Blog
Program Areas
-
Blog
CDD Urges the House to Promptly Markup HR 7890 - the Children and Teens' Online Privacy Protection Act (COPPA 2.0), HR 7890
COPPA 2.0 provides a comprehensive approach to safeguarding children’s and teen’s privacy via data minimization and a prohibition on targeted advertising – it’s not “just” about “notice and consent”
COPPA 2.0 provides a comprehensive approach to safeguarding children’s and teen’s privacy via data minimization and a prohibition on targeted advertising – it’s not “just” about “notice and consent”We commend Rep. Walberg (R-Mich.) and Rep. Castor (D-FL) for introducing the House COPPA 2.0 companion bill. The bill enjoys strong bipartisan support in the U.S. Senate. We urge the House to promptly markup HR 7890 and pass it into law. Any delay in bringing HR 7890 to a vote would expose children, adolescents, and their families to greater harm.Learn more about the Children and Teens’ Online Privacy Protection Act here: Background:The United States is currently facing a commercial surveillance crisis. Digital giants invade our private lives, spy on our families, deploy manipulative and unfair data-driven marketing practices, and exploit our most personal information for profit. These reckless practices are leading to unacceptable invasions of privacy, discrimination, and public health harms.In particular, the United States faces a youth mental health crisis fueled, in part, by Big Tech. According to the American Academy of Pediatrics, children’s mental health has reached a national emergency status. The Center for Disease Control found that in 2021, one in three high school girls contemplated suicide, one in ten high school girls attempted suicide, and among LGBTQ+ youth, more than one in five attempted suicide. As the Surgeon General concluded in a report last year, “there are ample indicators that social media can also have a profound risk of harm to the mental health and well-being of children and adolescents.”Platforms’ data practices and their prioritization of profit over the well-being of America’s youth significantly contribute to the crisis. The lack of privacy protections for children and teens has led to a decline in young people’s well-being. Platforms rely on vast amounts of data to create detailed profiles of young individuals to target them with tailored ads. To achieve this, addictive design features are employed, keeping young users online for longer periods of time and exacerbating the youth mental health crisis. The formula is simple: more addiction equals more data and more targeted ads which translates into greater profits for Big Tech. In fact, according to a recent Harvard study, in 2022, the major Big Tech platforms earned nearly $11 billion in ad revenue from U.S. users under age 17.The Children and Teens’ Online Privacy Protection Act (COPPA 2.0) modernizes and strengthens the only online privacy law for children, the Children’s Online Privacy Protection Act (COPPA). COPPA was passed over 25 years ago and is crucially in need of an update, including the extension of safeguards to teens. Passed by the Senate out of Committee, Reps. Tim Walberg (R-MI) and Kathy Castor (D-FL) introduced COPPA 2.0 in the House in April. It’s time now for the House to act. The Children and Teens’ Online Privacy Protection Act would:- Build on COPPA and extend privacy safeguards to users who are 13 to 16 years of age;- Require strong data minimization safeguards prohibiting the excessive collection, use, and sharing of children’s and teens’ data; COPPA 2.0 would:Prohibit the collection, use or disclosure or maintenance of personal information for purposes of targeted advertising;Prohibit the collection of personal information except when the collection is consistent with the context and necessary to fulfill a transaction or service or provide a product or service requested;Prohibit the retention of personal information for longer than is reasonably necessary to fulfill a transaction or provide a service;Prohibit conditioning a child’s or teen’s participation on the child’s or teen’s disclosing more personal information than is reasonably necessary.Except for certain internal permissible operations purposes of the operator, all other data collection or disclosures require parental or teen consent.- Ban targeted advertising to children and teens;- Provide for parental or teen controls;It would provide for the right to correct or delete personal information collected from a child or teen or content or information submitted by a child or teen to a website – when technologically feasible.- Revise COPPA’s “actual knowledge” standard to close the loophole that allows covered platforms to ignore kids and teens on their site. But what about….?…Notice and Consent, doesn’t COPPA 2.0 rely on the so-called “notice and consent” approach and isn’t the consensus that this is an ineffective way to protect privacy online?No, COPPA 2.0 does not rely on “notice and consent”. It would provide a comprehensive approach to safeguarding children’s and teen’s privacy via data minimization. It appropriately restricts companies’ ability to collect, use, and share personal information of children and teens by default. The consent mechanism is just one additional safeguard. 1. By default COPPA 2.0 would prohibitthe collection, use or disclosure or maintenance of personal information for purposes of targeted advertising to children and teens - this is a flat out ban, consent is not required.the collection of personal information except when the collection is consistent with the context of the relationship and necessary to fulfill a transaction or service or provide a product or service requested of the relationship of the child/teen with the operator.the retention of personal information for longer than is reasonably necessary to fulfill a transaction or provide a service. 2. By extending COPPA protections to teens, COPPA 2.0 would further limit data collection from children and teens as COPPA 2.0 would prohibitconditioning a child’s or teen’s participation in a game, the offering of a prize, or another activity on the child’s or teen’s disclosing more personal information than is reasonably necessary to participate in such activity. 3. Any other personal information that companies would want to collect, use, or disclose requires parental consent or the consent of a teen, except for certain internal permissible operations purposes of the operator. COPPA 2.0's data minimization provisions prevent the collection, use, disclosure, and retention of excessive data from the start. By not collecting or retaining unnecessary data, harmful, manipulative, and exploitative business practices will be prevented. The consent provision is important but plays a relatively small role in the privacy safeguards of COPPA 2.0. But what about….?…targeted advertising, don’t we need a clear ban of targeted advertising to children and teens?Yes, and COPPA 2.0 bans targeted advertising while allowing for contextual advertising.Under COPPA 2.0 it is unlawful for an operator "to collect, use, disclose to third parties, or maintain personal information of a child or teen for purposes of individual-specific advertising to children or teens (or to allow another person to collect, use, disclose, or maintain such information for such purpose).” But what about….?…the transfer of personal information to third parties?Yes, COPPA 2.0 requires verifiable consent by a parent or teen for the disclosure or transfer of personal information to a third party, except for certain internal permissible operations purposes of the operator. Verifiable consent must be obtained before collection, use, and disclosure of personal information via direct notice of the personal information collection, use, and disclosure practices of the operator. Any material changes from the original purposes also require verifiable consent.(Note that the existing COPPA rule requires that an operator gives a parent the option to consent to the collection and use of the child's personal information without consenting to the disclosure of his or her personal information to third parties under 312.5(a)(2). The FTC recently proposed to bolster this provision under the COPPA rule update.) -
The insatiable quest to acquire more data has long been a force behind corporate mergers in the US—including the proposed combination of supermarket giants Albertsons and Kroger. Both grocery chains have amassed a powerful set of internal “Big Data” digital marketing assets, accompanied by alliances with data brokers, “identity” management firms, advertisers, streaming video networks, and social media platforms. Albertsons and Kroger are leaders in one of the fastest-growing sectors in the online surveillance economy—called “retail media.” Expected to generate $85 billion in ad spending in the US by 2026, and with the success of Amazon as a model, there is a new digital “gold rush” by retailers to cash in on all the loyalty programs, sales information, and other growing ways to target their customers.Albertsons, Kroger, and other retailers including Walmart, CVS, Dollar General and Target find themselves in an enviable position in what’s being called the “post-cookie” era. As digital marketing abandons traditional user-tracking technologies, especially third-party cookies, in order to address privacy regulations, leading advertisers and platforms are lining up to access consumer information they believe comes with less regulatory risk. Supermarkets, drug stores, retailers and video streaming networks have massive amounts of so-called “first-party” authenticated data on consumers, which they claim comes with consent to use for online marketing. That’s why retail media networks operated by Kroger and others, as well as data harvested from streaming companies, are among the hottest commodities in today’s commercial surveillance economy. It’s not surprising that Albertsons and Kroger now have digital marketing partnerships with companies like Disney, Comcast/NBCUniversal, Google and Meta—to name just a few.The Federal Trade Commission (FTC) is currently reviewing this deal, which is a test case of how well antitrust regulators address the dominant role that data and the affordances of digital marketing play in the marketplace. The “Big Data” digital marketing era has upended many traditional marketplace structures; consolidation is accompanied by a string of deals that further coalesces power to incumbents and their allies. What’s called “collaboration”—in which multiple parties work together to extend individual and collective data capabilities—is now a key feature operating across the broader online economy, and is central to the Kroger/Albertsons transaction. Antitrust law has thus far failed to address one of the glaring threats arising from so many mergers today—their impact on privacy, consumer protection, and diversity of media ownership. Consider all the transactions that the FTC and Department of Justice have allowed in recent years, such as the scores of Google and Facebook acquisitions, and what deleterious impact they had on competition, data protection, and other societal outcomes.Under Chair Lina Khan, the FTC has awakened from what I have called its long “digital slumber,” moving to the forefront in challenging proposed mergers and working to develop more effective privacy safeguards. My organization told the commission that addressing the current role data-driven marketing plays in the Albertsons and Kroger merger, and how consolidating the two digital operations is really central to the two companies’ goals for the deal, must be part of its antitrust case.Kroger has been at the forefront of understanding how the sales and marketing of groceries and other consumer products have to operate simultaneously in-store and online. It acquired a leading “retail, data science, insights and media” company in 2015—which it named 84.51° after its geo coordinates in Cincinnati. Today, 84.51° touts its capabilities to leverage “data from over 62 million households” in influencing consumer buying behavior “both in-store and online,” using “first party retail data from nearly 1 of 2 US households and more than two billion transactions.” Kroger’s retail media division—called “Precision Marketing”—draws on the prowess of 84.51° to sell a range of sophisticated data targeting opportunities for advertisers, including leading brands that stock its in-store and online shelves. For example, ads can be delivered to customers when they search for a product on the Kroger website or its app; when they view digital discount coupons; and when customers are visiting non-Kroger-owned sites.These initiatives have created a number of opportunities for Kroger to make money from data. Last year, Precision Marketing opened its “Private Marketplace” service that enables advertisers to access Kroger customers via targeting lists of what are known as “pre-optimized audiences” (groups of consumers who have been analyzed and identified as potential customers for various products). Like other retailers, Kroger has a data and ad deal with video streaming companies, including Disney and Roku. Its alliance with Disney enables it to take advantage of that entertainment company’s major data-marketing assets, including AI tools and the ability to target consumers using its “250 million user IDs.”Likewise, the Albertsons “Media Collective” division promises advertisers that its retail media “platform” connects them to “over 100 million consumers.” It offers similar marketing opportunities for grocery brands as Kroger, including targeting on its website, app and also when its customers are off-site. Albertsons has partnerships across the commercial surveillance advertising spectrum, including with Google, the Trade Desk, Pinterest, Criteo and Meta/Facebook. It also has a video streaming data alliance involving global advertising agency giant Omnicom that expands its reach with viewers of Comcast’s NBCUniversal division, as well as with Paramount and Warner Bros./Discovery.Both Kroger and Albertsons partner with many of the same powerful identity-data companies, including data-marketing and cross-platform leaders LiveRamp and the Trade Desk. Through these relationships, the two grocery chains are connected to a vast network of databrokers that provide ready access to customer health, financial, and geolocation information, for example. The two grocery chains also work with the same “retail data cloud” company that further extends their marketing impact. Further compounding the negative competitive and privacy threats from this deal is its role in providing ongoing “closed-loop” consumer tracking to better perfect the ways retailers and advertisers measure the effectiveness of their marketing. They know precisely what you bought, browsed and viewed—in store and at home.Antitrust NGOs, trade unions and state attorneys-general have sounded the alarm about the pending Albertsons/Kroger deal, including its impact on prices, worker rights and consumer access to services. As the FTC nears a decision point on this merger, it should make clear that such transactions, which undermine competition, privacy, and expand the country’s commercial surveillance apparatus, should not be permitted.This article was originally published by Tech Policy Press.
-
Blog
Is So-called Contextual Advertising the Cure to Surveillance-based “Behavioral” Advertising?
Contextual advertising might soon rival or even surpass behavioral advertising’s harms unless policy makers intervene
Contextual advertising is said to be privacy-safe because it eliminates the need for cookies, third-party trackers, and the processing of other personal data. Marketers and policy makers are placing much stock in the future of contextual advertising, viewing it as the solution to the privacy-invasive targeted advertising that heavily relies on personal data.However, the current state of contextual advertising does not look anything like our plain understanding of it in contrast to today's dominant mode of behavioral advertising: placing ads next to preferred content, based on keyword inclusion or exclusion. Instead, industry practices are moving towards incorporating advanced AI analysis of content and its classification, user-level data, and insights into content preferences of online visitors, all while still referring to “contextual advertising.” It is crucial for policymakers to carefully examine this rapidly evolving space and establish a clear definition of what “contextual advertising” should entail. This will prevent the emergence of toxic practices and outcomes, similar to what we have witnessed with surveillance-based behavioral marketing, from becoming the new normal.Let’s recall the reasons for the strong opposition to surveillance-based marketing practices so we can avoid those harms regarding contextual advertising. Simply put, the two main reasons are privacy harms and harms from manipulation. Behavioral advertising is deeply invasive when it comes to privacy, as it involves tracking users online and creating individual profiles based on their behavior over time and across different platforms and across channels. These practices go beyond individual privacy violations and also harm groups of people, perpetuating or even exacerbating historical discrimination and social inequities.The second main reason why many oppose surveillance-based marketing practices is the manipulative nature of commercial messaging that aims to exploit users’ vulnerabilities. This becomes particularly concerning when vulnerable populations, like children, are targeted, as they may not have the ability to resist sophisticated influences on their decision-making. More generally, the behavioral advertising business heavily incentivizes companies to optimize their practices for monetizing attention and selling audiences to advertisers, leading to many associated harms.New and evolving practices in contextual advertising should raise questions for policy makers. They should consider whether the harms we sought to avoid with behavioral marketing may resurface in these new advertising practices as well.Today’s contextual advertising methods are taking advantage of the latest analytical technologies to interpret online content so that contextual ads will likely soon be able to manipulate us just as behavioral ads can. Artificial intelligence (AI), machine learning, natural language processing models for tone and sentiment analysis, computer vision, audio analysis, and more are being used to consider a multitude of factors and in this way “dramatically improve the effectiveness of contextual targeting.” Gumgum’s Verity, for example, “scans text, image, audio and video to derive human-like understandings.” Attention measures – the new performance metric that advertisers crave – indicate that contextual ads are more effective than non-contextual ads. Moments.AI, a “real-time contextual targeting solution” by the Verve Group, for example, allows brands to move away from clicks and to “optimize towards consumer attention instead,” for “privacy-first” advertising solutions.Rather than analyzing one single URL or one article at a time, marketers can analyze a vast range of URLs and can “understand content clusters and topics that audiences are engaging with at that moment” and so use contextual targeting at scale. The effectiveness and sophistication of contextual advertising allows marketers to use it not just for enhancing brand awareness, but also for targeting prospects. In fact, the field of “neuroprogammatic” advertising “goes beyond topical content matching to target the subconscious feelings that lead consumers to make purchasing decisions,” according to one industry observer. Marketers can take advantage of how consumers “are feeling and thinking, and what actions they may or may not be in the mood to take, and therefore how likely are to respond to an ad. Neuroprogrammatic targeting uses AI to cater to precisely what makes us human.”These sophisticated contextual targeting practices may have negative effects similar to those of behavioral advertising, however. For instance, contextual ads on weight loss programs can be placed alongside content related to dieting and eating disorders due to its semantic, emotional, and visual content. This may have disastrous consequences similar to targeted behavioral ads aimed at teenagers with eating disorders. Therefore, it is important to question how different these practices are from individual user tracking and ad targeting. If content can be analyzed and profiled along very finely tuned classification schemes, advertisers don’t need to track users across the web. They simply need to track the content that will deliver the relevant audience and engage individuals based on their interests and feelings.Apart from the manipulative nature of contextual advertising, the use of personal data and associated privacy violations are also concerning. Many contextual ad tech companies claim to engage in contextual targeting “without any user data.” But, in fact, so-called contextual ad tech companies often rely on session data such as browser and page-level data, device and app-level data, IP address, and “whatever other info they can get their hands on to model the potential user,” framing it as “contextual 2.0.” Until recently, this practice might have been more accurately referred to as device fingerprinting. The claim is that session data is not about tracking, but only about the active session and usage at one point in time. No doubt, however, the line between contextual and behavioral advertising becomes blurry when such data is involved.Location-based targeting is another aspect of contextual advertising that raises privacy concerns. Should location-based targeting be considered contextual? Uber’s “Journey Ads” lets advertisers target users based on their destination. A trip to a restaurant might trigger alcohol ads; a trip to the movie theater might result in ads for sugary beverages. According to AdExchanger, Uber claims that it is not “doing any individual user-based targeting” and suggests that it is a form of contextual advertising.Peer 39 also includes location data in its ad-targeting capabilities and still refers to these practices as contextual advertising. The use of location data can reveal some of the most sensitive information about a person, including where she works, sleeps, socializes, worships, and seeks medical treatment. When combined with session data, the information obtained from sentiment, image, video, and location analysis can be used to create sophisticated inferences about individuals, and ads placed in this context can easily clash with consumer expectations of privacy.Furthermore, placing contextual ads next to user-generated content or within chat groups changes the parameters of contextual targeting. Instead of targeting the content itself, the ad becomes easily associated with an individual user. Reddit’s “contextual keyword targeting” allows advertisers to target by community and interests, discussing LGBTQ+ sensitive topics, for example. This is similar to the personalized nature of targeted behavioral advertising, and can thus raise privacy concerns.Cohort targeting, also referred to as “affinity targeting” or “content affinity targeting,” further blurs the line between behavioral and contextual advertising by combining content analytics with audience insights. “This bridges the gap between Custom Cohorts and your contextual signals, by taking learning from consented users to targeted content where a given Customer Cohort shows more engagement than the site average,” claims Permutive.Oracle uses various cohorts with demographic characteristics, including age, gender, and income, for example, as well as “lifestyle” and “retail” interests, to understand what content individuals are more likely to consume. While reputedly “designed for privacy from the ground up,” this approach allows Oracle to analyze what an audience cohort views and to “build a profile of the content types they’re most likely to engage with,” allowing advertisers to find their “target customers wherever they are online.” Playground XYZ enhances contextual data with eye-tracking data from opt-in panels, which measures attention and helps to optimize which content is most “eye-catching,” “without the need for cookies or other identifiers.”Although these practices may seem privacy neutral (relying on small samples of online users or “consented users”), they still allow advertisers to target and manipulate their desired audience. Message targeting based on content preferences of fine-tuned demographic characteristics (household income less than $20K or over $500K, for example) can lead to discriminatory practices and disparate impact that can deepen social inequities, just like the personalized targeting of online users.Hyper-contextual content analysis with a focus on measuring sentiment and attention, the use of session information, placing ads next to user-generated content as well as within interest group chats, and employing audience panels to profile content are emerging practices in contextual advertising that require critical examination. The touted privacy-first promise of contextual advertising is deceptive. It seems that contextual advertising is more manipulative, invasive of privacy, and likely to contribute to discrimination and perpetuate inequities among consumers than we all initially thought.What’s more, the convergence of highly sensitive content analytics with content profiling based on demographic characteristics (and potentially more), could result in even more potent digital marketing practices than those currently being deployed. By merging contextual data with behavioral data, marketers might gain a more comprehensive understanding of their target audience and develop more effective messaging. Additionally, we can only speculate about how modifications to the incentive structure for content delivery of audiences to advertisers might impact content quality.In the absence of policy intervention, these developments may lead to a surveillance system that is even more formidable than the one we currently have. Contextual advertising will not serve as a solution to surveillance-based “behavioral” marketing and its manipulative and privacy invasive nature, let alone the numerous other negative consequences associated with it, including the addictive nature of social media, the promotion of disinformation, and threats to public health.It is vital to formulate a comprehensive and up-to-date definition of contextual advertising that takes into consideration the adverse effects of surveillance advertising and strives to mitigate them. Industry self-regulation cannot be relied on, and legislative proposals do not adequately address the complexities of contextual advertising. The FTC’s 2009 definition of contextual advertising is also outdated in light of the advancements and practices described here. Regulatory bodies like the FTC must assess contemporary practices and provide guidelines to safeguard consumer privacy and ensure fair marketing practices. The FTC’s Children’s Online Privacy Protection Act rule update and its Commercial Surveillance and Data Security Rule provide opportunity to get it right.Failure to intervene may ultimately result in the emergence of a surveillance system disguised as consumer-friendly marketing. This article was originally published by Tech Policy Press. -
Blog
Profits, Privacy and the Hollywood Strike
Addressing commercial surveillance in streaming video is key to any deal for workers and viewers says Jeff Chester, the executive director of the Center for Digital Democracy.
Leading studios, networks and production companies in Hollywood—such as Disney, Paramount, Comcast/NBCU, Warner Bros. Discovery and Amazon—know where their dollars will come from in the future. As streaming video becomes the dominant form of TV in the U.S., the biggest players in the entertainment industry are harvesting the cornucopia of data increasingly gathered from viewers. While some studio chiefs publicly chafe over the demands from striking actors and writers as being unrealistic, they know that their heavy investments in “adtech” will drive greater profitability. Streaming video data not only generates higher advertising and commerce revenues, but also serves as a valuable commodity for the precise online tracking and targeting of consumers.Streaming video is now a key part in what the Federal Trade Commission (FTC) calls the “commercial surveillance” marketplace. Data about our viewing behaviors, including any interactions with the content, is being gathered by connected and “smart” TVs, streaming devices such as Roku, in-house studio and network data mining operations, and by numerous targeting and measurement entities that now serve the industry. For example, Comcast’s NBCUniversal “One Platform” uses what it calls “NBCU ID”—a “first-party identifier [that] provides a persistent indicator of who a consumer is to us over time and across audiences.” Last year it rolled out “200 million unique person-level NBCU IDs mapped to 80 million households.” Disney’s Select advertising system uses a “proprietary Audience Graph” incorporating “100,000 attributes” to help “1800 turnkey” targeting segments. There are 235 million device IDs available to reach, says Disney, 110 million households. It also operates a “Disney Real-time Ad Exchange (DRAX), a data clean room and what it calls “Yoda”—a “yield optimized delivery allocation” empowering its ad server.Warner Bros. Discovery recently launched “WBD Stream,” providing marketers with “seamless access… to popular and premium content.” It also announced partnerships with several data and research companies designed to help “marketers to push consumers further down the path to purchase.” One such alliance involves “605,” which helps WBD track how effective its ads are in delivering actual sales from local retailers, including the use of set-top box data from Comcast as well as geolocation tracking information. Amazon has long supported its video streaming advertising sales, including with its “Freevee” network, through its portfolio of cutting-edge data tools. Among the ad categories targeted by Amazon’s streaming service are financial services, candy and beauty products. One advantage it touts is that streaming marketers can get help from “Amazon’s Ads data science team,” including an analysis of “signals in [the] Amazon Marketing Cloud.”Other major players in video streaming have also supercharged their data technologies, including Roku, Paramount, and Samsung, in order to target what are called “advanced audiences.” That’s the capability to have so much information available that a programmer can pinpoint a target for personalized marketing across a vast universe of media content. While subscription is a critical part of video revenues, programmers want to draw from multiple revenue streams, especially advertising. To help advance the ability of the TV business to have access to more thorough datasets, leading TV, advertising and measurement companies have formed the “U.S. Joint Industry Committee” (JIC). Warner Bros. Discovery, Fox, NBCU, TelevisaUnivision, Paramount, and AMC are among the programmers involved with JIC. They are joined by a powerhouse composed of the largest ad agencies (data holders as well), including Omnicom, WPP and Publicis. One outcome of this alliance will be a set of standards to measure the impact of video and other ads on consumers, including through the use of “Big Data” and cross-platform measurement.Of course, today’s video and filmed entertainment business includes more than ad-supported services. There’s subscription revenue for streaming–said to pass $50 billion for the U.S. this year– as well as theatrical release. But it’s very evident that the U.S. (as well as the global) entertainment business is in a major transition, where the requirement to identify, track and target an individual (or groups of people) online and as much offline as possible is essential. For example, Netflix is said to be exploring ways it can advance its own solution to personalized ad targeting, drawing its brief deal with Microsoft Advertising to a close. Leading retailers, including Walmart (NBCU) and Kroger (Disney), are also part of today’s streaming video advertising landscape. Making the connections to what we view on the screen and then buy at a store is a key selling point for today’s commercial surveillance-oriented streaming video apparatus. A growing part of the revenue from streaming will be commissions from the sale of a product after someone sees an ad and buys that product, including on the screen during a program. For example, as part of its plans to expand retail sales within its programming, NBCU’s “Checkout” service “identifies objects in video and makes them interactive and shoppable.”Another key issue for the Hollywood unions is the role of AI. With that technology already a core part of the advertising industry’s arsenal, its use will likely be integrated into video programming—something that should be addressed by the SAG-AFTRA and WGA negotiations.The unions deserve to capture a piece of the data-driven “pie” that will further drive industry profits. But there’s more at stake than a fair contract and protections for workers. Rather than unleashing the creativity of content providers who are part of a environment promoting diversity, equity and the public interest, the new system will be highly commercialized, data driven, and controlled by a handful of dominant entities. Consider the growing popularity of what are called “FAST” channels—which stands for “free ad supported streaming television.” Dozens of these channels, owned by Comcast/NBCU, Paramount, Fox, and Amazon, are now available, and filled with relatively low-cost content that can reap the profits from data and ads.The same powerful forces that helped undermine broadcasting, cable TV, and the democratic potential of what once was called the “information superhighway”—the Internet—are now at work shaping the emerging online video landscape. Advertising and marketing, which are already the influence behind the structure and affordances of digital media, are fashioning video streaming to be another—and critically important—component fostering surveillance marketing.The FTC’s forthcoming proposed rulemaking on commercial surveillance must address the role of streaming video. And the FCC should open up its own proceeding on streaming, one designed to bring structural changes to the industry in terms of ownership of content and distribution. There’s also a role for antitrust regulators to examine the data partnerships emerging from the growing collaboration by networks and studios to pool data resources. The fight for a fairer deal for writers and actors deserves the backing of regulators and the public. But a successful outcome for the strike should be just “Act One” of a comprehensive digital media reform effort. While the transformation of the U.S. TV system is significantly underway, it’s not too late to try to program “democracy” into its foundation. Jeff Chester is the executive director of the Center for Digital Democracy, a DC-based NGO that works to ensure that digital technologies serve and strengthen democratic values and institutions. Its work on streaming video is supported, in part, by the Rose Foundation for Communities and the Environment.This op-ed was initially published by the Tech Policy Press. -
Meta’s Virtual Reality-based Marketing Apparatus Poses Risks to Teens and OthersWhether it’s called Facebook or Meta, or known by its Instagram, WhatsApp, Messenger or Reels services, the company has always seen children and teens as a key target. The recent announcement opening(link is external) up the Horizon Worlds metaverse(link is external) to teens, despite calls to first ensure it will be a safe and healthy experience, is lifted out of Facebook’s well-worn political playbook—make whatever promises necessary to temporarily quell any political opposition to its monetization plans. Meta’s priorities are intractably linked to its quarterly shareholder revenue reports. Selling our “real” and “virtual” selves to marketers is their only real source of revenue, a higher priority than any self-regulatory scheme Meta offers(link is external) claiming to protect children and teens.Meta’s focus on creating more immersive, AI/VR, metaverse-connected experiences for advertisers should serve as a “wake-up” call for regulators. Meta has unleashed a digital environment designed to trigger the “engagement(link is external)” of young people with marketing, data collection and commercially driven manipulation. Action is required to ensure that young people are treated fairly, and not exposed to data surveillance, threats to their health and other harms.Here are a few recent developments that should be part of any regulatory review of Meta and young people:Expansion of “immersive(link is external)” video and advertising-embedded applications: Meta tells marketers it provides “seamless video experiences that are immersive and fueled by discovery,” including the “exciting(link is external) opportunity for advertisers” with its short-video “Reels” system. Through virtual reality (VR) and augmented reality (AR(link is external)) technologies, we are exposed to advertising content designed to have a greater impact by influencing our subconscious and emotional processes. With AR ads, Meta tells(link is external) marketers, they can “create immersive experiences, encourage people to virtually try out your products and inspire people to interact with your brand,” including encouraging “people who interact with your ad… [to]take photos or videos to share their experience on Facebook Feed, on Facebook and Instagram Stories or in a message on Instagram.” Meta has also been researching(link is external) the use of AR(link is external) and VR(link is external) that will ensure that its ad and marketing messaging becomes even more compelling.Expanded integration of ads throughout Meta applications: Meta allows advertisers to “turn organic image and video posts into ads in Ads Manager on Facebook Reels,” including adding a “call-to-action” feature. It permits marketers to “boost their Reels within the Instagram app to turn them into ads….” It enables marketers “to add a “Send Message” button to their Facebook Reels ads [that] give people an option to start a conversation in WhatsApp(link is external) right from the ad.” This follows last year’s Meta “Boosted Reels” product(link is external) release, allowing Instagram Reels to be turned into ads as well.“Ads Manager” “optimization(link is external) goals” that are inappropriate when used for targeting young people: These include “impressions, reach, daily unique reach, link clicks and offsite conversions.” “Ad placements” to target teens are available for the “Facebook Marketplace, Facebook Feed, … Facebook Stories, Facebook-instream video (mobile), Instagram Feed, Instagram Explore, Instagram Stories, Facebook Reels and Instagram Reels.”The use of metrics for delivering and measuring the impact of augmented reality ads: As Meta explains, it uses:(link is external)Instant Experience View Time: The average total time in seconds that people spent viewing an Instant Experience. An Instant Experience can include videos, images, products from a catalog, an augmented reality effect and more. For an augmented reality ad, this metric counts the average time people spent viewing your augmented reality effect after they tapped your ad.Instant Experience Clicks to Open: The number of clicks on your ad that open an Instant Experience. For an augmented reality ad, this metric counts the number of times people tapped your ad to open your augmented reality effect.Instant Experience Outbound Clicks: The number of clicks on links in an Instant Experience that take people off Meta technologies. For an augmented reality ad, this metric counts the number of times people tapped the call to action button in your augmented reality effect.Effect Share: The number of times someone shared an image or video that used an augmented reality effect from your ad. Shares can be to Facebook or Instagram Stories, to Facebook Feed or as a message on Instagram.These ad effects can be designed and tested(link is external) through Meta’s “Spark Hub” and ad manager. Such VR and other measurement systems require regulators to analyze their role and impact on youth.Expanded use of machine learning/AI to promote shopping via Advantage(link is external)+: Last year, Meta rolled out “Advantage+ shopping campaigns, Meta’s machine-learning capabilities [that] save advertisers(link is external) time and effort while creating and managing campaigns. For example, advertisers can set up a single Advantage+ shopping campaign, and the machine learning-powered automation automatically combines prospecting and retargeting audiences, selects numerous ad creative and messaging variations, and then optimizes for the best-performing ads.” While Meta says that Advantage+ isn’t used to target teens, it deploys(link is external) it for “Gen Z” audiences. How Meta uses machine learning/AI to target families should also be on the regulatory agenda.Immersive advertising will shape the near-term evolution of marketing, where brands will be “world agnostic and transcend the limitations of the current physical and digital space.” The Advertising Research Foundation (ARF) predicts(link is external) that “in the next decade, AR and VR hardware and software will reach ubiquitous status.” One estimate is that by 2030, the metaverse will “generate(link is external) up to $5 trillion in value.”In the meantime, Meta’s playbook in response to calls from regulators and advocates is to promise some safeguards, often focused on encouraging the use of what it calls “safety(link is external) tools.” But these tools(link is external) do not ensure that teens aren’t reached and influenced by AI- and VR-driven marketing technologies and applications. Meta also knows that today, ad-targeting is less important than so-called “discovery(link is external),” where its purposeful melding of its video content, AR effects, social interactions and influencer marketing will snare young people into its marketing “conversion”(link is external) net.Last week, Mark Zuckerberg told(link is external) investors his vision of bringing “AI agents to billions of people,” as well as into his “metaverse” that will be populated by “avatars, objects, worlds, and codes to tie” online and offline together. There will be, as previously reported, an AI-driven “discovery(link is external) engine” that will “increase the amount of suggested content to users.”These developments reflect just a few of the AI- and VR-marketing-driven changes to the Meta system. They illustrate why responsible regulators and advocates must be in the forefront of holding this company accountable, especially with regard to its youth-targeting apparatus.Please also read(link is external) Fairplay for Kids’ account of Meta’s long history of failing to protect children online. metateensaivr0523fin.pdfJeff Chester
-
FTC Commercial Surveillance Filing from CDD focuses on how pharma & other health marketers target consumers, patients, prescribers “Acute Myeloid Lymphoma,” “ADHD,” “Brain Cancer,” “High Cholesterol,” “Lung Cancer,” “Overweight,” “Pregnancy,” “Rheumatoid Arthritis,” “Stroke,” and “Thyroid Cancer.” These are just a handful of the digitally targetable medical condition “audience segments” available to surveillance advertisers While health and medical condition marketers—including pharmaceutical companies and drug store chains—may claim that such commercial data-driven marketing is “privacy-compliant,” in truth it reveals how vulnerable U.S. consumers are to having some of their most personal and sensitive data gathered, analyzed, and used for targeted digital advertising. It also represents how the latest tactics leveraging data to track and target the public—including “identity graphs,” artificial intelligence, surveilling-connected or smart TV devices, and a focus on so-called permission-based “first-party data”—are now broadly deployed by advertisers—including pharma and medical marketers. Behind the use of these serious medical condition “segments” is a far-reaching commercial surveillance complex including giant platforms, retailers, “Adtech” firms, data brokers, marketing and “experience” clouds, device manufacturers (e.g., streaming), neuromarketing and consumer research testing entities, “identity” curation specialists and advertisers...We submit as representative of today’s commercial surveillance complex the treatment of medical condition and health data. It incorporates many of the features that can answer the questions the commission seeks. There is widespread data gathering on individuals and communities, across their devices and applications; techniques to solicit information are intrusive, non-transparent, and out of meaningful scope for consumer control; these methods come at a cost to a person’s privacy and pocketbook, and potentially has significant consequences to their welfare. There are also societal impacts here, for the country’s public health infrastructure as well as with the expenditures the government must make to cover the costs for prescription drugs and other medical services...Health and pharma marketers have adopted the latest data-driven surveillance-marketing tactics—including targeting on all of a consumer’s devices (which today also includes streaming video delivered by Smart TVs); the integration of actual consumer purchase data for more robust targeting profiles; leveraging programmatic ad platforms; working with a myriad of data marketing partners; using machine learning to generate insights for granular consumer targeting; conducting robust measurement to help refine subsequent re-targeting; and taking advantage of new ways to identify and reach individuals—such as “Identity Graphs”— across devices. [complete filing for the FTC's Commercial Surveillance rulemaking attached]cddsurveillancehealthftc112122.pdfJeff Chester
-
Commercial Surveillance expands via the "Big" Screen in the Home Televisions now view and analyze us—the programs we watch, what shows we click on to consider or save, and the content reflected on the “glass” of our screens. On “smart” or connected TVs, streaming TV applications have been engineered to fully deliver the forces of commercial surveillance. Operating stealthily inside digital television sets and streaming video devices is an array of sophisticated “adtech” software. These technologies enable programmers, advertisers and even TV set manufacturers to build profiles used to generate data-driven, tailored ads to specific individuals or households. These developments raise important questions for those concerned about the transparency and regulation of political advertising in the United States.Also known as “OTT” (“over-the-top” since the video signal is delivered without relying on traditional set-top cable TV boxes), the streaming TV industry incorporates the same online advertising techniques employed by other digital marketers. This includes harvesting a cornucopia of information on viewers through alliances with leading data-brokers. More than 80 percent of Americans now use some form of streaming or Smart TV-connected video service. Given such penetration, it is no surprise that streaming TV advertising is playing an important role in the upcoming midterm elections. And, streaming TV will be an especially critical channel for campaigns to vie for voters in 2024. Unlike political advertising on broadcast television or much of cable TV, which is generally transmitted broadly to a defined geographic market area, “addressable” streaming video ads appear in programs advertisers know you actually watch (using technologies such as dynamic ad insertion). Messaging for these ads can also be fine-tuned as a campaign progresses, to make the message more relevant to the intended viewer. For example, if you watch a political ad and then sign up to receive campaign literature, the next TV commercial from a candidate or PAC can be crafted to reflect that action. Or, if your data profile says you are concerned about the costs of healthcare, you may see a different pitch than your nextdoor neighbor who has other interests. Given the abundance of data available on households, including demographic details such as race and ethnicity, there will also be finely tuned pitches aimed at distinct subcultures produced in multiple languages.An estimated $1.4 billion dollars will be spent on streaming political ads for the midterms (part of an overall $9 billion in ad expenditures). With more people “cutting the cord” by signing up for cheaper, ad-supported streaming services, advances in TV technologies to enable personalized data-driven ad targeting, and the integration of streaming TV as a key component of the overall online marketing apparatus, it is evident that the TV business has changed. Even what’s considered traditional broadcasting has been transformed by digital ad technologies. That’s why it’s time to enact policy safeguards to ensure integrity, fairness, transparency and privacy for political advertising on streaming TV. Today, streaming TV political ads already combine information from voter records with online and offline consumer profile data in order to generate highly targeted messages. By harvesting information related to a person’s race and ethnicity, finances, health concerns, behavior, geolocation, and overall digital media use, marketers can deliver ads tied to our needs and interests. In light of this unprecedented marketing power and precision, new regulations are needed to protect consumer privacy and civic discourse alike. In addition to ensuring voter privacy, so personal data can’t be as readily used as it is today, the messaging and construction of streaming political ads must also be accountable. Merely requiring the disclosure of who is buying these ads is insufficient. The U.S. should enact a set of rules to ensure that the tens of thousands of one-to-one streaming TV ads don’t promote misleading or false claims, or engage in voter suppression and other forms of manipulation. Journalists and campaign watchdogs must have the ability to review and analyze ads, and political campaigns need to identify how they were constructed—including the information provided by data brokers and how a potential voter’s viewing behaviors were analyzed (such as with increasingly sophisticated machine learning and artificial intelligence algorithms). For example, data companies such as Acxiom, Experian, Ninth Decimal, Catalina and LiveRamp help fuel the digital video advertising surveillance apparatus. Campaign-spending reform advocates should be concerned. To make targeted streaming TV advertising as effective as possible will likely require serious amounts of money—for the data, analytics, marketing and distribution. Increasingly, key gatekeepers control much of the streaming TV landscape, and purchasing rights to target the most “desirable” people could face obstacles. For example, smart TV makers– such as LG, Roku, Vizio and Samsung– have developed their own exclusive streaming advertising marketplaces. Their smart TVs use what’s called ACR—”automated content recognition”—to collect data that enables them to analyze what appears on our screens—“second by second.” An “exclusive partnership to bring premium OTT inventory to political clients” was recently announced by LG and cable giant Altice’s ad division. This partnership will enable political campaigns that qualify to access 30 million households via Smart TVs, as well as the ability to reach millions of other screens in households known to Altice. Connected TVs also provide online marketers with what is increasingly viewed as essential for contemporary digital advertising—access to a person’s actual identity information (called “first-party” data). Streaming TV companies hope to gain permission to use subscriber information in many other ways. This practice illustrates why the Federal Trade Commission’s (FTC) current initiative designed to regulate commercial surveillance, now in its initial stage, is so important. Many of the critical issues involving streaming political advertising could be addressed through strong rules on privacy and online consumer protection. For example, there is absolutely no reason why any marketer can so easily obtain all the information used to target us, such as our ethnicity, income, purchase history, and education—to name only a few of the variables available for sale. Nor should the FTC allow online marketers to engage in unfair and largely stealth tactics when creating digital ads—including the use of neuroscience to test messages to ensure they respond directly to our subconscious. The Federal Communications Commission (FCC), which has largely failed to address 21st century video issues, should conduct its own inquiry “in the public interest.” There is also a role here for the states, reflecting their laws on campaign advertising as well as ensuring the privacy of streaming TV viewers.This is precisely the time for policies on streaming video, as the industry becomes much more reliant on advertising and data collection. Dozens of new ad-supported streaming TV networks are emerging—known as FAST channels (Free Ad Supported TV)—which offer a slate of scheduled shows with commercials. Netflix and Disney+, as well as Amazon, have or are soon adopting ad-supported viewing. There are also coordinated industry-wide efforts to perfect ways to more efficiently target and track streaming viewers that involve advertisers, programmers and device companies. Without regulation, the U.S. streaming TV system will be a “rerun” of what we historically experienced with cable TV—dashed expectations of a medium that could be truly diverse—instead of a monopoly—and also offer both programmers and viewers greater opportunities for creative expression and public service. Only those with the economic means will be able to afford to “opt-out” of the advertising and some of the data surveillance on streaming networks. And political campaigns will be allowed to reach individual voters without worry about privacy and the honesty of their messaging. Both the FTC and FCC, and Congress if it can muster the will, have an opportunity to make streaming TV a well-regulated, important channel for democracy. Now is the time for policymakers to tune in.***This essay was originally published by Tech Policy Press.Support for the Center for Digital Democracy’s review of the streaming video market is provided by the Rose Foundation for Communities and the Environment.Jeff Chester
-
Blog
Protecting Children and Teens from Unfair and Deceptive Marketing, including Stealth Advertising
CDD Comments to FTC for "Stealth" Marketing Inquiry The Center for Digital Democracy (CDD) urges the FTC to develop and implement a set of policies designed to protect minors under 18 from being subjected to a host of pervasive, sophisticated and data-driven digital marketing practices. Children and teens are targeted by an integrated set of online marketing operations that are manipulative, unfair, invasive and can be especially harmful to their mental and physical health. The commission should make abundantly clear at the forthcoming October workshop that it understands that the many problems generated by contemporary digital marketing to youth transcend narrow categories such as “stealth advertising” and “blurred content.” Nor should it propose “disclosures” as a serious remedy, given the ways advertising is designed using data science, biometrics, social relationships and other tactics. Much of today’s commercially supported online system is purposefully developed to operate as “stealth”—from product development, to deployment, to targeting, tracking and measurement. Age-based cognitive development capacities to deal with advertising, largely based on pre-digital (especially TV) research, simply don’t correspond to the methods used today to market to young people. CDD calls on the commission to acknowledge that children and teenagers have been swept into a far reaching commercial surveillance apparatus.The commission should propose a range of safeguards to protect young people from the current “wild west” of omnichannel directed at them. These safeguards should address, for example, the role market research and testing of child and teen-directed commercial applications and messaging play in the development of advertising; how neuromarketing[pdf] practices designed to leverage a young person’s emotions and subconscious are used to deliver “implicit persuasion”; the integration by marketers and platforms of “immersive” applications, including augmented and virtual reality, designed to imprint brand and other commercial messages; the array of influencer-based strategies, including the extensive infrastructure used by platforms and advertisers to deliver, track and measure their impact; the integration of online marketing with Internet of Things objects, including product packaging and the role of QR codes, (experiential marketing) and digital out-of-the-home advertising screens; as well as contemporary data marketing operations that use machine learning and artificial intelligence to open up new ways for advertisers to reach young people online. AI services increasingly deliver personalized content online, further automating the advertising process to respond in real-time.It is also long overdue for the FTC to investigate and address how online marketing targets youth of color, who are subjected to a variety of advertising practices little examined by privacy and other regulators.The FTC should use all its authority and power to stop data-driven surveillance marketing to young people under 18; end the role sponsored influencers play; enact rules designed to protect the online privacy for teens 13-17 who are now subjected to ongoing tracking by marketers; and propose policies to redress the core methods employed by digital advertisers and online platforms to lure both children and teens. For more than 20 years, CDD and its allies have urged the FTC to address the ways digital marketing has undermined consumer protection and privacy, especially for children and adolescents. Since the earliest years of the commercial internet, online marketers have focused on young people, both for the revenues they deliver as well as to secure loyalty from what the commercial marketing industry referred to as “native” users. The threat to their privacy, as well as to their security and well-being, led to the complaint our predecessor organization filed in 1996, which spurred the passage of the Children’s Online Privacy Protection Act (COPPA) in 1998. COPPA has played a modest role protecting some younger children from experiencing the totality of the commercial surveillance marketing system. However, persistent failures of the commission to enforce COPPA; the lack of protections for adolescents (despite decades-long calls by advocates for the agency to act on this issue); and a risk-averse approach to addressing the methods employed by the digital advertising, even when applied to young people, have created ongoing threats to their privacy, consumer protection and public health. In this regard, we urge the commission to closely review the comments submitted in this proceeding by our colleague Fairplay and allies. We are pleased Fairplay supports these comments.If the FTC is to confront how the forces of commercial digital surveillance impact the general public, the building blocks to help do so can be found in this proceeding. Young people are exposed to the same unaccountable forces that are everywhere online: a largely invisible, ubiquitous, and machine-intelligence-driven system that tracks and assesses our every move, using an array of direct and indirect techniques to influence behaviors. If done correctly, this proceeding can help inform a larger policy blueprint for what policy safeguards are needed—for young people and for everyone else.The commission should start by reviewing how digital marketing and data-gathering advertising applications are “baked in” at the earliest stages of online content and device development. These design and testing practices have a direct impact on young people. Interactive advertising standards groups assess and certify a host of approved ad formats, including for gaming, mobile, native advertising, and streaming video. Data practices for digital advertising, including ways that ads are delivered through the behavioral/programmatic surveillance engines, as well as their measurement, are developed through collaborative work involving trade organizations and leading companies. Platforms such as Meta, as well as ad agencies, adtech companies, and brands, also have their own variations of these widely adopted formats and approaches. The industry-operated standards process for identifying new methods for digital advertising, including the real-world deployment of applications such “playable” ads or the ways advertisers can change its personalized messaging in real-time, have never been seriously investigated by the commission. A review of the companies involved show that many are engaged in digital marketing to young people.Another critical building block of contemporary digital marketing to address when dealing with youth-directed advertising is the role of “engagement.” As far back as 2006, the Interactive Advertising Bureau (IAB) recognized that to effectively secure the involvement of individuals with marketing communications, at both the subconscious and conscious levels, it was necessary to define and measure the concept of engagement. IAB initially defined “Engagement… [as] turning on a prospect to a brand idea enhanced by the surrounding context..” By 2012, there were more elaborate definitions identifying “three major forms of engagement… cognitive, physical and emotional.” A set of corresponding metrics, or measurement tools, were used, including those tracking “attention” (“awareness, interest, intention”); emotional and motor functioning identified through biometrics (“heart palpitations, pupil dilation, eye tracking”); and through omnipresent tracking of online behaviors (“viewability and dwell time, user initiated interaction, clicks, conversions, video play rate, game play”). Today, research and corresponding implementation strategies for engagement are an ongoing feature for the surveillance-marketing economy. This includes conducting research and implementing data-driven and other ad strategies targeting children—known as “Generation Alpha”—children 11 and younger—and teens—“Generation Z.”We will briefly highlight some crucial areas this proceeding should address:Marketing and product research on children and adolescents: An extensive system designed to ensure that commercial online content, including advertising and marketing, effectively solicits the interest and participation of young people, is a core feature of the surveillance economy. A host of companies are engaged in multi-dimensional market research, including panels, labs, platforms, streaming media companies, studios and networks, that have a direct impact on the methods used to advertise and market to youth. CDD believes that such product testing, which can rely on a range of measures designed to promote “implicit persuasion” should be considered an unfair practice generally. Since CDD and U.S. PIRG first urged the commission to investigate neuromarketing more than a decade ago, this practice has in ways that enable it to play a greater role influencing how content and advertising is delivered to young people.For example, MediaScience (which began as the Disney Media and Advertising Lab), serves major clients including Disney, Google, Warner Media, TikTok, Paramount, Fox and Mars. It conducts research for platforms and brands using such tools as “neurometrics (skin conductivity and heart rate), eye tracking, facial coding, and EEGs, among others, that assess a person’s responses across devices. Research is also conducted outside of the lab setting, such as directly through a subject’s “actual Facebook feed.” It has a panel of 80,000 households in the U.S., where it can deliver digital testing applications using a “variety of experimental designs… facilitated in the comfort of people’s homes.” The company operates a “Kids” and “Teens” media research panel. Emblematic of the far-reaching research conducted by platforms, agencies and brands, in 2021 TikTok’s “Marketing Science team” commissioned MediaScience to use neuromarketing research to test “strong brand recall and positive sentiment across various view durations.” The findings indicated that “ads on TikTok see strong brand recall regardless of view duration…. Regardless of how long an ad stays on screen, TikTok draws early attention and physiological engagement in the first few seconds.”NBCUniversal is one of the companies leveraging the growing field of “emotional analytics” to help advance advertising for streaming and other video outlets. Comcast’s NBCU is using “facial coding and eye-tracking AI to learn an audience’s emotional response to a specific ad.” Candy company Mars just won a “Best Use of Artificial Intelligence” award for its “Agile Creative Expertise (ACE) tool that “tracks attentional and emotional response to digital video ads.” Mars is partnering with neuromarketer Realeyes to “measure how audience’s attention levels respond as they view Mars' ads.Knowing what captures and retains attention or even what causes distraction, generated intelligence that enabled Mars to optimize the creative itself or the selection of the best performing ads across platforms including TikTok, Facebook, Instagram and YouTube.” TikTok, Meta/Facebook, and Google have all used a variety of neuromarketing measures. The Neuromarketing Science and Business Association (NMSBA) includes many of the leading companies in this field as members. There is also an “Attention Council” within the digital marketing industry to help advance these practices, involving Microsoft, Mars, Coca-Cola, AB/InBev, and others. A commercial research infrastructure provides a steady drumbeat of insights so that marketers can better target young people on digital devices. Children’s streaming video company Wildbrain, for example, partnered with Ipsos for its 2021 research report, “The Streaming Generation,” which explained that “Generation Alpha [is] the most influential digital generation yet…. They have never known a world without digital devices at their fingertips, and for Generation Alpha (Gen A), these tech-first habits are now a defining aspect of their daily lives.” More than 2,000 U.S. parents and guardians of children 2-12 were interviewed for the study, which found that “digital advertising to Gen A influences the purchasing decisions of their parents…. Their purchasing choices, for everything from toys to the family car, are heavily influenced by the content kids are watching and the ads they see.” The report explains that among the “most popular requests” are toys, digital games, clothing, tech products and “in-game currencies” for Roblox and Fortnite.Determining the levels of “brand love” by children and teens, such as the use of “Kidfinity” and “Teenfinity” scores—“proprietary measures of brand awareness, popularity and love”—are regularly provided to advertisers. Other market researchers, such as Beano Studios, offer a “COPPA-compliant” “Beano Brain Omnibus” website that, through “games, quizzes, and bespoke questions” for children and teens, “allows bands to access answers to their burning questions.” These tools help marketers better identify, for example, the sites—such as TikTok—where young people spend time. Among the other services Beano provides, which reflect many other market-research companies’ capabilities, are “Real-time UX/UI and content testing—in the moment, digital experience exploration and evaluation of brands websites and apps with kids and teens in strawman, beta or live stages,” and “Beano at home—observing and speaking to kids in their own homes. Learning how and what content they watch.” Adtech and other data marketing applications: In order to conduct any “stealth” advertising inquiry, the FTC should review the operations of contemporary “Big Data”-driven ad systems that can impact young people. For example, Disney has an extensive and cutting-edge programmatic apparatus called DRAX(Disney Real-Time Ad Exchange) that is delivering thousands of video-based campaigns. DRAX supports “Disney Select,” a "suite of ad tech solutions, providing access to an extensive library of first-party segments that span the Disney portfolio, including streaming, entertainment and sports properties…. Continuously refined and enhanced based on the countless ways Disney connects with consumers daily. Millions of data inputs validated through data science…. Advertisers can reach their intended audiences by tapping into Disney’s proprietary Audience Graph, which unifies Disney’s first party data and audience modeling capabilities….” As of March 2022, Disney Select contained more than 1,800 “audience segments built from more than 100,000 audience attributes that fuel Disney’s audience graph.” According to Disney Advertising, its “Audience Graph” includes 100 million households, 160 million connected TV devices and 190 million device IDs, which enables modeling to target households and families. Children and teens are a core audience for Disney, and millions of their households receive its digital advertising. Many other youth-directed leading brands have developed extensive internal adtech applications designed to deliver ongoing and personalized campaigns. For example, Pepsi, Coca-Cola, McDonald’s, and Mondelez have in-house capabilities and extensive partnerships that create targeted marketing to youth and others. The ways that “Big Data” analytics affect marketing, especially how insights can be used to target youth, should be reviewed. Marketers will say to the FTC that they are only targeting 18-year-olds and over, but an examination of their actual targets, and asking for child-related brand-safety data they collect, should provide the agency with a robust response to such claims.New methods to leverage a person’s informational details and then target them, especially without “cookies,” requires the FTC to address how this is being used to market to children and teens. This review should also be extended to “contextual” advertising, since that method has been transformed through the use of machine learning and other advanced tactics—called “Contextual 2.0.”Targeting youth of color: Black, Hispanic, Asian-American and other “multicultural” youth, as the ad industry has termed it, are key targets for digital advertising. An array of research, techniques, and services is focused on these young people, whose behaviors online are closely monitored by advertisers. A recent case study to consider is the McDonald’s U.S. advertising campaign designed to reverse its “decline with multicultural youth.” The goal of its campaign involving musician Travis Scott was to “drive penetration by bringing younger, multicultural customers to the brands… and drive immediate behavior too.” As a case study explains, “To attract multicultural youth, a brand… must have cultural cachet. Traditional marketing doesn’t work with them. They don’t watch cable TV; they live online and on social media, and if you are not present there you’re out of sight, out of mind.”It’s extremely valuable to identify some of the elements involved in this case, which are emblematic of the integrated set of marketing and advertising practices that accompany so many campaigns aimed at young people. These included working with a celebrity/influencer who is able to “galvanize youth and activate pop culture”; offering “coveted content—keepsakes and experiences to fuel the star’s fanbase, driving participation and sales”; employing digital strategies through a proprietary (and data-collecting) “app to bring fans something extra and drive digital adoption”; and focusing on “affordability”—to ensure “youth with smaller wallets” would participate. To illustrate how expenditures for paid advertising are much less relevant with digital marketing, McDonald’s explains that “Before a single dollar had been spent on paid media, purely on the strength of a few social posts by McDonald’s and Travis Scott, and reporting in the press, youth were turning up at restaurants across the country, asking for the Travis Scott meal.” This campaign was a significant financial success for McDonald’s. Its partnership with this influencer was effective as well in terms of “cultural response: hundreds of thousands of social media mentions and posts, fan-art and memes, unboxing videos of the meal…, fans selling food and stolen POS posters on eBay…, the multi merch drops that sold out in seconds, the framed receipts.” Online ads targeted to America’s diverse communities of young people, who can also be a member of a group at risk (due to finances, health, and the like) have long required an FTC investigation. The commission should examine the data-privacy and marketing practices on these sites, including those that communicate via languages other than English.Video and Video Games: Each of these applications have developed an array of targeted advertising strategies to reach young people. Streaming video is now a part of the integrated surveillance-marketing system, creating a pivotal new place to reach young people, as well as generate data for further targeting. Children and teens are viewing video content on Smart TVs, other streaming devices, mobile phones, tablets as well as computers. Household data where young people reside, which is amplified through the use of a growing number of “identity” tools that permit cross-device tracking, enable an array of marketing practices to flourish. The commission should review the data-gathering, ad-formatting, and other business practices that have been identified for these “OTT” services and how they impact children and teens. There are industry-approved ad-format guidelines for digital video and Connected TV. Digital video ads can use “dynamic overlays,” “shoppable and actionable video,” “voice-integrated video ads,” “sequential CTV creative,” and “creative extensions,” for example. Such ad formats and preferred practices are generally not vetted in terms of how they impact the interests of young people.Advertisers have strategically embedded themselves within the video game system, recognizing that it’s a key vantage point to surveil and entice young people. One leading quick-service restaurant chain that used video games to “reach the next generation of fast-food fans” explained that “gaming has become the primary source of entertainment for the younger generation. Whether playing video games or watching others play games on social platforms, the gaming industry has become bigger than the sports and music industries combined. And lockdowns during the global pandemic accelerated the trend. Gaming is a vital part of youth culture.” Illustrating that marketers understand that traditional paid advertising strategies aren’t the most effective to reach young people, the fast-food company decided to “approach gaming less like an advertising channel and more like an earned social and PR platform…. [V]ideo games are designed as social experiences.” As Insider Intelligence/eMarketer reported in June 2022, “there’s an ad format for every brand” in gaming today, including interstitial ads, rewarded ads, offerwalls, programmatic in-game ads, product placement, advergames, and “loot boxes.” There is also an “in-game advertising measurement” framework, recently released for public comment by the IAB and the Media Ratings Council. This is another example where leading advertisers, including Google, Microsoft, PepsiCo and Publicis, are determining how “ads that appear within gameplay” operate. These guidelines will impact youth, as they will help determine the operations of such ad formats as “Dynamic In-Game Advertising (DIGA)—Appear inside a 3D game environment, on virtual objects such as billboards, posters, etc. and combine the customization of web banners where ads rotate throughout the play session”; and “Hardcoded In-Game Ad Objects: Ads that have not been served by an ad server and can include custom 3D objects or static banners. These ads are planned and integrated into a video game during its design and development stage.” Leading advertising platforms such as Amazon sell as a package video ads reaching both streaming TV and gaming audiences. The role of gaming and streaming should be a major focus in October, as well as in any commission follow-up report.Influencers: What was once largely celebrity-based or word-of mouth style endorsements has evolved into a complex system including “nano-influencers (between 1,000 and 10,000 followers); micro-influencers (between 10,000 and 100,000); macro-influencers (between 100,000 and a million); and mega or celebrity influencers (1 million-plus followers). According to a recent report in the Journal of Advertising Research, “75 percent of marketers are now including social-media influencers in their marketing plans, with a worldwide market size of $2.3 billion in 2020.” Influencer marketing is also connected to social media marketing generally, where advertisers and others have long relied on a host of surveillance-related systems to “listen,” analyze and respond to people’s social online communications.Today, a generation of “content creators” (aka influencers) is lured into becoming part of the integrated digital sales force that sells to young people and others. From “unboxing videos” and “virtual product placement” in popular content, to “kidfluencers” like Ryan’s World and “brand ambassadors” lurking in video games, to favorite TikTok creators pushing fast-food, this form of digital “payola” is endemic online.Take Ryan’s World. Leveraging “more than one billion views” on YouTube, as well as a Nickelodeon show, has “catapulted him... to a global multi-category force,” notes his production and licensing firm. The deals include a “preschool product line in multiple categories, “best in class partnerships, and a “Tag with Ryan” app that garnered 16 million downloads. Brands seeking help selling products, says Ryan’s media agency, “can connect with its kid fanbase of millions that leverages our world-class portfolio of kid-star partners to authentically and seamlessly connect your brand with Generation Alpha across YouTube, social media, mobile games, and OTT channels—everywhere kids tune in!... a Generation Alpha focused agency that delivers more than 8 BILLION views and 100 MILLION unique viewers every month!” (its emphasis). Also available is a “custom content and integrations” feature that can “create unique brand experiences with top-tier kid stars.” Ryan’s success is not unique, as more and more marketers create platforms and content, as well as merge companies, to deliver ads and marketing to children and teens. An array of influencer marketing platforms that offer “one-stop” shopping for brands to employ influencers, including through the use of programmatic marketing-like data practices (to hire people to place endorsements, for example) is a core feature of the influencer economy. There are also software programs so brands and marketers can automate their social influencer operations, as well as social media “dashboards” that help track and analyze social online conversations, brand mentions and other communications. The impact of influencers is being measured through a variety of services, including neuromarketing. Influencers are playing a key role in “social commerce,” where they promote the real-time sales of products and services on “shoppable media.” U.S. social commerce sales are predicted to grow to almost $80 billion in 2025 from its 2022 estimated total of $45.74 billion. Google, Meta, TikTok, Amazon/Twitch and Snapchat all have significant influencer marketing operations. As Meta/Facebook recently documented, there is also a growing role for “virtual” influencers that are unleashed to promote products and services. While there may be claims that many promotions and endorsements should be classified as “user generated content” (UGC), we believe the commission will find that the myriad influencer marketing techniques often play a role spurring such product promotion.The “Metaverse”: The same forces of digital marketing that have shaped today’s online experience for young people are already at work organizing the structure of the “metaverse.” There are virtual brand placements, advertisements, and industry initiatives on ad formats and marketing experiences. Building on work done for gaming and esports, this rapidly emerging marketing environment poses additional threats to young people and requires timely commission intervention.Global Standards: Young people in the U.S. have fewer protections than they do in other countries and regions, including the European Union and the United Kingdom. In the EU, for example, protections are required for young people until they are 18 years of age. The impact of the GDPR, the UK’s Design Code, the forthcoming Digital Services Act (and even some self-regulatory EU initiatives by companies such as Google) should be assessed. In what ways do U.S.-based platforms and companies provider higher or more thorough safeguards for children when they are required to do so outside of this country? The FTC has a unique role to ensure that U.S. companies operating online are in the forefront—not in the rear—of protecting the privacy and interests of children.The October Workshop: Our review of the youth marketing landscape is just a partial snapshot of the marketplace. We have not discussed “apps” and mobile devices, which pose many concerns, including those related to location, for example. But CDD hopes this comment will help inform the commission about the operations of contemporary marketing and its relationship to young people. We call on the FTC to ensure that this October, we are presented with an informed and candid discussion of the nature and impact of today’s marketing system on America’s youth.ftcyouthmarketing071822.pdfJeff Chester -
Considering Privacy Legislation in the context of contemporary digital data marketing practices Last week, the leading global advertisers, online platforms and data marketers gathered for the most important awards given by the ad industry—the “Cannes Lions.” Reviewing the winners and the “shortlist” of runners-up—competing in categories such as “Creative Data,” “Social and Influencer,” “Brand Experience & Activation,” “Creative Commerce” and “Mobile”—is essential to learn where the data-driven marketing business—and ultimately much of our digital experiences—is headed. An analysis of the entries reveals a growing role for machine learning and artificial intelligence in the creation of online marketing, along with geolocation tracking, immersive content and other “engagement” technologies. One takeaway, not surprisingly, is that the online ad industry continues to perfect techniques to secure our interest in its content so it can to gather more data from us.A U.S.-based company that also generated news during Cannes was The Trade Desk, a relatively unknown data marketing service that is playing a major role assisting advertisers and content providers to overcome any new privacy challenges posed by emerging or future legislation. The Trade Desk announced last week a further integration of its data and ad-targeting service with Amazon’s cloud AWS division, as well as a key role assisting grocer Albertsons new digital ad division. The Trade Desk has brokered a series of alliances and partnerships with Walmart, the Washington Post, Los Angeles Times, Gannett, NBC Universal, and Disney—to name only a few.There are several reasons these marketers and content publishing companies are aligning themselves with The Trade Desk. One of the most important is the company’s leadership in developing a method to collect and monetize a person’s identity for ongoing online marketing. “Unified ID 2.0” is touted to be a privacy-focused method that enables surveillance and effective ad targeting. The marketing industry refers to these identity approaches as “currencies” that enable the buying and selling of individuals for advertising. There are now dozens of identity “graph” or “identity spine” services, in addition to UDID, which reflect far-reaching partnerships among data brokers, publishers, adtech specialists, advertisers and marketing agencies. Many of these approaches are interoperable, such as the one involving Acxiom spin-off LiveRamp and The Trade Desk. A key goal, when you listen to what these identity brokers say, is that they would like to establish a universal identifier for each of us, to directly capture our attention, reap our data, and monetize our behavior. For the last several years, as a result of the enactment of the GDPR in the EU, the passage of privacy legislation in California, and the potential of federal privacy legislation, Google, Apple, Firefox and others have made changes or announced plans related to their online data practices. So-called “third party cookies,” which have long enabled commercial surveillance, are being abandoned—especially since their role has repeatedly raised concerns from data-protection regulators. Taking their place are what the surveillance marketing business believes are privacy-regulation-proof strategies. There are basically two major, but related, efforts that have been underway—here in the U.S. and globally.The first tactic is for a platform or online publisher to secure the use of our information through an affirmative consent process—called a “first-party” data relationship in the industry. The reasoning goes is that an individual wants an ongoing interaction with the site—for news, videos, groceries, drugs and other services, etc. Under this rationale, we are said to understand and approve how platforms and publishers will use our information as part of the value exchange. First-party data is becoming the most valuable asset in the global digital marketing business, enabling ongoing collection, generating insights, and helping maintain the surveillance model. It is considered to have few privacy problems. All the major platforms that raise so many troubling issues—including Google, Amazon, Meta/Facebook—operate through extensive first-party data relationships. It’s informative to see how the lead digital marketing trade group—the Interactive Advertising Bureau (IAB)—explains it: “ “first party data is your data…presents the least privacy concerns because you have full control over its collection, ownership and use.”The second tactic is a variation on the first, but also relies on various forms of identity-resolution strategies. It’s a response in part to the challenges posed by the dominance of the “walled garden” digital behemoths (Google, etc.) as well the need to overcome the impact of privacy regulation. These identity services are the replacement for cookies. Some form of first-party data is captured (and streaming video services are seen as a gold mine here to secure consent), along with additional information using machine learning to crunch data from public sources and other “signals.” Multimillion member panels of consumers who provide ongoing feedback to marketers, including information about their online behaviors, also help better determine how to effectively fashion the digital targeting elements. The Trade Desk-led UDID is one such identity framework. Another is TransUnion’s “Fabrick,” which “provides marketers with a sustainable, privacy-first foundation for all their data management, marketing and measurement needs.” Such rhetoric is typical of how the adtech/data broker/digital marketing sectors are trying to reframe how they conduct surveillance.Another related development, as part of the restructuring of the commercial surveillance economy, is the role of “data clean rooms.” Clean rooms enable data to be processed under specific rules set up by a marketer. As Advertising Agerecently explained, clean rooms enable first-party and other marketers to provide “access to their troves of data.” For Comcast’s NBCU division and Disney, this treasure chest of information comes from “set-top boxes, streaming platforms, theme parks and movie studios.” Various privacy rules are supposed to be applied; in some cases where they have consent, two or more parties will exchange their first-party data. In other cases, where they may not have such open permission, they will be able to “create really interesting ad products; whether it's a certain audience slice, or audience taxonomy, or different types of ad units….” As an NBCU executive explained about its clean room activity, “we match the data, we build custom audiences…we plan, activate and we measure. The clean room is now the safe neutral sandbox where all the parties can feel good sharing first party data without concerns of data leakage.”We currently have at least one major privacy bill in Congress that includes important protections for civil rights and restricts data targeting of children and teens, among other key provisions. It’s also important when examining these proposals to see how effective they will be in dealing with the surveillance marketing industry’s current tactics. If they don’t effectively curtail what is continuous and profound surveillance and manipulation by the major digital marketers, and also fail to rein in the power of the most dominant platforms, will such a federal privacy promise really deliver? We owe it to the public to determine whether such bills will really “clean up” the surveillance system at the core of our online lives.
-
Deal reflects Big Tech move to grab more data for omnipresent tracking & targeting Microsoft is rapidly expanding its surveillance advertising complex—first acquiring AT&T’s powerful Xandr targeting system last December, and adding a few weeks later the online gaming and eSports giant Activision Blizzard. The combination of Microsoft, AT&T and Activision assets raises a set of concerns regarding competition in the gaming and eSports marketplaces; privacy/surveillance protections, given the pervasive data gathering on users; and consumer protection, such as the methods that Microsoft and Activision (and other gaming services) implement to monetize players (including youth) through in-stream advertising and other marketing efforts. It also has implications for the ways we protect privacy in streaming media as well as in the evolving “metaverse.”The FTC must review this proposed deal, with the agency’s privacy and consumer-protection roles at the fore. This proposed Microsoft/Activision combination is emblematic of the ongoing transformation of how Big Tech companies track and target people across all their devices and applications. In order to continue its surveillance-advertising-based model, the online industry is undergoing a massive shift in tactics. It is pivoting to what’s called a “First-Party” data use strategy, claiming that it is obtaining our permission to continue to follow us online and deliver personalized ads and marketing. Getting our consent is the Big Tech plan to undermine any privacy legislation in the U.S. and elsewhere. For example, if this merger goes through, users of Activision games will likely be asked to consent to data collection and tracking on all of Microsoft’s services—such as Bing and LinkedIn. Given that Microsoft and Activision have already baked into its ad services relationships with Google and Meta/Facebook, this acquisition also illustrates the numerous deals that are aligned in all of these digital giants. Owning Xandr will bring a host of additional surveillance advertising resources to Microsoft’s already robust consumer-profiling and marketing infrastructure (including information contributed by AT&T’s own data practices). As explained in the data marketing newsletter AdExchanger, the Xandr and Activision acquisitions, if approved, will enable the leveraging of Microsoft’s already “strong first-party data set and monetize inventory across its wide portfolio of platforms, including its video game business, LinkedIn, Bing, Edge, Office 365, Skype and more.” Microsoft was already working with AT&T’s Xandr surveillance ad targeting apparatus, including for its gaming division. For example Xandr explains that its enables marketers to “Access real users in immersive and engaging environments” via its current ability to target people thru the Microsoft Advertising Exchange.Microsoft’s data targeting currently involves its “Microsoft Search Network,” which “sees 14.6 billion monthly searches globally across nearly 700 million users. Its Audience Network engages in an array of targeting tactics, including via leveraging a person’s identity, location, use of LinkedIn or other sites and a variety of “custom” approaches. Advertisers are able to “target audiences…across more than 1 billion Window devices.” Microsoft also offers its “Dynamics 365 Customer Insights” data platform to help marketers package their own data to use on its ad platform. Activision engages in an array of ad practices that raise concerns about unfairness and privacy, from in-stream ads to “rewarded videos” to product placement. As it explains, “Activision Blizzard Media connects brands and players with fan-first integrated advertising experiences across gaming and esports…. We create user-initiated in-game advertising experiences that allow brands to reward 245M+ players at key moments of gameplay to drive reach, frequency and engagement…. In-game User-initiated video ads allow brands to reward players at key moments of gameplay.”In this context, the FTC needs to review all the third-party tracking YouTube-related companies serving ads to Activision Blizzard Esports, including Google Campaign Manager 360, Flashtalking, Adform, Innovid and Extreme Reach. For example, Flashtalking explains that it helps gaming services “drive customer lifetime value…, understand who bought your games, how they interact with your brand, and which touch points drove engagement.” Innovid helps marketers create “accurate, persistent identity across devices.” For measurement, which is also a privacy issue long overlooked by previous FTC commissions, we have Activision partners that include Oracle’s MOAT, Kantor, Google Campaign Manager, and others. Everything from potato chips, candy and toilet paper is pushed via its gaming services. Activision uses neuromarketing and other research-related online ad industry tactics to figure out how best to deliver marketing to its users (including teens)—all of which have privacy and consumer protection implications. For decades, the Federal Trade Commission has approved Big Tech mergers without examining their impact on consumer protection and privacy (and also on competition—think of all the Google and Facebook takeovers the commission has okayed). This is unacceptable. Gaming is a hugely important market, with a set of data-gathering tactics that impact both consumers and competition. We expect this FTC to do much better than what we have witnessed for the past several decades.
-
Documents 25 years of failures by agency to rein in practices that have eviscerated privacy and consumer protection in the U.S. and globallyThe Center for Digital Democracy (CDD) urges the Federal Trade Commission to develop a comprehensive set of rules to address a problem largely of its own making—the unfettered growth of commercial “surveillance marketing.” We submit this comment based on the nearly 25-year record of CDD and its key consumer-protection and privacy colleagues, providing detailed documentation and analysis of the need for the commission to regulate what is known as behavioral, programmatic and surveillance-based advertising.[1]The systemic and multiple failures of the FTC over the decades to respond meaningfully to the role and nature of online marketing—which has eviscerated the privacy rights of Americans (and consumers worldwide)—have enabled data-driven surveillance to thrive ubiquitously. Nearly every platform, application, device and experience in which Americans engage has been shaped by the commercial spying and manipulation apparatus that the commission has allowed to evolve and expand without constraint. In addition, by long ignoring the impact that the approval of countless mergers and acquisitions involving leading digital marketing companies had on commercial surveillance operations, the commission and Department of Justice have helped foster an online marketplace that is dominated by a few giants. There is no real competition in terms of how Americans are treated in the online surveillance marketing economy. Google, Meta/Facebook, Amazon and their partners set the global standards for how everyone else has to conduct data and digital marketing operations. FTC inaction on commercial surveillance practices has perversely promoted the widespread adoption of these practices. Today, nearly every major company is a big-data-driven information broker, surveillance advertiser, and real-time targeter of consumers.[2]At each critical moment—the expansion of behavioral advertising; the emergence of mobile marketing; the widespread adoption of programmatic, real-time, algorithmic-driven buying and selling of people for targeting ads; the deployment of omnichannel (cross-device) tracking and targeting; and the widespread integration of artificial intelligence and machine learning to deliver enhanced predictive targeting—the failure of the FTC to challenge the online data-driven model sent a message to the commercial surveillance industry, that it faced no serious regulatory or political consequences for its actions. This included regulatory immunity for the host of manipulative elements that are within the foundation of commercial surveillance, such as the deep analysis of a person’s emotions, interests, relationships, location, income, race, and ethnicity. By acting as an “enabler” to the forces that have shaped our online platform and experiences, the commission has done more than harm consumer protection, privacy and competition. It is also responsible for allowing the online platform marketplace to grow in ways that have undermined democracy, at once diminishing civic discourse, enabling efforts to promote voter suppression, and facilitating the communication and spread of hate speech and uncivil acts, among other major harms. FTC—“Eyes Wide Shut”: The commission has been engaged in risk-averse behaviors since the early 1980s, as a reaction to the successful attacks on it by the advertising lobby, which was able to convince Congress that the agency had engaged in regulatory excess when it tried to protect children from the harmful impact of marketing. The legacy of what is known as the “kidvid” episode, which resulted in a significant loss of its rulemaking authority, has permeated the agency’s operations for decades. It unleashed a “don’t ask, don’t tell” approach at the commission when it came to seriously confronting the impact of the digital marketplace on the public. Even when it came to children’s privacy—the one area where advocates had successfully convinced Congress to give the agency rulemaking authority—the agency repeatedly failed to enforce the law (allowing Google’s YouTube, for example, to openly violate COPPA for years, despite hearing repeatedly from advocates that it was doing so). The failure of the FTC to seriously implement its only congressionally mandated data-privacy law also sent a loud message to the data surveillance business that the commission wasn’t to be taken seriously.The commission has never condemned the online surveillance model developed by the digital marketing industry. It had countless opportunities to challenge behavioral ads, mobile and geo-location surveillance, social media profiling, and real-time buying and selling of individual profiles for the purposes of micro-targeted advertising.[3] In this comment, we will briefly highlight how the FTC has been an “enabler” of the unfettered operations of surveillance advertising, despite the many calls by CDD and its allies for the agency to act. The FTC and the Information Superhighway: At the earliest stages of what was then called the “Information Superhighway,” cyberspace, or the “National Information Infrastructure,” the FTC convened multiple “workshops” focused on privacy and related ecommerce issues. Reflecting the priorities of the then-Clinton administration, the commission spent several years imploring marketers to implement a set of “fair information practice” principles.[4]During this time, a number of consumer and privacy advocates urged the commission to call on Congress to regulate online data marketing practices. It was evident even then—especially to those who had tracked the online marketing business during the “dial-up” era, that privacy was not a priority at all for the marketing industry. The self-regulatory system was a total sham.[5]The lone exception to self-regulation was a data privacy law covering children 12 and under, an issue that this NGO’s predecessor group, the Center for Media Education (along with the Consumer Federation of America and the Institute for Public Representation, Georgetown University Law Center) championed—which led to the enactment of the Children’s Online Privacy Protection Act in 1998.[6]By the time the commission finally recommended (in 2000) that Congress enact privacy legislation “to supplement self-regulatory efforts and guarantee basic consumer protections,” the political winds had changed. There would be no further progress from Congress on privacy, given the clout of the big data marketing lobby.[7]Enabling behavioral advertising: In 2006, CDD and U.S. PIRG filed a complaint with the commission calling on it to use its Section 5 power to protect consumer privacy online. Specifically, we asked the commission to conduct an investigation of online advertising practices, focusing on five areas of concern: User Tracking/Web Analytics, Behavioral Targeting, Audience Segmentation, Data Gathering/Mining, and Industry Consolidation. As we explained in our petition, “Collectively, these five areas represented the foundations of an entirely new online environment, one in which engagement gives way to entrapment, in which personalization impinges on privacy.” The complaint discussed in detail all the methods used to track and target consumers, via their personal data, mobile phone use, and much more. It also urged action on the growing consolidation of what is now called the platform or ad-tech industry, explaining thatThe past few years have witnessed an alarming degree of consolidation in the Web analysis, advertising, and Internet data collection industries. The result of these transactions is not only the concentration of power in fewer hands, but also an increased ability, as our complaint has shown, for these companies to use their massive compilations of user data to violate consumer privacy in the U.S. Such consolidation within the core of the online marketing infrastructure also requires the FTC to conduct an anti-trust analysis to determine whether there is undue market power in this sector.[8]Ignoring the structure and consequences of behavioral advertising: In part due to the opposition to the proposed Google acquisition of DoubleClick that CDD, EPIC, U.S. PIRG and its allies in the U.S. and in the EU generated (discussed below), the commission convened several workshops, town halls and other forums focused on privacy and online data marketing. As CDD’s executive director, at the FTC’s 2007 “Ehavioral Advertising: Tracking, Targeting & Technology” event, warned, I just want to underscore that the future of online advertising has profound consequences for the future of our democracy and democracies everywhere. The kind of society we are creating right now for ourselves, and particularly our children, in many ways, is being shaped by the forces of advertising and marketing.... [W]e’ve watched since 2000 the ever-growing sophisticated array of techniques that had been deployed to track our every move, not just on individual websites, but through the development of new approaches called re-targeting where we were becoming digitally shadowed wherever we went, site to site…. [T]he time for fact-finding is over. The Commission is the designated Federal agency which is supposed to safeguard consumer privacy. It must act now to protect Americans from the unfair and deceptive practices that have evolved as part of what the industry calls the digital interactive marketing system.[9]Endorsing the monopolistic “Surveillance Marketplace”: In 2007, EPIC, U.S. PIRG, and CDD filed a complaint opposing plans by Google to acquire DoubleClick. As our initial filing explained, the acquisition, if approved, “will give one company access to more information about the Internet activities of consumers than any other company in the world.” In a supplemental petition, we explained that “the massive quantity of user information collected by Google coupled with DoubleClick’s business model of consumer profiling will enable the merged company to construct extremely intimate portraits of its users’ behavior.” We also identified a major conflict of interest at the commission regarding this deal. Needless to say, it was approved anyway, paving the way for the unprecedented role that Google now plays in our lives, with its domination of the commercial surveillance marketplace.[10] (CDD also raised objections to the Google/AdMob, Facebook/Instagram/WhatsApp, and other big-data-driven mergers that the FTC failed to address, again paving the way for the contemporary commercial surveillance apparatus).[11]Mobile surveillance: In 2009, CDD and U.S. PIRG urged the commission to “to protect consumers from a growing number of deceptive and unfair marketing practices and the resultant threats to consumer privacy that are a part of the rapidly growing U.S. mobile advertising landscape…. [M]obile devices, which know our location and other intimate details of our lives, are being turned into portable behavioral tracking and targeting tools….” The group’s FTC filing cited a Google official who called the mobile phone “the ultimate ad vehicle. It’s the first one ever in the history of the planet that people go to bed with. It’s ubiquitous across the world, across demographics, across age groups. People are giving these things to ever-younger children for safety and communication…. [I]t can know where you’ve been, where you’ve lingered, what store you stopped in, what car dealership you visited. It goes beyond any traditional advertising....” The complaint also discussed the myriad techniques, tactics, mergers and other critical issues to support the commission’s investigation and action.[12]Yet the FTC did nothing, and geolocation-based surveillance marketing has thrived, including via the leading platforms. Nor has the commission challenged cross-device tracking, a component of the surveillance marketing industry that financially benefited from the agency’s inability to protect consumer privacy, as unique identifiers are used to track and target the public.[13]Real-time programmatic, behavioral and algorithmic-based targeting: Also in 2009, CDD and U.S. PIRG submitted to the commission a comment as part of the agency’s “Privacy Roundtable” process, which noted thatToday, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990’s. So-called “one-to-one marketing,” where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach. …Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling. Behavioral targeting is just one tool in the interactive advertisers’ arsenal.... We are being intensively tracked on many individual websites and across the Internet.[14]The filing called for action to address the buying and selling of individuals via online ad exchanges and giants such as Google; identified many other leading companies and practices; and explained how all of this was affecting mobile-device and social media users. It documented how self-regulation had been a failure, and how the “self-learning of contemporary interactive ad systems” threaten privacy and consumer welfare. Again, the FTC ignored these issues, enabling today’s programmatic (surveillance marketing) system to evolve unchallenged. Surveillance marketing of health behaviors, including through social media: In 2010, CDD and allied consumer and privacy groups filed a petition on the role that behavioral advertising, as well as manipulative ad tactics such as “neuromarketing,” play in the promotion of health and medical products. Google, Microsoft, and others were the subjects of this complaint. As we explained,A far-reaching complex of health marketers has unleashed an arsenal of techniques to track and profile consumers, including so-called medical “condition targeting,” to eavesdrop on their online discussions via social media data mining; to collect data on their actions through behavioral targeting; to use viral and so-called “word-of-mouth” techniques online to drive interest in prescriptions, over-the counter drugs, and health remedies; and to influence their subconscious perceptions via pharma-focused “neuromarketing…. Digital marketing raises many distinct consumer protection and privacy issues, including an overall lack of transparency, accountability and personal control, which consumers should have over data collection and the various interactive applications used to track, target, and influence them online (including on mobile devices). The use of these technologies by pharmaceutical, health product, and medical information providers that directly affect the public health and welfare of consumers requires immediate action.[15]As before, the FTC did nothing. Failures with Google and Facebook consent-decree enforcement: EPIC, CDD and allied consumer and privacy organizations, which helped bring cases against Google and Facebook, repeatedly told high-level commission staff and commissioners that these entities were routinely violating their respective consent decrees.[16] The failure of the commission to enforce its own decrees—reflecting the inability of the agency to analyze contemporary digital data and online marketing practices—permitted these companies, and the industry as a whole, to expand their surveillance capabilities still further.Neglecting communities of color: CDD also has repeatedly urged the commission to investigate and address how racial and ethnic data are used to target individuals and groups. For years, such data have been used to subject these communities to unfair treatment through predatory online marketing and other harmful practices. At best, the agency has given lip-service to these issues in the past, but has yet to take any meaningful action.[17]Failing our children, COPPA enforcement, and teens: CDD (along with Fair Play and Common Sense Media) is also filing comments in this docket on these issues. But we want to underscore that despite our repeated calls for action, the commission has never done anything to protect adolescents. Consequently, when someone turns 13 in the U.S., they are swept into the commercial surveillance marketing system that negatively affects every adult in the U.S.[18]Where we are today: Every day brings advances in the capabilities of commercial surveillance, led by the giant entities that dominate the marketplace, along with their affiliates. As we noted earlier, AI and machine-learning-based data analytic and targeting operations are routine for the commercial surveillance apparatus. And now the industry is poised to add what is known as “emotional intelligence,” a sophisticated new enhancement to ascertain and “understand how people feel in order to make AI more emotionally aware. There will be a shift from passive and grey interaction with AI, to an understanding of not only the cognitive, but also the emotive, channels of human interaction.”[19] Surveillance applications are also shaping the Internet of Things, the metaverse, and “over-the-top” streaming video as well.[20]We urge the commission to act on this petition, as well as calls by civil rights, consumer and privacy groups that it engage in a comprehensive rulemaking that will help promote competition, data protection, fairness and civil rights online. [1] We especially want to single out two individuals whose leadership role in all these years has been so critical, including with the FTC. Marc Rotenberg, who created and led the Electronic Privacy Information Center for decades, has been at the forefront of these and other key digital democracy issues since the earliest days of the internet. Ed Mierzwinski, now senior director, Federal Consumer Program, U.S. PIRG, understood that the same commercial forces that had undermined consumer rights in the “analog” world was doing so online as well. [2] So-called consumer data platforms and similar technologies permeate the corporate environment. See, for example, Mariah Cooper, “PepsiCo Launches Data Practice to Help Food and Beverage Retailers Grow,” Campaign, 9 Sept. 2021, /article/pepsico-launches-data-practice-to-help-food-and-beverage-retailers-grow/472436; Josh Wolf, “Where Does a Customer Data Platform Fit in With My AWS Data Lake?” AWS Blog, 13 May 2021, /blogs/apn/where-does-a-customer-data-platform-fit-in-with-my-aws-data-lake/; Wavicle Data Solutions, “Global QSR Uses Micro-segmentation to Improve Customer Engagement and Sales,” Dec. 2020, /wp-content/uploads/2020/12/Quick_Service_Restaurant_Customer_360_032421.pdf. [3] Federal Trade Commission, “Privacy in the Electronic Age,” The Privacy & American Business Conference, Washington, D.C., 1 Nov. 1995, /public-statements/1995/11/privacy-electronic-age.[4] Federal Trade Commission, “Staff Report: Public Workshop on Consumer Privacy on the Global Information Infrastructure” Dec. 1996, /reports/staff-report-public-workshop-consumer-privacy-global-information-infrastructure; Federal Trade Commission, About Privacy: Protecting the Consumer on the Global Information Infrastructure,” 8 Dec. 1998, /public-statements/1998/12/about-privacy-protecting-consumer-global-information-infrastructure; “Privacy in the Electronic Age.” See also Jeff Chester’s comments in U.S. Department of Commerce and Federal Trade Commission, “Public Workshop on Online Profiling, Washington, D C, 8 Nov. 1999, /sites/default/files/documents/public_events/online-profiling-public-workshop/online.pdf. [5] See especially the digital marketing industry fundamental paradigm laid out in Don Peppers and Martha Rogers, The One to One Future (New York: Crown Business, 1993); see also, Jeff Chester, Digital Destiny: New Media and the Future of Democracy (New York: The New Press, 2008). [6] See, for example, Federal Trade Commission, “Privacy Online: A Report to Congress,” June 1998. /sites/default/files/documents/reports/privacy-online-report-congress/priv-23a.pdf; Federal Trade Commission, “FTC Staff Sets Forth Principles For Online Information Collection From Children” 16 July 1997, /news-events/press-releases/1997/07/ftc-staff-sets-forth-principles-online-information-collection. To better understand the campaign developed to enact COPPA, including the industry pushback on teens, see Kathryn C. Montgomery, Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet (Cambridge, MA: 2007). CDD pressed to have “cookies” and other identifiers included as personal information under COPPA. Jeff Chester, “Leading Consumer, Privacy, Child Advocacy & Public Health Groups Call on FTC for Stronger Children's Privacy Safeguards Under COPPA,” Center for Digital Democracy, 25 Sept. 2012, /content/leading-consumer-privacy-child-advocacy-public-health-groups-call-ftc-stronger-childrens. [7] See, for example, Marc Rotenberg, letter to Sen. Jay Rockefeller, Chairman of the Senate Committee of Commerce, Science and Transportation, et al, 5 May 2010, /wp-content/uploads/privacy/facebook/EPIC_FB_FTC_Complaint_Letter.pdf.[8] Jeff Chester and Ed Mierzwinski, “Complaint and Request for Inquiry and Injunctive Relief Concerning Unfair and Deceptive Online Marketing Practices,” Federal Trade Commission, 1 Nov.2006, /sites/default/files/FTCadprivacy_0_0.pdf. CDD and U.S. PIRG filed a supplemental petition a year letter, which included an analysis of advances in behavioral marketing, including through the DoubleClick Advertising Exchange, among others. While the commission staff and commissioners made various proposals, there was no real attempt to address the surveillance ad system. See, for example, , “A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” Dec. 2010, /reports/preliminary-ftc-staff-report-protecting-consumer-privacy-era-rapid-change-proposed-framework.[9] Federal Trade Commission, “Ehavaorial Advertising: Tracking, Targeting & Technology,” meeting transcript, 1 Nov. 2007, pp. 35-36, /sites/default/files/documents/public_events/ehavioral-advertising-tracking-targeting-and-technology/71101wor.pdf. See also, Chester’s comment that “A very sophisticated commercial surveillance system has been put in place,” in Louise Story, “F.T.C. to Review Online Ads and Privacy,” New York Times, 1 Nov. 2007, /2007/11/01/technology/01Privacy.html. [10] Jeff Chester, “CDD, EPIC, USPIRG Opposition to Google/Doubleclick ‘Big Data’ Merger,” Center for Digital Democracy, 11 Sept. 2019, /article/cdd-epic-uspirg-opposition-googledoubleclick-big-data-merger; Roy Mark, “FTC Chair’s Impartiality Questioned,” eWeek, 13 Dec. 2007, /news/ftc-chair-s-impartiality-questioned/; “Conflict of Interest in Google-Doubleclick Merger Review,” EPIC.org, /documents/epic-v-federal-trade-commission/. [11] Tom Krazit, “Consumer Groups Urge Block of Google-AdMob Deal,” CNET, 28 Dec. 2009, /news/consumer-groups-urge-block-of-google-admob-deal/; Jeff Chester, “EPIC and CDD file ‘Unfair and Deceptive’ Practices Complaint at FTC on Facebook/WhatsApp Deal: WhatsApp Users Were Promised Privacy/Now They Will Have Facebook,” Center for Digital Democracy, 6 Mar. 2014, /content/epic-and-cdd-file-unfair-and-deceptive-practices-complaint-ftc-facebookwhatsapp-deal; Jeff Chester, “Big Data Gets Bigger: Consumer and Privacy Groups Call on FTC to Play Greater Role in Data Mergers/Investigation and Public Workshop Needed,” Center for Digital Democracy, 6 Feb. 2015, /content/big-data-gets-bigger-consumer-and-privacy-groups-call-ftc-play-greater-role-data-mergers.[12] “Consumer Groups Petition Federal Trade Commission to Protect Consumers from Mobile Marketing Practices Harmful to Privacy: Complaint Documents the Migration of Data Tracking, Profiling and Targeting to Mobile Phone Devices,” Center for Digital Democracy, 13 Jan. 2009, /mobile-marketing-harmful.[13] Center for Digital Democracy, “Ten Questions that the Federal Trade Commission Should Answer on Cross Device Online Tracking of Individuals,” /system/files/documents/public_comments/2015/11/00061-99851.pdf. For a current example of such tracking, see, for example, LiveRamp, “Measurement: Omnichannel Identity Linking,” /our-platform/cross-channel-measurement/omnichannel-identity-linking/. [14] Center for Digital Democracy and U.S. PIRG, “Cookie Wars, Real-Time Targeting, and Proprietary Self Learning Algorithms: Why the FTC Must Act Swiftly to Protect Consumer Privacy,” FTC Privacy Roundtables – Comment, Project No. P095416, 4 Nov. 2009, /sites/default/files/documents/public_comments/privacy-roundtables-comment-project-no.p095416-544506-00013/544506-00013.pdf. [15] Center for Digital Democracy, U.S. PIRG, Consumer Watchdog, and the World Privacy Forum, “Complaint, Request for Investigation, Public Disclosure, Injunction, and Other Relief: Google, Microsoft, QualityHealth, WebMD, Yahoo, AOL, HealthCentral, Healthline, Everyday Health, and Others Named Below,” FTC filing, 23 Nov. 2010, /sites/default/files/public/2015/101123publiccmptdigitaldemocracy.pdf. This complaint was one of several where CDD also placed a spotlight on social media marketing—another area in which the commission has repeatedly failed. For example, the complaint noted that “new surveillance tools have been developed to monitor conversations among social network users to identify what is being said about a particular issue or product. Marketers then work to insert brand-related messages into the social dialogue, often by identifying and targeting individuals considered brand ‘loyalists’ or ‘influencers….’ Increasingly, advertisers are using Facebook’s marketing apparatus—which is largely invisible to its users—…to … connect to the social communications of a very large pool of consumers.” [16] See, for example, Center for Digital Democracy, “Facebook’s Misleading Data and Marketing Policies and Practices,” Oct. 2013, /sites/default/files/field/public-files/2019/ftcfacebookdatapracticesfinal1013.pdf.[17] See for example, Jeff Chester, “Digital Target Marketing to African Americans, Hispanics and Asian Americans: A New Report,” Center for Digital Democracy,18 Feb. 2013, /content/digital-target-marketing-african-americans-hispanics-and-asian-americans-new-report; Center for Digital Democracy, “In the Matter of ‘Privacy and Security Implications of the Internet of Things,” FTC public workshop filing, 1 June 2013, /sites/default/files/documents/public_comments/2013/07/00006-86145.pdf; Jeff Chester, Kathryn Montgomery, and Lori Dorfman, “Alcohol Marketing in the Digital Age,” May 2010, /sites/default/files/documents/public_comments/alcohol-reports-project-no.p114503-00014%C2%A0/00014-58260.pdf.[18] “Children's Online Privacy.” C-Span, 17 Oct. 2018, /video/?453170-1/childrens-online-privacy; Center for Digital Democracy, “Digital Youth,” /projects/focus/digital-youth.[19] Yasmin Borain, “Marketing Trends for 2022: Technology, Artificial Intelligence and Internet of Things,” WARC, Nov. 2021, /content/article/warc-exclusive/marketing-trends-for-2022-technology-artificial-intelligence-and-internet-of-things/141212 (subscription required).[20] Hannah Murphy, “Facebook Patents Reveal How It Intends to Cash in on Metaverse: Meta Hopes to Use Tiny Human Expressions to Create Virtual World of Personalised Ads,” Financial Times, 17 Jan. 2022, /content/76d40aac-034e-4e0b-95eb-c5d34146f647 (subscription required).surveillanceadvertisingftccdd012622b.pdf
-
Time for the FTC to intervene as marketers create new ways to leverage our “identity” data as cookies “crumble” For decades, the U.S. has allowed private actors to basically create the rules regarding how our data is gathered and used online. A key reason that we do not have any real privacy for digital media is precisely because it has principally been online marketing interests that have shaped how the devices, platforms and applications we use ensnare us in the commercial surveillance complex. The Interactive Advertising Bureau (IAB) has long played this role through an array of standards committees that address everything from mobile devices to big data-driven targeting to ads harnessing virtual reality, to name a few. As this blog has previously covered, U.S. commercial online advertising, spearheaded by Google, the Trade Desk and others, is engaged in a major transformation of how it processes and characterizes data used for targeted marketing. For various reasons, the traditional ways we are profiled and tracked through the use of “cookies” are being replaced by a variety of schemes that enable advertisers to know and take advantage of our identities, but which they believe will (somehow!) pass muster with any privacy regulations now in force or potentially enacted. What’s important is that regardless of the industry rhetoric that these approaches will empower a person’s privacy, at the end of the day they are designed to ensure that the comprehensive tracking and targeting system remains firmly in place.As an industry trade organization, the IAB serves as a place to generate consensus, or agreed-upon formats, for digital advertising practices. To help the industry’s search for a way to maintain its surveillance business model approach, it has created what’s called “Project Rearc” to “re-architect digital marketing.” The IAB explains that Project Rearc “is a global call-to-action for stakeholders across the digital supply chain to re-think and re-architect digital marketing to support core industry use cases, while balancing consumer privacy and personalization.” It has set up a number of industry-run working groups to advance various components of this “re-architecting,” including what’s called an “Accountability Working Group.” Its members include Experian, Facebook, Google, Axel Springer, Nielsen, Pandora, TikTok, Nielsen, Publicis, Group M, Amazon, IABs from the EU, Australia, and Canada, Disney, Microsoft, Adobe, News Corp., Roku and many more (including specialist companies with their own “identity” for digital marketing approaches, such as Neustar and LiveRamp).The IAB Rearc effort has put out for “public comment” a number of proposed approaches for addressing elements of the new ways to target us via identifiers, cloud processing, and machine learning. Earlier this year, for example, it released for comment proposed standards on a “Global Privacy Platform;” an “Accountability Platform,” “Best Practices for User-Enabled Identity Tokens,” and a “Taxonomy and Data Transparency Standards to Support seller-defined Audience and Context Signaling.”Now it has released for public comment (due by November 12, 2021) a proposed method to “Increase Transparency Across Entire Advertising Supply Chain for New ID usage.” This proposal involves critical elements on the data collected about us and how it can be used. It is designed to “provide a standard way for companies to declare which user identity sources they use” and “ease ad campaign execution between advertisers, publishers, and their chosen technology providers….” This helps online advertisers use “different identity solutions that will replace the role of the third-party cookie,” explains the IAB. While developed in part for a “transparent supply chain” and to help build “auditable data structures to ensure consumer privacy,” its ultimate function is to enable marketers to “activate addressable audiences.” In other words, it’s all about continuing to ensure that digital marketers are able to build and leverage numerous individual and group identifiers to empower their advertising activities, and withstand potential regulatory threats about privacy violations.The IAB’s so-called public comment system is primarily designed for the special interests whose business model is the mass monetization of all our data and behaviors. We should not allow these actors to define how our everyday experiences with data operate, especially when privacy is involved. The longstanding role in which the IAB and online marketers have set many of the standards for our online lives should be challenged—by the FTC, Congress, state AGs and everyone else working on these issues.We—the public—should be determining our “digital destiny”—not the same people that gave us surveillance marketing in the first place.
-
Blog
The Big Data Merger Gold Rush to Control Your “Identity” Information
Will the DoJ ensure that both competition and consumer protection in data markets are addressed?
There is a digital data “gold rush” fever sweeping the data and marketing industry, as the quest to find ways to use data to determine a person’s “identity” for online marketing becomes paramount. This is triggered, in part, by the moves made by Google and others to replace “cookies” and other online identifiers with new, allegedly pro-privacy data-profiling methods to get the same results. We’ve addressed this privacy charade in other posts. In order to better position themselves in a world where knowing who we are and what we do is a highly valuable global currency, there are an increasing number of mergers and acquisitions in the digital marketing and advertising sector.For example, last week data-broker giant TransUnion announced it is buying identity data company Neustar for $3.1 billion dollars, to further expand its “powerful digital identity capabilities.” This is the latest in TransUnion’s buying spree to acquire data services companies that give it even more information on the U.S. public, including what we do on streaming media, via its 2020 takeovers of connected and streaming video data company Tru Optik (link is external) and the data-management-focused Signal. (link is external)In reviewing some of the business practices touted by TransUnion and Neustar, it’s striking that so little has changed in the decades CDD has been sounding the alarm about the impacts data-driven online marketing services have on society. These include the ever-growing privacy threats, as well as the machine-driven sorting of people and the manipulation of our behaviors. So far, nothing has derailed the commercial Big Data marketing.With this deal, TransUnion is obtaining a treasure trove of data assets and capabilities. For Neustar, “identity is an actionable understanding of who or what is on the other end of every interaction and transaction.” Neustar’s “OneID system provides a single lens on the consumer across their dynamic omnichannel journey.” This involves: (link is external) data management services featuring the collection, identification, tagging, tracking, analyzing, verification, correcting and sorting of business data pertaining to the identities, locations and personal information of and about consumers, including individuals, households, places, businesses, business entities, organizations, enterprises, schools, governments, points of interest, business practice characteristics, movements and behaviors of and about consumers via media devices, computers, mobile phones, tablets and internet connected devices.Neustar keeps close track of people, saying that it knows that “the average person has approximately 15 distinct identifiers with an average of 8 connected devices” (and notes that an average household has more than 45 such distinct identifiers). Neustar has an especially close business partnership with Facebook, (link is external) which enables marketers to better analyze how their ads translate into sales made on and spurred by that platform. Its “Customer Scoring and Segmentation” system enables advertisers to identify and classify targets so they can “reach the right customer with the right message in the right markets.” Neustar has a robust data-driven ad-targeting system called AdAdvisor, which reaches 220 million adults in “virtually every household in the U.S.” AdAdvisor (link is external) “uses past behavior to predict likelihood of future behavior” and involves “thousands of data points available for online targeting” (including the use of “2 billion records a month from authoritative offline sources”). Its “Propensity Audiences” service helps marketers predict the behaviors of people, incorporating such information (link is external) as “customer-level purchase data for more than 230 million US consumers; weekly in-store transaction data from over 4,500 retailers; actual catalog purchases by more than 18 million households”; and “credit information and household-level demographics, used to build profiles of the buying power, disposable income and access to credit a given household has available.” Neustar offers its customers the ability to reach “propensity audiences” in order to target such product categories as alcohol, automotive, education, entertainment, grocery, life events, personal finance, and more. For example, companies can target people who have used their debit or credit cards, by the amount of insurance they have on their homes or cars, by the “level of investable assets,” including whether they have a pension or other retirement funds. One also can discover people who buy a certain kitty litter or candy bar—the list of AdAdvisor possibilities is far-reaching.Another AdAdvisor application, “ElementOne,” (link is external) comprises 172 segments that can be “leveraged in real time for both online and offline audience targeting.” The targeting categories should be familiar to anyone who is concerned about how groups of people are characterized by data-brokers and others. For example, one can select “Segment 058—high income rural younger renters with and without children—or “Segment 115—middle income city older home owners without children; or any Segment from 151-172 to reach “low income” Americans who are renters, homeowners, have or don’t have kids, live in rural or urban areas, and the like.Marketers can also use AdAdvisor to determine the geolocation behaviors of their targets, through partnerships that provide Neustar with “10 billion daily location signals from 250+ million opted-in consumers.” In other words, Neustar knows whether you walked into that liquor store, grocery chain, hotel, entertainment venue, or shop. It also has data on what you view on TV, streaming video, and gaming. And it’s not just consumers who Neustar tracks and targets. Companies can access its “HealthLink Dimensions Doctor Data to target 1.7 million healthcare professionals who work in more than 400 specialties, including acute care, family practice, pediatrics, cardiovascular surgery.”TransUnion is already a global data and digital marketing powerhouse, with operations in 30 countries, 8,000 clients that include 60 of the Fortune 100. What is calls its “TruAudience Marketing Solutions (link is external)” is built on a foundation of “insight into 98% of U.S. adults and more than 127 million homes, including 80 million connected homes.” Its “TruAudience Identity” product provides “a three-dimensional, omnichannel view of individuals, devices and households… [enabling] precise, scalable identity across offline, digital and streaming environments.” It offers marketers and others a method to secure what it terms is an “identity resolution,” (link is external) which is defined as “the process of matching identifiers across devices and touchpoints to a single profile [that] helps build a cohesive, omnichannel view of a consumer….”TransUnion, known historically as one of the Big Three credit bureaus, has pivoted to become a key source for data and applications for digital marketing. It isn’t the only company expanding what is called an “ID Graf (link is external)”—the ways all our data are gathered for profiling. However, given its already vast storehouse of information on Americans, it should not be allowed to devour another major data-focused marketing enterprise.Since this merger is now before the U.S. Department of Justice—as opposed to the Federal Trade Commission—there isn’t a strong likelihood that in addition to examining the competitive implications of the deal, there will also be a focus on what this really means for people, in terms of further loss of privacy, their autonomy and their potential vulnerability to manipulative and stealthy marketing applications that classify and segment us in a myriad of invisible ways. Additionally, the use of such data systems to identify communities of color and other groups that confront historic and current obstacles to their well-being should also be analyzed by any competition regulator.In July, the Biden Administration issued (link is external) an Executive Order on competition that called for a more robust regime to deal with mergers such as TransUnion and Neustar. According to that order, “It is also the policy of my Administration to enforce the antitrust laws to meet the challenges posed by new industries and technologies, including the rise of the dominant Internet platforms, especially as they stem from serial mergers, the acquisition of nascent competitors, the aggregation of data, unfair competition in attention markets, the surveillance of users, and the presence of network effects.”We hope the DOJ will live up to this call to address mergers such as this one, and other data-driven deals that are a key reason why these kind of buyouts happen with regularity. There should also be a way for the FTC—especially under the leadership of Chair Lina Khan—to play an important role evaluating this and similar transactions. There’s more at stake than competition in the data-broker or digital advertising markets. Who controls our information and how that information is used are the fundamental questions that will determine our freedom and our economic opportunities. As the Big Data marketplace undergoes a key transition, developing effective policies to protect public privacy and corporate competition is precisely why this moment is so vitally important. -
Blog
Who is Really “Pushing” Your Online Shopping Cart as You Buy Groceries? It’s Big Data, Machine Learning and Lots of Cash from Advertisers
The FTC and States Should Investigate “Grocery Tech”
Online grocery shopping became a pandemic response necessity for those who could afford it, with revenues to exceed $100 billion (link is external) in 2021. Leading supermarket chains such as Kroger, big box stores like Walmart, online specialist companies such as Instacart, and the ubiquitous Amazon, have all experienced greater demand from the public to have groceries ordered and then quickly delivered or available for pick up. The pandemic has spurred “record” (link is external) downloads of grocery shopping apps from Instacart, Walmart Grocery and Target, among others. Consequently, this marketplace is now rapidly expanding its data collection and digital marketing operations, to generate significant revenues from advertisers and food and beverage brand sponsors.So it’s not a surprise that Instacart’s new (link is external) CEO comes from Facebook (link is external), and the company has also just hired that social network’s former head of advertising. Walmart, Kroger, Amazon and others are also further adding (link is external) adtech and data marketing experts. There has been a spate of announcements involving new grocery-focused alliances to improve the role digital data play in marketing and sales, including by Albertson’s (involving Google (link is external)) (link is external) and Hy-Vee (link is external) (also with Google). Albertson’s (link is external) (which includes the Safeway, Vons and Jewel-Osco divisions) deal with Google is designed to include “shoppable digital maps to make it easier for consumers to find and purchase products online; AI-powered conversation commerce” technologies for shopping, and “predictive grocery list building….” Similarly, Hy-Vee’s work with the Google Cloud will help enable “predictive (link is external) shopping carts,” among other services. (Hy-Vee is also one of the supermarket chains participating in the USDA’s online SNAP (link is external) pilot project, raising questions regarding how its alliance with Google will impact the privacy and well-being of people enrolled in SNAP).All the data that is flowing into these companies, how it is being analyzed, its use by advertisers and product sponsors, and how it impacts the products we see and purchase, should all be subject to scrutiny from consumer protection and privacy regulators.A good example is Instacart. Its Instacart (link is external) Advertising service allows brands to pay to become “featured products” and more (link is external). Featured Product ads are a form of paid search advertising. As Instacart tells its clients, if a consumer is searching (link is external)for “chocolate ice cream” or just “ice cream,” and you have bought such ads, “your product can appear as one of the first products in the search result.” And even after “consumers place an order, we’ll make some suggestions for last-minute additions to the order that the consumer might be interested in. Among these suggestions, the system can include Featured Product ads.”But it’s all the data and connections to their consuming customers that is the real “secret sauce” for Instacart’s ad-targeting and influence operations. The company knows what’s in and out of everyone’s shopping carts, explaining that “Instacart tracks (link is external) the source or ‘path to cart’ for all items purchased through Instacart marketplace, differentiating between three main groups—items bought from search results, browsing departments, aisles, and other discovery areas of Instacart, or from a list of previous purchases, which we call ‘buy it again.’” As it explains, the “Instacart Ads solution (link is external)” offers “a full suite of advertising products that animate the entire customer journey—from search through purchase.” These include opportunities for marketers to become part of “the ‘buy it again’ lists where consumers are shown a list of products that they have bought on previous orders. These can act as reminders of meals or recipes they’ve made before and items they tend to stock up on. Our brand partners can leverage Instacart Ads products to appear on ‘buy it again’ lists so they stay top of mind with their customers and aid in retaining valuable customers.”The company’s advertising blog discusses its use of what is increasingly the most valuable information a company can have—known as “first-party” data, where (allegedly) a consumer has given their consent to have all their information used. Instacart explains (link is external) this data “encompasses intent and purchase signals… from users signed up to an online grocery app,” and that it can be leveraged by its brand and advertising clients. The online ordering company explains that its “rich and diverse data sources” include “access to millions of orders over time from over 600 retail partners, across 45,000 stores, involving millions of households…. [A] tremendously valuable data set…this data is updated every night….” Instacart analyzes this trove of data, including point-of-sale, transaction log and out-of-stock information, to help it zero in on a key goal—to enable its advertisers to better understand and take advantage of what it terms “basket affinities.” In a webinar, Instacart defined (link is external) that concept:Basket affinities helps Instacart, and its brand partners, to create consumer ‘types’, discover product interactions, understand mission-dominant baskets, and identify trigger products — ultimately building a picture of how brands are bought online that we then share with our partners to build a better plan to acquire and retain valuable consumers. The term ‘basket affinity’ covers examining the one-to-one, group-to-group, or many-to-many relationships between products, as well as identifying consumer shopping missions and consumer profiles. [We note that Instacart says it “aggregates and anonymizes” this information. However, given its ability to target individuals, we will rely on regulators to determine how well such personal information is actually handled].Instacart also touts its ability to track the actual impact of advertising on its site, noting that it is a “closed loop” service “where ads are served to consumers in the same ‘space’ any resulting sales occur.” In a blog post (link is external) on how it empowers its advertiser partners, the company notes that Our advertising products provide options that can put their products in front of consumers on every ‘discovery surface’ on the platform to catch their eye when they are in this mode. Plus, our data shows that the majority of add to carts from these discovery surfaces are the first time the consumer has added that item to their cart — meaning it’s a great place for brands to acquire new customers.As with other major data (link is external)-driven digital marketers, Instacart has many grocery tech and ecommerce specialist partners, who provide brands and advertisers with a myriad of ways to promote, sell and otherwise “optimize” their products on its platform (such as Perpetua, (link is external) Tinuiti, (link is external) Skai (link is external) and Commerce IQ, (link is external) to only name several).The dramatic and recent growth of what’s called grocery tech is shaping the way consumers buy products and what prices they may pay. With companies such as Amazon, (link is external) Kroger, (link is external) Walmart, (link is external) Albertson’s (link is external) and Instacart now in essence Big Data-driven digital advertising companies, the public is being subjected to various practices that warrant regulatory scrutiny, oversight and public policy. We call on the Federal Trade Commission and state regulators to act. Among the key questions are how, if at all, are racial, ethnic and income data being used to target a consumer; are health data, including the buying of drugs and over-the-counter medications, being leveraged; and what measurement and performance information is being made available to partners and advertisers? We don’t want to have to “drop” our privacy and autonomy when we shop in the 21st Century. -
Blog
Surveillance Marketing Industry Claims Future of an “Open Internet” Requires Massive Data Gathering
New ways to take advantage of your “identity” raise privacy, consumer-protection and competition issues
The Trade Desk is a leading (link is external) AdTech company, providing data-driven digital advertising services (link is external) to major brands and agencies. It is also playing an outsized role responding to the initiative led by Google (link is external) to create new, allegedly “privacy-friendly” approaches to ad targeting, which include ending the use of what are called “third-party” cookies. These cookies enable the identification and tracking of individuals, and have been an essential building block for surveillance advertising since the dawn (link is external) of the commercial Internet. As we explained in a previous post about the so-called race to “end” the use of cookies, the online marketing industry is engaged in a full-throated effort to redefine how our privacy is conceptualized and privately governed. Pressure from regulators (such as the EU’s GDPR) and growing concerns about privacy from consumers are among the reasons why this is happening now. But the real motivation, in my view, is that the most powerful online ad companies and global brands (such as Google, Amazon and the Trade Desk) don’t need these antiquated cookies anymore. They have so much of our information that they collect directly, and also available from countless partners (such as global brands). Additionally, they now have many new ways to determine who we are—our “identity”—including through the use of AI, machine learning and data clouds (link is external). “Unified ID 2.0” is what The Trade Desk calls its approach to harvesting our identity information for advertising. Like Google, they claim to be respectful of data protection principles. Some of the most powerful companies in the U.S. are supporting the Unified ID standard, including Walmart, Washington Post, P&G, Comcast, CBS, Home Depot, Oracle, and Nielsen. But more than our privacy is at stake as data marketing giants fight over how best to reap the financial rewards (link is external) of what is predicted eventually to become a trillion dollar global ad marketplace. This debate is increasingly focused on the very future of the Internet itself, including how it is structured and governed. Only by ensuring that advertisers can continue to successfully operate powerful data-gathering and ad-targeting systems, argues Trade Desk CEO Jeff Green, can the “Open (link is external) Internet” be preserved. His argument, of course, is a digital déjà vu version of what media moguls have said in the U.S. dating back to commercial radio in the 1930’s. Only with a full-blown, ad-supported (and regulation-free) electronic media system, whether it was broadcast radio, broadcast TV, or cable TV, could the U.S. be assured it would enjoy a democratic and robust communications environment. (I was in the room at the Department of Commerce back in the middle 1990’s when advertisers were actually worried that the Internet would be largely ad-free; the representative from P&G leaned over to tell me that they never would let that happen—and he was right.) Internet operations are highly influenced to serve the needs of advertisers, who have reworked its architecture to ensure we are all commercially surveilled. For decades, the online ad industry has continually expanded ways to monetize our behaviors, emotions, location and much more. (link is external) Last week, The Trade Desk unveiled its latest iteration using Unified ID 2.0—called Solimar (see video (link is external) here). Solimar uses “an artificial intelligence tool called Koa (link is external), which makes suggestions” to help ensure effective marketing campaigns. Reflecting the serial partnerships that operate to provide marketers with a gold mine of information on any individual, The Trade Desk has a “Koa Identity (link is external) Alliance,” a “cross-device graph that incorporates leading and emerging ID solutions such as LiveRamp Identity Link, Oracle Cross Device, Tapad (link is external) Device Graph, and Adbrain Device Graf.” This system, they say, creates an effective way for marketers to develop a data portrait of individual consumers. It’s useful to hear what companies such as The Trade Desk say as we evaluate claims that “big data” consumer surveillance operations are essential for a democratically structured Internet. In its most recent Annual Report (link is external), the company explains that “Through our self-service, cloud-based platform, ad buyers can create, manage, and optimize more expressive data-driven digital advertising campaigns across ad formats and channels, including display, video, audio, in-app, native and social, on a multitude of devices, such as computers, mobile devices, and connected TV (‘CTV’)…. We use the massive data captured by our platform to build predictive models around user characteristics, such as demographic, purchase intent or interest data. Data from our platform is continually fed back into these models, which enables them to improve over time as the use of our platform increases.” And here’s how The Trade Desk’s Koa’s process is described in the trade publication Campaign (link is external) Asia: …clients can specify their target customer in the form of first-party or third-party data, which will serve as a seed audience that Koa will model from to provide recommendations. A data section provides multiple options for brands to upload first-party data including pixels, app data, and IP addresses directly into the platform, or import data from a third-party DMP or CDP. If a client chooses to onboard CRM data in the form of email addresses, these will automatically be converted into UID2s. Once converted, the platform will scan the UID2s to evaluate how many are ‘active UID2s’, which refers to how many of these users have been active across the programmatic universe in the past week. If the client chooses to act on those UID2s, they will be passed into the programmatic ecosystem to match with the publisher side, building the UID2 ecosystem in tandem. For advertisers that don't have first-party data… an audiences tab allows advertisers to tap into a marketplace of second- and third-party data so they can still use interest segments, purchase intent segments and demographics. In other words, these systems have a ton of information about you. They can easily get even more data and engage in the kinds of surveillance advertising that regulators (link is external) and consumer (link is external) advocates around the world are demanding be stopped. There are now dozens of competing “identity solutions”—including those from Google, Amazon (link is external), data brokers (link is external), telephone (link is external) companies, etc. (See visual at bottom of page here (link is external)). The stakes here are significant—how will the Internet evolve in terms of privacy, and will its core “DNA” be ever-growing forms of surveillance and manipulation? How do we decide the most privacy-protective ways to ensure meaningful monetization of online content—and must funding for such programming only be advertising-based? In what ways are some of these identity proposals a way for powerful platforms such as Google to further expand its monopolistic control of the ad market? These and other questions require a thoughtful regulator in the U.S. to help sort this out and make recommendations to ensure that the public truly benefits. That’s why it’s time for the U.S. Federal Trade Commission to step in. The FTC should analyze these advertising-focused identity efforts; assess their risks and the benefits; address how to govern the collection and use of data where a person has supposedly given permission to a brand or store to use it (known as “first-party” data). A key question, given today’s technologies, is whether meaningful personal consent for data collection is even possible in a world driven by sophisticated and real-time AI systems that personalize content and ads? The commission should also investigate the role of data-mining clouds and other so-called “clean” rooms where privacy is said to prevail despite their compilation of personal information for targeted advertising. The time for private, special interests (and conflicted) actors to determine the future of the Internet, and how our privacy is to be treated, is over. -
To watch the full FTC Dark Patterns Workshop online visit the FTC website here (link is external).
-
Blog
Contextual Advertising—Now Driven by AI and Machine Learning—Requires Regulatory Review for Privacy and Marketing Fairness
Contextual Advertising—Now Driven by AI and Machine Learning—Requires Regulatory Review for Privacy and Marketing FairnessWhat’s known as contextual advertising is receiving a big boost from marketers and some policymakers, who claim that it provides a more privacy-friendly alternative to the dominant global surveillance-based “behavioral” marketing model. Google’s plans to eliminate cookies and other third-party trackers used for much of online ad delivery are also spurring greater interest in contextual marketing, which is being touted especially as safe for children.Until several years ago, contextual ads meant that you would see an ad based on the content of the page you were on—so there might be ads for restaurants on web pages about food, or cars would be pitched if you were reading about road trips. The ad tech involved was basic: keywords found on the page would help trigger an ad.Today’s version of what’s called “contextual intelligence (link is external), “Contextual 2.0 (link is external),” or Google’s “Advanced Contextual (link is external)” is distinct. Contextual marketing uses artificial intelligence (AI (link is external)) and machine learning technologies, including computer vision and natural language processing, to provide “targeting precision.” AI-based techniques, the industry explains, allow marketers to read “between the lines” of online content. Contextual advertising is now capable of comprehending “the holistic and subtle meaning of all text and imagery,” enabling predictions and decisions on ad design and placement by “leveraging deep neural (link is external) networks” and “proprietary data sets.” AI is used to decipher the meaning of visuals “on a massive scale, enabling advertisers to create much more sophisticated links between the content and the advertising.” Computer vision (link is external) technologies identify every visual element, and “natural language processing” minutely classifies all the concepts found on each page. Millions of “rules (link is external)” are applied in an instant, using software that helps advertisers take advantage of the “multiple meanings” that may be found on a page.For example, one leading contextual marketing company, GumGum (link is external), explains that its “Verity” algorithmic and AI-based service “combines natural language processing with computer vision technology to execute a multi-layered reading process. First, it finds the meat of the article on the page, which means differentiating it from any sidebar and header ads. Next, it parses the body text, headlines, image captions with natural language processing; at the same time, it uses computer vision to parse the main visuals.… [and then] blends its textual and visual analysis into one cohesive report, which it then sends off to an adserver,” which determines whether “Verity’s report on a given page matches its advertisers campaign criteria.”Machine learning also enables contextual intelligence services to make predictions about the best ways to structure and place marketing content, taking advantage of real-time events and the ways consumers interact with content. It enables segmentation of audience targets to be fine-tuned. It also incorporates a number of traditional behavioral marketing concepts, gathering a range of data “signals (link is external)” that ensure more effecting targeting. There are advanced measurement (link is external) technologies; custom methods to influence what marketers term our “customer journey,” structuring ad-buying in similar ways to behavioral, data-driven approaches, as “bids” are made to target—and retarget—the most desirable people. And, of course, once the contextual ad “works” and people interact with it, additional personal and other information is then gathered.Contextual advertising, estimated to generate (link is external) $412 billion in spending by 2025, requires a thorough review by the FTC and data regulators. Regulators, privacy advocates and others must carefully examine how the AI and machine-learning marketing systems operate, including for Contextual 2.0. We should not accept marketers’ claims that it is innocuous and privacy-appropriate. We need to pull back the digital curtain and carefully examine the data and impact of contextual systems. -
Blog
The Whole World will Still be Watching You: Google & Digital Marketing Industry “Death-of-the-Cookie” Privacy Initiatives Require Scrutiny from Public Policymakers
The Whole World will Still be Watching You: Google & Digital Marketing Industry “Death-of-the-Cookie” Privacy Initiatives Require Scrutiny from Public Policymakers Jeff Chester One would think, in listening to the language used by Google, Facebook, and other ad and data companies to discuss the construction and future of privacy protection, that they are playing some kind of word game. We hear terms (link is external) such as “TURTLEDOVE,” “FLEDGE,” SPARROW and “FLoC.” Such claims should be viewed with skepticism, however. Although some reports make it appear that Google and its online marketing compatriots propose to reduce data gathering and tracking, we believe that their primary goal is still focused on perfecting the vast surveillance system they’ve well-established. A major data marketing industry effort is now underway to eliminate—or diminish—the role of the tracking software known as “third-party” cookies. Cookies were developed (link is external) in the very earliest days of the commercial “World Wide Web,” and have served as the foundational digital tether connecting us to a sprawling and sophisticated data-mining complex. Through cookies—and later mobile device IDs and other “persistent” identifiers—Google, Facebook, Amazon, Coca-Cola and practically everyone else have been able to surveil and target us—and our communities. Tracking cookies have literally helped engineer a “sweet spot (link is external)” for online marketers, enabling them to embed spies into our web browsers, which help them understand our digital behaviors and activities and then take action based on that knowledge. Some of these trackers—placed and used by a myriad (link is external) of data marketing companies on various websites—are referred to as “third-party” cookies, to distinguish them from what online marketers claim, with a straight face, are more acceptable forms of tracking software—known as “first-party” cookies. According to the tortured online advertiser explanation, “first-party” trackers are placed by websites on which you have affirmatively given permission to be tracked while you are on that site. These “we-have-your-permission-to-use” first-party cookies would increasingly become the foundation for advances in digital tracking and targeting. Please raise your hand if you believe you have informed Google or Amazon, to cite the two most egregious examples, that they can surveil what you do via these first-party cookies, including engaging in an analysis of your actions, background, interests and more. What the online ad business has developed behind its digital curtain—such as various ways to trigger your response, measure your emotions (link is external), knit together information on device (link is external) use, and employ machine learning (link is external) to predict your behaviors (just to name a few of the methods currently in use)—has played a fundamental role in personal data gathering. Yet these and other practices—which have an enormous impact on privacy, autonomy, fairness, and so many other aspects of our lives—will not be affected by the “death-of-the-cookie” transition currently underway. On the contrary, we believe that a case to be made that the opposite is true. Rather than strengthening data safeguards, we are seeing unaccountable platforms such as Google actually becoming more dominant, as so-called “privacy preserving (link is external)” systems actually enable enhanced data profiling. In a moment, we will briefly discuss some of the leading online marketing industry work underway to redefine privacy. But the motivation for this post is to sound the alarm that we should not—once again—allow powerful commercial interests to determine the evolving structure of our online lives. The digital data industry has no serious track record of protecting the public. Indeed, it was the failure of regulators to rein in this industry over the years that led to the current crisis. In the process, the growth of hate speech, the explosion of disinformation, and the highly concentrated control over online communications and commerce—to name only a few— now pose serious challenges to the fate of democracies worldwide. Google, Facebook and the others should never be relied on to defer their principal pursuit of monetization out of respect to any democratic ideal—let alone consumer protection and privacy. One clue to the likely end result of the current industry effort is to see how they frame it. It isn’t about democracy, the end of commercial surveillance, or strengthening human rights. It’s about how best to preserve what they call the “Open Internet.” (link is external)Some leading data marketers believe we have all consented to a trade-off, that in exchange for “free” content we’ve agreed to a pact enabling them to eavesdrop on everything we do—and then make all that information available to anyone who can pay for it—primarily advertisers. Despite its rhetoric about curbing tracking cookies, the online marketing business intends to continue to colonize our devices and monitor our online experiences. This debate, then, is really about who can decide—and under what terms—the fate of the Internet’s architecture, including how it operationalizes privacy—at least in the U.S. It illustrates questions that deserve a better answer than the “industry-knows-best” approach we have allowed for far. That’s why we call on the Biden Administration, the Federal Trade Commission (FTC) and the Congress to investigate these proposed new approaches for data use, and ensure that the result is truly privacy protective, supporting democratic governance and incorporating mechanisms of oversight and accountability. Here’s a brief review (link is external) of some of the key developments, which illustrate the digital “tug-of-war” ensuing over the several industry proposals involving cookies and tracking. In 2019, Google announced (link is external) that it would end the role of what’s known as “third-party cookies.” Google has created a “privacy sandbox (link is external)” where it has researched various methods it claims will protect privacy, especially for people who rely on its Chrome browser. It is exploring “ways in which a browser can group together people with similar browsing habits, so that ad tech companies can observe the habits of large groups instead of the activity of individuals. Ad targeting could then be partly based on what group the person falls into.” This is its “Federated Learning of Cohorts (FLoC) approach, where people are placed into “clusters” based on the use of “machine learning algorithms” that analyze the data generated from the sites a person visited and their content. Google says these clusters would “each represent thousands of people,” and that the “input features” used to generate the targeting algorithm, such as our “web history,” would be stored on our browsers. There would be other techniques deployed, to add “noise” to the data sets and engage in various “anonymization methods” so that the exposure of a person’s individual information is limited. Its TURTLEDOVE initiative is designed to enable more personalized targeting, where web browsers will be used to help ensure our data is available for the real-time auctions that sell us to advertisers. The theory is that by allowing the data to remain within our devices, as well using clusters of people for targeting, our privacy is protected. But the goal of the process— to have sufficient data and effective digital marketing techniques—is still at the heart of this process. Google recently (link is external) reported that “FLoC can provide an effective replacement signal for third-party cookies. Our tests of FLoC to reach in-market and affinity Google Audiences show that advertisers can expect to see at least 95% of the conversions per dollar spent when compared to cookie-based advertising.” Google’s 2019 announcement caused an uproar in the digital marketing business. It was also perceived (correctly, in my view) as a Google power grab. Google operates basically as a “Walled Garden (link is external)” and has so much data that it doesn’t really need third-party data cookies to hone in on its targets. The potential “death of the cookie” ignited a number of initiatives from the Interactive (link is external) Advertising Bureau, as well as competitors (link is external) and major advertisers, who feared that Google’s plan would undermine their lucrative business model. They include such groups as the Partnership for Addressable Media (PRAM), (link is external) whose 400 members include Mastercard, Comcast/NBCU, P&G, the Association of National Advertisers, IAB and other ad and data companies. PRAM issued a request (link is external) to review proposals (link is external) that would ensure the data marketing industry continues to thrive, but could be less reliant on third-party cookies. Leading online marketing company Trade Desk is playing a key role here. It submitted (link is external) its “United ID 2.0 (link is external),” plan to PRAM, saying that it “represents an alternative to third party cookies that improves consumer transparency, privacy and control, while preserving the value exchange of relevant advertising across channels and devices.” There are also a number of other ways now being offered that claim both to protect privacy yet take advantage of our identity (link is external), such as various collaborative (link is external) data-sharing efforts. The Internet standards groups Worldwide Web Consortium (W3C) has created (link is external) a sort of neutral meeting ground where the industry can discuss proposals and potentially seek some sort of unified approach. The rationale for the [get ready for this statement] “Improving Web Advertising Business Group goal is to provide monetization opportunities that support the open web while balancing the needs of publishers and the advertisers that fund them, even when their interests do not align, with improvements to protect people from the individual and societal impacts of tracking content consumption over time.” Its participants (link is external) are another “Who’s Who” in data-driven marketing, including Google, AT&T, Verizon, NYT, IAB, Apple, Group M, Axel Springer, Facebook, Amazon, Washington Post, Verizon, and Criteo. DuckDuckGo is also a member (and both Google and Facebook have multiple representatives in this group). The sole NGO listed as a member is the Center for Democracy and Technology. W3Cs ad business group has a number of documents (link is external) about the digital marketing business that illustrate why the issue of the future of privacy and data collection and targeting should be a public—and not just data industry—concern. In an explainer (link is external) on digital advertising, they make the paradigm so many are working to defend very clear: Marketing’s goal can be boiled down to the "5 Rights": Right Message to the Right Person at the Right Time in the Right Channel and for the Right Reason. Achieving this goal in the context of traditional marketing (print, live television, billboards, et al) is impossible. In digital realm, however, not only can marketers achieve this goal, they can prove it happened. This proof is what enables marketing activities to continue, and is important for modern marketers to justify their advertising dollars, which ultimately finance the publishers sponsoring the underlying content being monetized.” Nothing I’ve read says it better. Through a quarter century of work to perfect harvesting our identity for profit, the digital ad industry has created a formidable complex of data clouds (link is external), real-time ad auctions, cross-device tracking tools and advertising techniques (link is external) that further commodify our lives, shred our privacy, and transform the Internet into a hall of mirrors that can amplify our fears and splinter democratic norms. It’s people, of course, who decide how the Internet operates—especially those from companies such as Google, Facebook, Amazon, and those working for trade groups as the IAB. We must not let them decide how cookies may or may not be used or what new data standard should be adopted by the most powerful corporate interests on the planet to profit from our “identity.” It’s time for action by the FTC and Congress. Part 1. (1)For the uninitiated, TURTLEDOVE stands for “Two Uncorrelated Requests, Then Locally-Executed Decision On Victory”; FLEDGE is short for “First Locally-Executed Decision over Groups Experiment”; SPARROW is “Secure Private Advertising Remotely Run On Webserver”; and FLoC is “Federated Learning of Cohorts”). (2) In January 2021, the UK’s Competition and Markets Authority (CMA) opened up an investigation (link is external) into Google privacy sandbox and cookie plans. -
The Center for Digital Democracy (CDD) announced today its opposition to the California Privacy Rights Act (CPRA), also known as Proposition 24 (link is external), which will appear on the November 2020 California general election ballot. CDD has concluded that Prop 24 does not sufficiently strengthen Californians’ privacy and may, in fact, set a new, low, and thus dangerous standard for privacy protection in the U.S. We need strong and bold privacy legislation, not weaker standards and tinkering at the margins. We need digital privacy safeguards that address the fundamental drivers of our eroding privacy, autonomy, and that redress the growing levels of racial and social inequity. We need rules that go to the heart of the data-driven business model and curtail the market incentives that have created the deplorable state of affairs we currently face. What we need are protections that significantly limit data uses that undermine our privacy, increase corporate manipulation and exploitation, and exacerbate racial and economic inequality. We need default privacy settings that limit the sharing and selling of personal information, and the use of data for targeted advertising, personalized content, and other manipulative practices. We need to ensure privacy for all and limit any pay-for-privacy schemes that entice the most vulnerable to give up their privacy. In other words, we need to limit harmful data-use practices by default, and place the interests of consumers above market imperatives by allowing only those data practices that are not harmful to individuals, groups, and society at large. Prop 24 does none of that. Specifically, Prop 24 continues on the path of a failed notice-and-choice regime, allowing the much more powerful companies to set unfair terms. Instead, privacy legislation should focus on strong default settings and data-use practices that are allowable (“permissible uses”) and prohibiting all others. These safeguards should be in place by default, rather than forcing consumers to opt out of invasive advertising. Prop 24, in contrast, does not provide effective data-use limitations; instead it continues to limit data sharing and selling via an opt-out, rather than declaring them to be impermissible uses, or at minimum requiring an opt-in for such practices. Even “sensitive data” under Prop 24 is protected only via a consumer-initiated opt-out, rather than prohibiting the use of sensitive personal data altogether. Equally concerning, Prop 24 would expand rather than limit pay-for-privacy schemes. Under the terms of Prop 24, corporations are still allowed to charge a premium (or eliminate a discount) in exchange for privacy. Consumers shouldn’t be charged higher prices or be discriminated against simply for exercising their privacy rights. This provision of Prop 24 is particularly objectionable, as it tends to harm vulnerable populations, people of color, and the elderly by creating privacy “haves” and “have-nots,” further entrenching other, existing inequities as companies would be able use personal data to profile, segment, and discriminate in a variety of areas. There are many other reasons that CDD objects to Prop 24, chief among them that this flawed measure - employs an outdated concept of “sensitive data” instead of focusing on sensitive data uses; - fails to rein in the growing power of data brokers that collect and analyze personal data from a variety of sources, including public data sets, for sale to marketers; - does not employ strong enough data minimization provisions to limit data collection, use and disclosure only to what is necessary to provide the service requested by the consumer; - undermines consumer efforts to seek enforcement of privacy rights by neglecting to provide full private right-of-action provisions; and - unnecessarily delays its protection of employee privacy.