across potentially hundreds or thousands of child-directed websites. The FTC must do more to restore public trust in the COPPA safe harbor programs.” “The commission needs to stand up for children and their parents,” explained Jeff Chester, executive director of CDD. “If the FTC had adequately engaged in oversight of these programs, such problems would have been identified earlier,” he noted. “Those companies such as TRUSTe that have pledged to truly protect the privacy of American children should be required to make public how they actually determine whether online companies targeting kids engage in fair and responsible practices.” A copy of CDD’s FTC filing is available at www.democraticmedia.org. --30-- -
Project
Privacy Groups Call for Major Changes on APEC Cross-Border Data Rules; Raises Questions about work of TRUSTe
On 3 December 2014 a coalition of privacy and consumer groups sent a Joint Submission to APEC asking for significant changes to the APEC Cross Border Privacy Rules system (CBPRs). The submission is available here. (link is external) This joint submission follows a long period of opposition by civil society representatives to the first implementation of the CBPRs, which has now been operating in the US for 18 months. The submission raises concerns at the growing number of false claims of APEC certification and the absence of an official accurate list of members. One key aspect of the submission is that the signatories oppose the appointment of TRUSTe (link is external) as an Accreditation Agent for the CBPRs in the US, citing weaknesses in their program criteria, conflicts of interest, and the unacceptable use of fine print exclusions in TRUSTe certified privacy policies. The group calls on APEC to reform its CBPRs or close it down. The coalition includes: the Australian Privacy Foundation; the Canadian Internet Policy & Public Interest Clinic; the US Center for Digital Democracy; and the Electronic Privacy Information Center. -
News
U.S. PIRG Education Fund & CDD File Add'l Comments on Big Data at FTC: Urge Action to Rein in "Wild West" of Unfair & Discriminatory Practices
U.S. PIRG Education Fund and the Center for Digital Democracy (CDD) respectfully submit these additional comments to the Federal Trade Commission (FTC). A set of regulatory and other safeguards is urgently required to ensure that contemporary “Big Data”-driven financial services are used in an equitable, transparent, and responsible manner. All Americans, especially those who confront daily challenges to their economic security, should be assured that their lives will be enhanced—not undermined—by the new digital-data financial services marketplace. A closer critical examination of the commercial information infrastructure in the U.S. reveals a set of well-developed and interconnected data collection and use practices that few consumers are aware of—let alone have consented to. While the commission’s September 2014 workshop explored some of the key issues, it did not sufficiently examine the implications of current “Big Data” business practices. U.S. PIRG Education Fund and CDD urge the commission to issue a final report that addresses the issues we identify [see attached file]. -
Project
CDD calls on Obama Adm. to seek strong privacy rules for Big Data/Urges FTC Rulemaking & End of Self-reg stakeholder process
Today was the deadline (link is external) for Comments to be filed in the President's Big Data and privacy proceeding. CDD filed the attached comments, and also joined with a NGO coalition on thie issue representing the civil rights, consumer and privacy communities. CDD's filing urged the following:The Obama Administration should offer legislation that ensures its Consumer Privacy Bill of Rights framework actually provides individuals with the control over how their personal information is collected and used. Individuals should have the ability to make meaningful decisions about their information, regardless of whether it is collected by a social network, mobile operator, app network, financial institution, etc.Legislation should provide regulatory rulemaking authority to the Federal Trade Commission (FTC) on consumer privacy issues to develop these new rights. Legislation should require the FTC to conduct the necessary proceedings leading to a rulemaking within one year from the enactment of legislation. The same legislation should also call on agencies that currently have rulemaking authority, including the Consumer Financial Protection Bureau (CFPB), the Federal Communications Commission (FCC) and the Food and Drug Administration (FDA), to immediately initiate proceedings on consumer financial, telecommunications, and digital health privacy, respectively. Other agencies with sectorial authority on privacy issues not covered by the FTC and others should also be mandated to develop regulations.The current “multistakeholder” process convened by the NTIA should be replaced by the relevant agency rulemakings. The legislation should acknowledge the threats that much of Big Data-related collection pose to Americans today, and strongly state that it is in the best interests of the nation that businesses refrain from their current practice of ubiquitous data collection and profiling. It should accept that self-regulation has failed.The FTC, CFPB, FCC, and FDA should be mandated to report to the Nation, within six months after legislation is enacted, on how commercial Big Data practices are currently being used in ways that may be harmful to the public and not in the national interest. These reports should identify how current practices can discriminate against Americans, based on their race/ethnicity, sexual orientation, income status, age, residence, and other key variables.Based on these reports, the agencies will propose special regulatory safeguards as required to address sensitive data concerns. -
Project
CDD to White House Big Data Review: data collection apparatus leading to a commercial surveillance complex
Today is the deadline for Comments to be filed for the White House's forthcoming report on "Big Data." NGOs pressed the Administration to include public comments during its 90-day inquiry that is led by Senior WH Counselor John Podesta. Our comments are attached. Here's an excerpt: The inability to implement basic privacy rules in the United States to address Internet data collection practices has resulted in the ubiquitous commercial surveillance landscape that today threatens the privacy of Americans—as well as those in the European Union and other countries where U.S. companies collect and transport their information...CDD believes the Big Data report must address the realties of today’s commercial data gathering and analysis landscape. While we acknowledge the many positive uses of Big Data, and its potential, the Administration should not gloss over the threats as well. We fear that missing for the most part in the White House’s review will be a fact-based assessment of actual commercial data practices conducted by Google, Facebook, Yahoo, data brokers, and many others. Such a review would reveal an out-of-control commercial data collection apparatus, with no restraints, and which is leading to a commercial surveillance complex that should be antithetical in a democratic society. The report should show the consequences of such information gathering on Americans, where the data can be immediately made “actionable.” It should address the consequences when predictive analysis and other “insight” identification applications trigger real-time and future decisions about the products and services we are offered, the content we may receive, and even the online “experiences” with which we interact. The report should make clear how its Consumer Privacy Bill of Rights Principles should be interpreted when data collected from Americans are used to unfairly target them—and their families—for products and services that can be harmful to their well-being (such as the delivery of high-interest payday loans, promotion of questionable medical treatments, and the targeting of junk food ads to children, which contributes to the nation’s obesity epidemic). The filing covers 6 key issues: The Growth of Ubiquitous Cross-Platform and Across-Application Tracking of Individuals Online: The Emergence of Big-Data-derived Comprehensive Data Profiles on Individuals (Data Management Platforms): The Digital Data Collection Apparatus, Including the Use of Multiple Data Sources and the Real-time Buying and Selling of American Internet Users: The Growth of Commercial Digital Surveillance at the Community, Hyper-local Level: The Delivery of Financial, Health, and Other Products Linked to Sensitive Data and Uses that Raise Consumer Protection Concerns: The Failure of Industry Self-regulation and the Limits of the Multi-stakeholder Process: