News

The Federal Trade Commission has issued a powerful and disturbing privacy wake-up call. The report reveals the largely invisible Big Data-driven complex that regularly spies on every American, comprehensively following our activities both online and off. It delivers a critical “black eye” to the data-broker industry, which has cynically expanded its surveillance on Americans without regard to their privacy. Unlike the White House’s Big Data reports issued earlier this month, the FTC study provides a much more realistic—and chilling—analysis of an out-of-control digital data collection industry. However, the commission’s calls for greater transparency and consumer control are insufficient. The real problem is that data brokers—including Google and Facebook—have embraced a business model designed to collect and use everything about us and our friends—24/7. Legislation is required to help stem the tide of business practices purposefully designed to make a mockery of the idea of privacy for Americans.******Here are the key findings from the FTC report that illustrate how the data industry requires major reform:VIII. FINDINGS AND RECOMMENDATIONS This report reflects the information provided in response to the Orders issued to nine data brokers, information gathered through follow-up communications and interviews, and information gathered through publicly available sources. Based primarily on these materials about a cross-section of data brokers, the Commission makes the following findings and recommendations: A. Findings 1. Characteristics of the Industry ⊲⊲ Data Brokers Collect Consumer Data from Numerous Sources, Largely Without Consumers’ Knowledge: Data brokers collect data from commercial, government, and other publicly available sources. Data collected could include bankruptcy information, voting registration, consumer purchase data, web browsing activities, warranty registrations, and other details of consumers’ everyday interactions. Data brokers do not obtain this data directly from consumers, and consumers are thus largely unaware that data brokers are collecting and using this information. While each data broker source may provide only a few data elements about a consumer’s activities, data brokers can put all of these data elements together to form a more detailed composite of the consumer’s life. ⊲⊲ The Data Broker Industry is Complex, with Multiple Layers of Data Brokers Providing Data to Each Other: Data brokers provide data not only to end-users, but also to other data brokers. The nine data brokers studied obtain most of their data from other data brokers rather than directly from an original source. Some of those data brokers may in turn have obtained the information from other data brokers. Seven of the nine data brokers in the Commission’s study provide data to each other. Accordingly, it would be virtually impossible for a consumer to determine how a data broker obtained his or her data; the consumer would have to retrace the path of data through a series of data brokers. ⊲⊲ Data Brokers Collect and Store Billions of Data Elements Covering Nearly Every U.S. Consumer: Data brokers collect and store a vast amount of data on almost every U.S. household and commercial transaction. Of the nine data brokers, one data broker’s database has information on 1.4 billion consumer transactions and over 700 billion aggregated data elements; another data broker’s database covers one trillion dollars in consumer transactions; and yet another data broker adds three billion new records each month to its databases. Most importantly, data brokers hold a vast array of information on individual consumers. For example, one of the nine data brokers has 3000 data segments for nearly every U.S. consumer. ⊲⊲ Data Brokers Combine and Analyze Data About Consumers to Make Inferences About Them, Including Potentially Sensitive Inferences: Data brokers infer consumer interests from the data that they collect. They use those interests, along with other information, to place consumers in categories. Some categories may seem innocuous such as “Dog Owner,” “Winter Activity Enthusiast,” or “Mail Order Responder.” Potentially sensitive categories include those that primarily focus on ethnicity and income levels, such as “Urban Scramble” and “Mobile Mixers,” both of which include a high concentration of Latinos and African Americans with low incomes. Other potentially sensitive categories highlight a consumer’s age such as “Rural Everlasting,” which includes single men and women over the age of 66 with “low educational attainment and low net worths,” while “Married Sophisticates” includes thirty-something couples in the “upper-middle class . . . with no children.” Yet other potentially sensitive categories highlight certain health-related topics or conditions, such as “Expectant Parent,” “Diabetes Interest,” and “Cholesterol Focus.” ⊲⊲ Data Brokers Combine Online and Offline Data to Market to Consumers Online: Data brokers rely on websites with registration features and cookies to find consumers online and target Internet advertisements to them based on their offline activities. Once a data broker locates a consumer online and places a cookie on the consumer’s browser, the data broker’s client can advertise to that consumer across the Internet for as long as the cookie stays on the consumer’s browser. Consumers may not be aware that data brokers are providing companies with products to allow them to advertise to consumers online based on their offline activities. Some data brokers are using similar technology to serve targeted advertisements to consumers on mobile devices.

Statement from Hudson Kingston, CDD Legal Director: CDD filed comments with the FTC on a proposed new COPPA safe harbor that would be run by iKeepSafe. The COPPA Rule allows entities that want to become a safe harbor to apply to formally certify that “operators” covered by the law are complying with all of its requirements. As such, it is imperative that each safe harbor ensure compliance by participating companies. CDD’s comments outline two major deficiencies in the application: the application, far from proving that the safe harbor will be properly staffed and show the requisite expertise and technical skill needed to do the job, suggests that this safe harbor is incapable of doing the job, since it does not demonstrate necessary expertise and institutional capacity to apply COPPA; secondly, the application is not as stringent as the COPPA Rule because it weakens operators’ legal duties and potentially muddles key regulatory standards. Such changes in operators’ COPPA duties making them less stringent or ambiguous suggests a safe harbor could be planning to provide lesser protection than the law—the COPPA Rule forbids such backsliding. “FTC should not approve safe harbor applications unless it is absolutely clear that the proposed safe harbor will provide equal or better protection of children’s information than the COPPA Rule, and this proposed system would fall far short of the standard,” said CDD’s legal director, Hudson Kingston. “Unless the existing and new safe harbors are held to an exacting standard the law will be undercut by inadequate enforcement—as the agency responsible for COPPA, FTC must not allow self regulation to work against its intended purpose.” and from Jeff Chester: Beyond the technical matters we raise in the attached comments, I also want to point out a few other issues. First, iKeepSafe claims on its website they "partner" (link is external)with the Federal Trade Commission. Here's what they say: NATIONAL GOVERNMENT PARTNERS FEDERAL TRADE COMMISSION (FTC) iKeepSafe is a contributor to the FTC’s NetCetera and a member of the Ad Council’s Internet Safety Coalition. As if somehow the Ad Council is the same as the FTC! Such a statement is misleading to parents. It's also noteworthy to point to their "corporate partners," (link is external) many of whom are major digital data collection companies with a stake in the youth targeting industry. They include AOL, (link is external) ATT, (link is external) Comcast, (link is external) Facebook (link is external), Fox (link is external), Google (link is external), McDonald's (link is external), Verizon (link is external)and Yahoo (link is external).

General Mills has changed its privacy policy (link is external) to say, according (link is external) to the New York Times, so consumers now "give up their right to sue the company if they download coupons, “join” it in online communities like Facebook, enter a company-sponsored sweepstakes or contest or interact with it in a variety of other ways.Instead, anyone who has received anything that could be construed as a benefit and who then has a dispute with the company over its products will have to use informal negotiation via email or go through arbitration to seek relief, according to the new terms posted on its site." General Mills uses a wide range of digital media, including Facebook (link is external), mobile marketing (link is external), apps, (link is external) digital discount (link is external)coupons, contests (link is external) to help schools (Boxtops for Education), YouTube (link is external), Twitter, (link is external) specialized "target" marketing to Hispanics (link is external) and more as part of its marketing campaigns. Is it now saying that if a consumer wants to take advantage of any of the online offers that General Mills deliberately promotes, they must give up their consumer rights? And have you looked at its privacy (link is external)policy, where even teens can be targeted online, and which acknowledges that its partners may track you using behavioral eavesdropping tactics? However, this incident helps to uncover how food marketing companies are engaged in largely stealth digital tactics that unfairly collect our information, including from young people. Here are key and revealing excerpts from the General Mills privacy policy: Information we collect We may collect information about you (and the computer or device you use to access our Site) in a variety of ways: You may directly provide information to us You may choose to allow a social networking service to share information with us We may gather other information when you visit our Site or other services, or when you view our online ads We may obtain additional information about you from other sources where permitted by law... Information from social networking services If you choose to access or make use of third-party social networking services (such as Facebook or Twitter), we may receive personal information about you that you have made available to those services, including information about your contacts on those services. For example, some social networking services allow you to push content from our Site to your contacts or to pull information about your contacts so you can connect with them on our Site. Some social networking services also will facilitate your registration or log-in for our Site or enhance or personalize your experience on our Site. Your decision to use a social networking service will always be voluntary. However, you should make sure you are comfortable with the information social networking services may make available to our Site by visiting those services’ privacy policies. Information we gather when you visit our Sites, or when you view our online ads When you visit or use our Sites, or when you view our online ads, we may use cookies, web beacons, or other technologies to collect information about your computer or device and your online activity. The following are examples of the types of information we may collect in this way: Device type (such as desktop, tablet, or mobile device) Browser type (such as Internet Explorer) Operating system (such as Windows) IP address, MAC address, device ID, installed fonts, or similar information Websites or online services you visit before or after our Site Your interaction with our Site (such as the links you click and the pages and items you view) Whether you open or forward our emails or click on elements within these emails Information we may obtain from other sources We may obtain information about you from other sources, such as public databases, other brands and groups within General Mills, data aggregators, and other commercially available sources. This information may include: Name Email address Social networking user IDs Postal address Phone number Age Gender Demographic information Marital status and number and age of children Income level Purchasing behavior Interests, hobbies, and product preferences Interactions with media or advertising Publicly observable activities (such as blogs and online postings) Other information that has been collected by other brands or businesses within the General Mills family of companies... Cookies used for online behavioral advertising – and your choice to opt out Third parties that are involved in serving other companies’ advertising on our sites, or that are involved in determining which advertisements to show you on third-party websites, may use cookies to collect information about your online activities, such as the advertisements you have seen or the websites or pages you have visited, in order to draw inferences about what advertising might be relevant to you. These third parties may use the information gathered through these cookies to show you advertising they believe to be most relevant to you when you visit other websites not belonging to us. This practice is called “online behavioral advertising.” You have the ability to opt out of allowing these third parties to use cookies for online behavioral advertising by clicking here (link is external).

The Federal Trade Commission's Bureau of Consumer Protection sent a letter (link is external) to Facebook and Whatsapp [attached] requiring the companies to honor the latter's privacy promises (no advertising, highly limited data collection etc). Facebook is in the process of acquiring Whatsapp. The Electronic Privacy Information Center (EPIC) and CDD sent (link is external) two letters to the FTC urging the commission to address the privacy implications of the pending merger. The FTC's letter states that [excerpt]: WhatsApp has made a number of promises about the limited nature of the data it collects, maintains, and shares with third parties -promises that exceed the protections currently promised to Facebook users. We want to make clear that, regardless of the acquisition, WhatsApp must continue to honor these promises to consumers. Further, if the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the Federal Trade Commission (FTC) Act and, potentially, the FTC's order against Facebook. Jeff Chester CDD's executive Director said: "We believe that despite claims that they would preserve Whatsapp's more privacy-friendly approach, the ultimate plan was to expand its mobile data collection practices and fully integrate it into Facebook. Facebook's future depends on its ability to successfully grow its mobile advertising, commerce, and payment applications. It did not spend $19 billion without planning to reap huge financial rewards by turning Whatsapp into an effective monetization machine for Facebook. The FTC is to be commended for sending a very strong signal that they will hold Facebook and Whatsapp accountable for their promises. The commission's action has likely spoiled, for now, the plans Facebook has developed to turn its $19b shopping spree into even more digital gold for themselves." News reports say that the FTC has approved Facebook's deal with Whatsapp. But the commission's letter clearly connects the privacy concerns that EPIC and CDD raised that should be addressed in its merger review.

Twenty-eight consumer, child advocacy and public health groups submitted this letter today to President Obama's review on "Big Data" team. Among the groups signing the letter included the African American Colloboraative Obesity Research Network, American Academy of Child & Adolescent Psychiatry, Consumers Union, Children Now, Common Sense Media, CFA, Interfaith Center on Corporate Responsibility, Momsrising, National Consumers League, Praxis Project and Salud America! "A broad coalition of child, public health and consumer advocacy groups have come together to send a strong message that children and adolescents need serious protections in this age of Big Data, " explained CDD's associate director Joy Spencer. "The White House should adopt recommendations that ensure that this vulnerable group is protected from Big Data practices that undermine their health, well being and privacy."

Groups File Report with the White House “Big Data” Review Proceeding Washington, DC: U.S. PIRG Education Fund and the Center for Digital Democracy (CDD) released a comprehensive new report today focused on the realities of the new financial marketplace and the threats and opportunities its use poses to financial inclusion. The report examines the impact of digital technology, especially the unprecedented analytical and real-time actionable powers of “Big Data,” on consumer welfare. The groups immediately filed the report with the White House Big Data review headed by John Podesta, who serves as senior counselor to the President. The White House is to issue a report in April addressing the impact of “Big Data” practices on the public, including the possible need for additional consumer safeguards. In addition to the undeniable convenience of online and mobile banking, explains the report, the new financial environment poses a number of challenges, especially for lower-income consumers. Increasingly, the public confronts an invisible “e-scoring” system that may limit their access to credit and other financial services. “We are being placed under a powerful ‘Big Data’ lens, through which, without meaningful transparency or control, decisions about our financial futures are being decided,” the report explains. “Will big data tools be used to help banks and other financial firms offer lower-cost products that help the unbanked and underbanked join the insured financial system and build assets, or will big data simply make it easier for payday lenders and others seeking to extract money from consumers to win?” asked U.S. PIRG Education Fund Consumer Program Director Ed Mierzwinski. “We intend the report to stimulate a healthy debate among policymakers, industry and consumer and civil rights leaders.” Among the issues examined in the report, “Big Data Means Big Opportunities and Big Challenges: Promoting Financial Inclusion and Consumer Protection in the ‘Big Data’ Financial Era,” are the following:the plight of “underbanked and unbanked consumers,” who face special challenges in the new financial marketplace;the impact of data collection and targeted advertising on all Americans, most of whom have no idea that their personal data shape the offers they receive and the prices they pay online;the use of murky “lead generation” practices, especially by payday lenders and for-profit trade schools, to target veterans and others for high-priced financial and educational products; andthe need for new regulatory oversight to protect consumers from potentially discriminatory and deceptive practices online.The report, co-authored by Ed Mierzwinski, Consumer Program Director of the U.S. PIRG Education Fund, and CDD Executive Director Jeff Chester, reflects on the role that online financial marketing played in the recent economic crisis, and provides a blueprint for how such problems can be avoided in the future. “Technological advances that collect, analyze, and make actionable consumer data,” the report concludes, “are now at the core of contemporary marketing. The public is largely unaware of these changes and there are few safeguards in this new marketplace. Economically vulnerable consumers, and especially youth, will be continually urged to spend their limited resources. Conversely, there are opportunities to use the same tools to urge consumers to budget, save and build assets.” “Consumers increasingly face a far-reaching system that uses data about them to predict and determine the products and services they are offered in the marketplace. Federal safeguards that protect privacy and ensure members of the public are not subject to unfair and discriminatory financial practices are long overdue,” explained CDD’s Jeff Chester. “The White House ‘Big Data’ report should call for strong measures to ensure that the changing financial services marketplace operates in a fair and equitable manner.” A copy of the new report is available at www.democraticmedia.org and www.uspirgedfund.org (link is external) The Center for Digital Democracy is a nonprofit group working to educate the public about the impact of digital marketing on financial services, public health, consumer protection, and privacy. It has played a leading role at the FTC and in Congress to help promote the development of legal safeguards against behavioral targeting and other potentially invasive online data collection practices. U.S. PIRG Education Fund works to protect consumers and promote good government. We investigate problems, craft solutions, educate the public and offer Americans meaningful opportunities for civic participation.

Beginning a more informed discussion on the privacy and consumer protection implications of Facial Recognition Technology: NTIA Privacy Multi-stakeholder Process: The NTIA's present inquiry must be based on a solid foundation that objectively analyzes actual commercial FR developments, places its use in the context of the multi-dimensional and cross-platform contemporary data-driven practices, identifies its implications beyond consumer concerns to reflect upon its broader societal impact (such as civil liberties), and engages with legal frameworks or proposals that have or could address how FR should be properly regulated. Given that the focus of the Commerce Department-led proceeding is to help implement the Obama Administration’s Consumer Privacy Bill of Rights (CPBR), stakeholders should also address how FR should be dealt with in related legislation and identify the specific CPBR principles inherent in such a discussion (such as “Individual Control,” “Respect for Context,” “Accountability,” etc.). To help promote a more informed discussion of actual FR and related biometric data practices, CDD provides this overview on ten of the hundreds that could be cited. The report is attached.

EPIC and CDD filed this at the FTC today. Despite the protestations (link is external)of Whatsapp's founders, they cannot guarantee that Facebook won't eventually incorporate the rich vein of mobile, location and other data that flows from its services. If the Whatsapp founders are truly to commited to its user privacy, we ask them to enter into a voluntary 20 year consent decree with the FTC, placing on the record that they will maintain privacy practices without Facebook interference.

We were pleased to learn that the FTC filed an Amicus brief in the 9th Circuit yesterday to help create the misleading record Facebook created in the so-called "Sponsored Stories" case. CDD, along with Public Citizens and the Children's Advovacy Institute (U of San Diego) have been closely working together on the case, to support an outcome that provides the privacy safeguards teens require. Here's what CDD's attorney Hudson Kingston said about the FTC's filing: "The Federal Trade Commission's brief in this case is a major development for the protection of teenagers' privacy. Facebook's attorneys tried to get this settlement through by using a law meant to protect children to block state law protection of teens – now the agency made clear that this is a wrong reading of the law, this settlement clearly harms teenagers by ignoring their rights under state laws. States play a vital role protecting teens from privacy violations. Settlements that are based on illegality cannot stand. While the agency did not officially support either party, its reading of the law undermines one of Facebook’s key arguments that it can get out of this case without first addressing its weak privacy protections for teens. We hope that the Ninth Circuit accepts this authoritative view and throws out the settlement." The FTC's Amicus is attached. So is the State of California's amicus.

Here's a summary from our attorney Eric Null at Institute for Public Representation, Georgetown University Law Center: CDD filed its initial complaint against Disney and Marvelkids.com in December 2013. Shortly thereafter, Disney updated Marvelkids' nearly two-year-old privacy policy with Disney's company-wide policy. Apparently, Disney thought this would solve its COPPA-related issues, but our investigation shows that it did not. Our review showed multiple deficiencies, including insufficient notice of data collection and use, as well as continued ability to collect and use data for unlawful purposes. Further, its violations include allowing well-known third party behavioral advertisers, such as Omniture and TapJoy, to collect information from Marvelkids.com users--these practices may violate the COPPA Rule. CDD calls on the FTC to take a close look at the new policy and practices, and to investigate Marvelkids.com and all Disney-operated child-directed websites to ensure COPPA compliance. PS: Disney has challenged our complaint, suggesting we are interested in headlines. What CDD is interested in is meaningful compliance with the key law protecting privacy and empowering parents. CDD suggests Disney engage in a more serious review of its digital data collection system--something we expect FTC action to help spur.

Summary: These scores have long been an area of research interest for the non-partisan non-profit organizations U.S. PIRG and the Center for Digital Democracy. The growing use of so-called “e-scores” —a form of invisible (to the consumer) online ratings — can help determine our credit worthiness, “lifetime value,” or even the prices we pay. These e-scores can be used to blacklist or engage in discriminatory practices against individuals or even groups of consumers. We are aware that there are numerous online scores being generated for a variety of generally non-controversial uses, including predicting identity theft or fraud. However, we remain concerned that the largest and most important uses of online scoring are to substitute for the highly-regulated pre-screening regime that for years has governed the use of consumer credit reports for marketing purposes. Its proponents claim that the files developed are not on individual consumers, but on clusters of consumers. Its proponents claim online scores are simply a method for establishing audiences for serving ads. Not subject to the Fair Credit Reporting Act FCRA) regulation, they assert, are scores and other products that identify consumers on an aggregate basis (which for them means information narrowed to a small cluster of households at the ZIP+4 level) or consumers not named by name. We disagree with these representations and commend FTC for its inquiry. For CDD and other comments on this issue, see FTC docket. (link is external)

We urge you to review the attached FTC complaint that was filed today by EPIC (link is external) and CDD. The millions of WhatsApp users who signed up for the service were promised--repeatedly as you will read in the complaint--that the company didn't want to gather and commercialize their data. They posed as the "unFacebook," deriding the commercial surveillance apparatus that lies at the core of contemporary online practices. Yet at the same time they made their public privacy promises, they were being wooed (link is external) by Mark Zuckerberg to join The Circle (link is external)--oops, I mean Facebook. Despite Facebook's denial that WhatsApp and its digital gold mine of mobile numbers, address books, and access to selling all kinds of financial services in real-time won't become part of its Big Data-driven (link is external) advertising machine, one only has to look at what happened with Instagram (link is external) (let alone the track record of the industry). The Dutch and Canadian data protection authorities raised serious questions (link is external) about WhatsApp's own data and privacy policies in January. The Dutch report (attached) provides insights into how WhatsApp operates. The FTC (which will likely review the merger) needs to stand up for privacy and act on the complaint. Otherwise, WhatsApp's users will be merely Facebook customers who have lost their privacy and consumer protection rights.

More than 40 groups sent a letter to President Obama today on the second anniversary of the Administration's promise it would seek a new "Consumer Privacy Bill of Rights." Although the President said in 2012 that "we can't wait" (link is external) for such new safeguards, so far the Administration has failed to deliver proposed legislative language. Civil rights, civil liberties, consumer, privacy and child advocacy groups signed the letter, which urged the President to now fulfill its commitment to advance enforceable rights for the public. The letter is attached. The New York Times editorial board also called (link is external) on the White House to deliver "specific legislative proposals."

Feb. 13, 2014 Facebook Settlement Endangers Kids and Breaks Law in Seven States, Public Interest Groups, Parents Tell 9th Circuit Children’s Privacy Organization Denounces Settlement, Refuses Money WASHINGTON, D.C. – Consumer, children’s safety, digital privacy groups and parents are urging a federal appeals court to toss out a settlement agreement that permits Facebook to use kids’ pictures in ads without the consent of their parents – which is illegal in seven states. In a brief filed today with the U.S. Court of Appeals for the Ninth Circuit, several parents, on behalf of their teenaged children, called on the court to vacate the settlement. “This settlement authorizes Facebook to continue doing what California and six other states specifically prohibit by law: use children’s images for advertising without their parents’ consent,” said Scott Michelman, attorney with Public Citizen, which is representing the parents in challenging the settlement. The other states are Florida, New York, Oklahoma, Tennessee, Virginia and Wisconsin. Margaret Becker of Brooklyn, N.Y., is one of the parents Public Citizen represents. She explained, “I’m fighting this settlement because Facebook shouldn’t be permitted to use my teenage daughter’s image for profit without my consent. The Internet compromises children's privacy in many ways that we parents must grapple with. But this settlement lets Facebook make my daughter a shill and leaves me powerless to stop it.” Added Hudson Kingston, legal director of the Center for Digital Democracy, which is filing an amicus brief supporting the challenge to the settlement, “Teens are unprepared to address the consequences of Facebook’s practice of creating ads with profile information but without their knowledge. If this settlement stands, teens face a serious loss of their privacy and a damaged reputation continuing into adulthood. Research proves teens are not ready for this kind of exposure, and parents’ consent for commercial appropriation is a necessary protection.” Also today, one of the groups designated in the settlement agreement to receive money, the Campaign (link is external)for a Commercial-Free Childhood (CCFC), announced that it was rejecting the money because it opposes the agreement. The group was to receive approximately $290,000 in a “cy pres” award – settlement money distributed to a public interest group whose work relates to the subject of the lawsuit. In a statement, the CCFC explained that the settlement’s supposed protections for minors were “hollow” and “meaningless.” “While we always understood the Fraley settlement agreement as a compromise, we came to understand that it’s worse than no settlement,” said CCFC Director Susan Linn, “Its purported protections are largely illusory, and it will undermine future efforts to protect minors on Facebook. We could do a lot of good with $290,000, but we cannot benefit from a settlement that we now realize conflicts with our mission to protect children from harmful marketing.” The case began with a lawsuit (link is external) filed in 2011 by some Facebook users over the use of their images in ads without their consent and the use of their children’s images without parental consent. If a user “likes” a company that advertises on Facebook, or if she “checks in” (identifies her location) at a restaurant, or uses an application associated with that company, her image may appear next to an ad for the business on Facebook, with text suggesting that she endorses that business. It is unlikely the children or the parents will know it’s going to happen until after it has occurred. Under a settlement that a federal district court approved in August, Facebook will include new language in its terms of service stating that users under age 18 “represent” that their parents consented to the use of the children’s names and images in advertising. The settlement does not require Facebook to obtain consent from the parents. “The capture and republication of teen postings by Facebook is a pernicious assault on their rights to decide where their messages should go,” said Professor Robert Fellmeth, director of the Children’s Advocacy Institute at the University of San Diego School of Law, which is representing another challenger to the settlement.

This letter was sent today to John Holdren, the director of the White House Office of Science and Technology Policy, and was signed by 25 groups. It calls on the White House to include a public comment period as part of its current 90-day "Big Data" review announced by the President during his speech on NSA reforms. It coincides as well with a meeting planned today on the issue led by John Podesta.

When Facebook proposed (link is external) to change its data use practices late last August, we wrote a number of papers to help the FTC. This is one of them, which discusses the company's ad practices and its relationship to its privacy claims. This paper addresses a number of Facebook data use and digital marketing strategies, and their impact on user privacy.

“The Federal Trade Commission’s investigation of Apple sheds light on a growing practice that poses risks to children and families,” commented Jeff Chester, Executive Director of the Center for Digital Democracy. “Children are spending increasing amounts of time with mobile apps, generating potentially huge profits for the rapidly expanding gaming and app industries. In-app purchasing is becoming the dominant business model in many online games and other children’s entertainment content on mobile phones, tablets and gaming devices. Yet the techniques used to trigger these purchases are, in many cases, unfair and deceptive, taking advantage of children’s vulnerabilities. CDD commends today’s action by the commission. However, the agency should conduct a broad investigation of emerging techniques that target children on mobile, gaming and other platforms, and identify a set of industry-wide fair marketing guidelines.” “Today’s decision should be viewed as a first step in a wider initiative to develop clear government rules for protecting children and their families across a spectrum of digital devices,” said Dr. Kathryn Montgomery, Professor of Communication at American University, who led the campaign to enact the Children’s Online Privacy Protection Act (COPPA). “Just as we have principles and rules for safeguarding children’s privacy online, we need a policy for protecting young people and their families from covert and manipulative in-app marketing practices,” she explained. “Requiring app developers to secure informed parental consent before in-app purchases can be made will only address part of the problem. We need a comprehensive set of rules that take into account the cognitive and other developmental needs of children and their vulnerabilities in the digital marketplace.”