CDD

News

  • This letter was sent today to new FTC Chairwoman Edith Ramirez by three-dozen NGOs--including the national leaders in the consumer and privacy fields.
  • As part of the comprehensive system of commercial surveillance tracking us 24/7 wherever we go and do, more companies are integrating offline and purchasing data with online information. But when the largest commercial database of individuals around the world marries (link is external)its user data with the ton of consumer records held by Acxiom, Epsilon, (link is external) Bluekai (link is external) and Datalogix, (link is external) major privacy and consumer protection issues are raised. Acxiom--whose President just told (link is external) the annual meeting of online marketing hotshots that “Data can make you rich,” offers new ways to track and target a user. It just unveiled what it calls its "AbiliTag" system (which will presumably be used by Facebook). Here's how Ad Age describes (link is external) what it can do: "The tag system extends the technology Acxiom uses internally to match its clients' direct mail, email, online cookies and other data sets, now enabling it for ad targeting online and in mobile. The system will eventually be used for digital TV ads also. The approach is not entirely different from offline-to-online database matching that connects an advertiser's data to large sites with registration data such as Yahoo or AOL. However, Acxiom argues that its system goes beyond that approach by allowing sites that don't have registration information to connect advertisers to their customers in digital channels. The idea is to use the Acxiom tag to identify a customer who visits an Acxiom client site, then a publisher partner site." Acxion describes (link is external) AbilTag's benefits to publishers (excerpt): "With AbiliTag publishers can access a growing range of benefits from Acxiom: Provide advertisers access to the richest possible audience information - their audience data along with advertisers’ CRM data (the best targeting data available) and Acxiom’s rich demographic and interest data. Assure the highest quality of integration through Acxiom’s patented real-time audience matching and recognition solution AbiliTag. ... Offer more precise online audience targeting, measurement and attribution to advertisers. Provide Fortune 500 advertisers audience targeting capabilities with data they are already know and understand. Offer secure, scalable and compliant access to 45M+ consumers per month on 60M+ devices. Offer audience portraits utilizing the combined audience data that demonstrate greater insight and added value to advertisers. ... Allow advertisers to leverage insights from offline multivariate consumer prediction models where propensity to purchase, shopper preferences, and LTV are already known." Meanwhile, Facebook is acquiring from its partner Microsoft the online ad analytics and attribution company Atlas (link is external). Here's what Atlas does with Facebook data: "Advertisers create and designate an ad to an engineered audience in Facebook, comprised of various parameters, including demographic and interest-based criteria. The resonance of the message within each audience can then be measured with precision and reported within Atlas. From this, a compelling story can be told. For example, advertisers can gain true insights into the traction their messaging holds in driving acquisition. In addition, by merit of supported impression and view through metrics, latent branding effects can be examined, identifying correlations with consumer behavior weeks to months following exposure to Facebook advertising. Audiences and creative messaging can be constantly refined until the advertiser sees the optimal results they are striving for. Additionally through statistical aggregation the overall performance of social display can be evaluated and pitted against other channels that are competing for credit. Viewing Facebook tracked data through Atlas’s Engagement Mapping (link is external), advertisers can ascertain where Facebook falls within the purchase funnel and make the most informed decisions as a result. The implications of Facebook tracking within Atlas, however, reach far beyond linear performance measurement and standard reporting. The FTC, Senate Commerce Committee, GAO and others examining the impact of Big Data Brokers on privacy and consumer protection should make Facebook's new set of data gethering and targeting alliances a key focus.
  • Statement on Appointment of Edith Ramirez at Chair of the FTC by Jeff Chester, CDD Edith Ramirez cares deeply about consumers and the issues that effect their everyday lives. She is always willing to listen and works hard to find out the facts before making a decision. We have found her to display unique insights on issues critical to consumer welfare and competition. Ms. Ramirez will be a thoughtful and effective leader of an agency that has been strengthened over the last several years to better meet the consumer protection challenges of the 21st Century. Under her leadership, we expect the FTC to blaze new ground on privacy—especially involving mobile devices, digital data brokers and Do Not Track.
  • CDD has obtained a Yahoo! (link is external)lobbying document being given to EU policymakers. Yahoo! is working to undermine pending legislative proposals that would significantly strengthen the rights EU citizens have regarding the collection and use of their information. Entiled "Yahoo! Rationale for Amendments to Draft Data Protection Regulation as Relate to Pseudonymous Data," the document attempts to persaude EU policymakers that the kind of information on users the company (and most others (link is external)) collect to fuel their extensive data profiling and targeting services should--guess--be exempt from the proposed new privacy safeguards. Yahoo! (link is external)is one of the US companies lobbying hard to weaken the EU proposal, which would set a new global standard for Internet privacy protection. Yahoo! (link is external) and others are trying to argue that the vast amounts of data (link is external)used to create targeting profiles on individuals--but which does not contain our name, address or other information that identified us in the pre-Internet era--should be exempt from the proposed safeguards on explicit consent and profiling, for example. Yahoo! (link is external) and other US companies should not be undermining the principled and civil liberties based privacy proposals of the EU. Short-term profits placed before building democratic safeguards for the 21st Century is a shamefully misplaced business model--especially from companies like Google, Facebook, etc. which try and cloak what they do as digital beacons of freedom.
  • Digital marketing, including data collection, profiling, tracking and targeting, pervades the Internet experience. One of the less-discussed areas is the targeting of individuals because of their race or ethnicity. As CDD's new report discusses, multicultural groups are "In the Digital Bullseye," with online advertisers and others focused on reaching African Americans, Hispanics, Asian Americans and others. Data collected on each of us can include our financial status, health concerns, location, spending habits--and also ethnicity and race. Multicultural groups are seen as vitally important markets for advertisers, bringining in new revenues and influencing overall cultural attitudes. But we believe there is a price--including the loss of privacy--with the incorporation of ethnicity and race in the digital marketing paradigm. The juxtaposition of sensitive information linking income, location, and race, for example, can lead to new forms of redlining or discrimination (as our report mentions, during the mortgage subprime boom, people of color were often sold harmful financial products regardless of their actual financial status). That's why's CDD believes that race and ethnicity should be classified as "sensitive" information by policymakers, requiring prior affirmative consent for its use. It should be part of the list of sensitive data categories, which usually includes information about one's finances, health or collected from a child. Let a individual decide whether they want their ethnicity or race to be part of their digital profile--not a Google, Facebook or some other marketer. We acknowledge that there is a positive side to identifying multicultural online users: it helps support a more robust and diverse digital publishing system. However, safeguards for privacy and consumer protection are also required. This is the first in a series of new reports CDD will release in 2013 on digital-consumer protection issues, including on multicultural digital target marketing. PS: See also our latest reporting on targeting Latinos online (link is external).
  • In the European Union, privacy is a fundamental Human Right. So it’s no surprise that leading EU officials are supporting (link is external) a proposal that place citizens and consumers in better control of their information (or, as its called in the EU, ensuring “data protection”). Many in the EU understand the stakes, as today’s digital tracking and profiling technologies enable far-reaching surveillance and influence on individuals. Online marketers, for example, have—in their own words—created a “360 degree” system to gather information on our actions, behaviors, location, relationships, etc. This information is placed in “profiles” which are built using a bevy of personal data and various mathematical algorithms that can be used to make predictions about us (whether, for example, we may be someone economically successful or not). Today, our privacy is further at risk, with marketers and others able to gather our geo-location data (where we are and where we go via our mobile devices); who are friends are and what they are doing (via Facebook and other social media); and where and what we spend (about to be made even more accessible with the growth of “digital wallets” and location-based payment services). The European Commission has proposed, and EU Member of Parliament Jan Philipp Albrecht (link is external)has amended, legislation that creates the global standard for privacy protection. (Albrecht is on the key Civil Liberties, Justice and Home Affairs –LIBE (link is external)--committee). The law would allow an individual to control “profiling” and surveillance done by others on them. This is the kind of safeguard that must threaten the US data collection industry (Google, Facebook, Yahoo and others). For example, the Commission’s draft explains that “…it should be ascertained whether individuals are tracked on the internet with data processing techniques which consist of applying a ‘profile’ to an individual, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.” Albrecht’s amended version ensures that individuals actually control whether information can be collected at all (“In order for processing to be lawful, personal data should be processed on the basis of the specific, informed and explicit consent of the person concerned.”). No wonder the US business lobby, with help from the Obama Administration, is engaged in a campaign to scuttle the EU proposal (Albrecht is quoted as saying the lobbying (link is external) campaign agains (link is external)t the EU privacy proposed law is very extensive). A delegation of leading US NGOs representing consumer, privacy and civil liberties went to Brussels this week to meet with Members of the European Parliament. The US group included the ACLU, Consumer Federation of America, Friends of Privacy USA, CDD and others. Here are the materials we distributed; a Obama Administration document given to EDRI (link is external), the EU digital rights group, as part of the campaign to undermine support for the proposed stronger EU data protection proposals; and the EU privacy proposal and amendments. US Administration and industry attempts to undermine the privacy rights of EU citizens also threaten online users throughout the world. What is needed is a meaningful standard for privacy protection that places people in charge of their information--not massive data brokers or governments. We plan to press the Obama Administration to stand up for privacy over the narrow interests of the digital data collection lobby.
  • The report (link is external)released today by the Federal Trade Commission analyzing expenditures by food and beverage marketers to target both children and teens shows a dramatic increase in the use of digital marketing. According to the report, "spending on new media, such as online, mobile, and viral marketing, increased by 50%." The report also underscored how young people are the target of "integrated" campaigns, pursued across the "4 Screens (link is external)" which marketers now regulary use. Kids are being prompted to "pester" their parents to buy these products, according to industry research uncovered by the Commission. Digital marketing is a powerful medium which utilizes far-reaching tactics designed to promote brands and sell products. The "360 degree" marketing apparatus ensures that even young consumers can be tracked and reached wherever they are--at home, in school, on the street and in stores. Online ads can be bought cheaply--and deliver bigger results than other forms of advertising (think social media viral campaigns where you get so-called friends to promote products to friends). The nation's youth obesity epidemic illustrates that more is needed than just a report. The FTC should convene stakeholders to develop a set of Fair Digital Marketing Practices for Children and Teens. Many of the techniques used by food and beverage marketers and media companies--such as neuromarketing (link is external), peer to peer viral campaigns, and location-based targeting--are not appropriate for youth. Industry will need to take more responsibility. Policymakers, especially the FTC, will need to dig further into how food marketers use digital techniques on America's young people. Regulation is required. Jeff Chester, CDD
  • Leaders of the Effort to Pass COPPA in 1998 Say Parents Should Now Have Greater Control of their Children’s Information Online Digital Media Companies Must Implement New Policies to Protect Children’s Privacy Online Washington, DC: The team of privacy advocates and lawyers responsible for passage of the Children’s Online Privacy Protection Act (COPPA) in the late 1990s expressed strong support for the Federal Trade Commission’s long-awaited release of its updated children’s privacy rules, announced today, while urging regulators to keep a watchful eye on continuing developments in the mobile app and social media industries. “We are at a critical moment in the growth of the children’s digital marketplace,” said Kathryn Montgomery, Professor of Communication at American University, “as social networks, mobile phones and gaming platforms become an increasingly powerful presence in the lives of young people. The new rules should help ensure that companies targeting children throughout the rapidly expanding digital media landscape will be required to engage in fair marketing and data collection practices. We applaud the FTC for its rigorous and comprehensive review of the COPPA rules and for bringing them up to date with industry changes. However, the Commission will need to engage in ongoing monitoring efforts, as well as strong enforcement actions, if the implementation of these rules is to be effective in the long run. The FTC’s recent report on the children’s app market indicates that, even in the midst of an intense public debate over privacy policy, too many companies in this industry have operated with little regard for their legal obligations to children.” “The Commission’s decision today is a major step forward,” said Jeff Chester, Executive Director of the Center for Digital Democracy. “We are especially gratified that this decision puts to rest the longstanding and disingenuous claims by the digital marketing industry that cookies and other persistent identifiers are not personally identifiable information. The revised rules also address the increasingly pervasive use of geolocation, behavioral targeting, and social media data collection. But we are concerned about possible loopholes that could undermine the intent of the rules. CDD plans to continue closely analyzing the emerging marketing and data practices targeted at children--with a sharp focus on app developers and social marketers like Facebook--and will file complaints against any company that violates the new rules.” “I am pleased that the FTC has updated its rules implementing the Children’s Online Privacy Protection Act, as Congress intended, to specifically account for new technologies and marketing practices,” observed Angela Campbell, Director of the Institute for Public Representation at Georgetown University Law Center. “While the revised rules provide significantly greater protections for children, we will monitor industry compliance with the new regulations. Where we find that companies fall short, as we did recently with the Mobbles and SpongeBob Diner Dash apps, we will file additional requests for investigation.” Kathryn Montgomery and Jeff Chester spearheaded the campaign to pass COPPA during the 1990s, leading a coalition of prominent education, health, and consumer groups in a two-year effort, and working closely with Angela Campbell and a team of law students at Georgetown Law’s Institute for Public Representation, which served as legal counsel to the coalition. Although the law took effect in the formative period of Internet marketing, it was purposely designed to adapt to changes in both technology and business practices, with periodic reviews by the FTC to ensure its continued effectiveness. With the expansion of digital media platforms and the growing sophistication of online data collection and profiling, the need for updating the rules became increasingly urgent. Since 2010, the Center for Digital Democracy and a coalition of other consumer and public health organizations have been urging the FTC to update its COPPA rules to encompass the expanding array of digital platforms and marketing services used to reach and target young people. In a letter submitted to the Commissioners last week, more than 50 organizations – including the American Academy of Child and Adolescent Psychiatry, CDD, Common Sense Media, Consumer Federation of America, Consumers Union, the American Academy of Pediatrics, the American Psychological Association, and the American Heart Association – strongly endorsed the agency’s proposed rules, calling for timely action to adopt them. --30--
  • The dramatic growth of the data broker industry, fueled by information on consumers culled from the Internet, social media, mobile phones, and in-store shopping, has created a multitude of all seeing eyes spying on Americans everyday. A digital gold mine of infinite details is harvested about each of us--what we buy, who are friends are, how much we earn, our ethnicity, health concerns, location, etc. For the most part, these records are off limits to consumers, who can't really discover what they say about us--including the likely errors they may contain. Today's action by the FTC (link is external) will unmask this largely stealth consumer surveillance industry. It will shine a powerful regulatory spotlight on such disturbing practices as the use of so-called "e-scores," which are used to signal to others information about our creditworthiness, potential revenues for marketers or even whether our calls for service should be answered first by telephone operators. Our data is sold to the highest commercial bidder in milliseconds, who can use the information for almost any purpose--yet it is unavailable so a consumer can review or challenge it. The data broker business, which now comprises far-reaching partnerships between numerous small and large companies, should not be permitted to operate without ensuring transparency and control to the individual consumer. That's especially important in this era of Big Data shaping our democracy. For a recent analysis of databroker tactics in the digital real-time consumer targeting era, see a paper (link is external)just published by Ed Mierzwinski of USPIRG and Jeff Chester of CDD An example of databroker techniques discussed by Acxiom is attached.
  • The dramatic growth of the data broker industry, fueled by information on consumers culled from the Internet, social media, mobile phones, and in-store shopping, has created a multitude of all seeing eyes spying on Americans everyday. A digital gold mine of infinite details is harvested about each of us--what we buy, who are friends are, how much we earn, our ethnicity, health concerns, location, etc. For the most part, these records are off limits to consumers, who can't really discover what they say about us--including the likely errors they may contain. Today's action by the FTC (link is external) will unmask this largely stealth consumer surveillance industry. It will shine a powerful regulatory spotlight on such disturbing practices as the use of so-called "e-scores," which are used to signal to others information about our creditworthiness, potential revenues for marketers or even whether our calls for service should be answered first by telephone operators. Our data is sold to the highest commercial bidder in milliseconds, who can use the information for almost any purpose--yet it is unavailable so a consumer can review or challenge it. The data broker business, which now comprises far-reaching partnerships between numerous small and large companies, should not be permitted to operate without ensuring transparency and control to the individual consumer. That's especially important in this era of Big Data shaping our democracy. We are also gratified that the FTC asked for databrokers to supply information related to both children and adolescents. For a just published report on digital databroker practices, the FCRA, and consumer protection written by Ed Mierzwinski of USPIRG and Jeff Chester of CDD, go to SSRN. (link is external) For an example of databroker techniques, see attached.
  • Center for Digital Democracy Charges that Nickelodeon’s Mobile SpongeBob Game Violates the Children’s Online Privacy Protection Act Urges Federal Trade Commission to Investigate and Bring Action Against the Leading Children’s Cable Channel Nickelodeon and PlayFirst Don’t Play Fair, Collecting Personal Information from Kids and Inducing In-Game Purchases Washington, DC: The Center for Digital Democracy (CDD) filed a complaint today asking the Federal Trade Commission (FTC) to investigate and bring action against cable network Nickelodeon and mobile game-maker PlayFirst for deceptive marketing of the SpongeBob Diner Dash game and for violating the Children’s Online Privacy Protection Act (COPPA). The mobile game, which is featured as a free iPhone and iPad app in the “Kids Games” section of Apple’s iTunes store, is based on characters from the popular “SpongeBob SquarePants” cable show (which for the past 12 years has been the most-watched television program for kids ages 2-11). The app store description assures consumers that the game complies with COPPA. However, as CDD’s filing documents, Nickelodeon and PlayFirst engage in several practices that are clear violations of the children’s privacy law. The objective of the game is for children to help SpongeBob “seat, serve, and satisfy all kinds of fishy customers in five colorful Bikini Bottom restaurants,” run by the greedy, selfish Mr. Krabs from the show. SpongeBob Diner Dash is a “freemium” game, which can be initially downloaded for free, but is designed to encourage users to buy virtual “coins” that can be spent on items such as shoes that make SpongeBob walk faster, or a frying pan that makes the food cook faster. Children are also prompted to spend more money to buy upgraded versions of the game. As the complaint documents, Nickelodeon and PlayFirst engage in deceptive acts by representing in the privacy disclosure on the Apple App Store that the app’s “data collection is in accordance with applicable law, such as COPPA,” when in fact it is not. The SpongeBob Diner Dash game asks children to provide a wide range of personal information, including full name, email address, and other online contact information, without providing notice to parents or obtaining prior parental consent, as required by the Children’s Online Privacy Protection Act. Nor does the app provide an adequate description of the personal information it collects or how it is used. The filing asks the FTC to investigate the apps’ data collection and privacy notice practices, including its use of mobile marketing technologies such as unique device identifiers (UDIDs) and “device tokens,” which enable companies to send custom messages to individual children in the form of “push notifications.” These forms of “online contact information” are considered personal information under current COPPA rules. “It is disturbing to learn that a well known children’s brand such as Nickelodeon is flouting basic privacy protections for children. Even more troubling, Nickelodeon tells parents that it complies with the law protecting children’s privacy when it does not” commented Laura Moy, an attorney at Georgetown Law’s Institute for Public Representation (IPR), which prepared the complaint on behalf of CDD. Moy urged that “the FTC take action to ensure that all companies targeting mobile apps to kids are complying with the law.” “It is clear that this is not an isolated incident,” said Jeff Chester, CDD’s Executive Director. “As the FTC report last week on children’s mobile apps revealed, this industry is not taking seriously its obligations under COPPA. The Commission needs to step up its enforcement actions and adopt new rules that will address the growing threats to children’s privacy in the expanding mobile marketplace.” A copy of CDD’s request is available at http://db.tt/oA1kEKSP (link is external) --30--
  • FOR IMMEDIATE RELEASE December 13, 2012 50+ ADVOCACY GROUPS CALL FOR UPDATES TO KIDS’ ONLINE PRIVACY PROTECTIONS WASHINGTON, DC and SAN FRANCISCO, CA -- A broad coalition of child advocacy, health, parents, privacy, and consumer organizations--including the American Academy of Pediatrics, the American Heart Association, the American Psychological Association , US Conference of Catholic Bishops, and Consumers Union -- has released a letter to the Federal Trade Commission (FTC) to express strong support for proposed updates to the Children’s Online Privacy Protection Act (COPPA). COPPA was passed by Congress in 1998, and is designed to enable parents to decide how and whether Internet companies and operators can collect and use personal information from their children under the age of 13. The FTC is considering the first updates to the COPPA rules, which were established in 2000. Since then, dramatic changes in the online and mobile world, and sophisticated new data collection and marketing practices, have undermined the ability of parents to make meaningful decisions for protecting their children’s privacy and safety. Recognizing those changes, the coalition letter describes the proposed updates to the COPPA rules as “not only essential, but also urgent.” The letter and list of co-signing organizations can be found at www.democraticmedia.org. In addition, in three separate petitions organized by Public Citizen (link is external), Campaign for a Commercial-Free Childhood (link is external), and Common Sense Media and the Center for Digital Democracy (link is external) over 10,000 petitioners have shown support for the FTC’s plans to update COPPA and keep parents--and not companies--in control of their children's online data.
  • Washington, DC: The Center for Digital Democracy (CDD) filed a complaint today with the Federal Trade Commission (FTC) calling for an investigation of and action against the Mobbles Corporation for operating the mobile application Mobbles in violation of the Children’s Online Privacy Protection Act (COPPA). Mobbles, a game involving virtual pets, is directed at children under age 13. It collects personal information from children without providing any notice to parents (nor even attempting to obtain verifiable parental consent), as required by law. Available since May 2012 on iTunes for the iPhone and from the Google Play store for Android devices, Mobbles has ranked among the top 100 grossing “Entertainment” iTunes apps in 24 countries, and among the top 10 in 10 countries. Between 10,000 and 50,000 users downloaded Mobbles over the last 30 days in the Google Play store alone. An elaborate, location-based game that involves capturing, collecting, trading, and caring for virtual pets, “Mobbles” raises a number of privacy and child-safety issues, CDD’s complaint explains. First, because Mobbles is a location-based game, it uses smart-phone technology both to determine and to share the precise physical location of children playing the game. Second, because users must be within 54 yards of a Mobble to “catch” it, the game encourages children to wander around at all hours to get close enough to capture a particular Mobble (some of which are only available at night). Third, through its newsletter sign-up and registration required for pet trading, Mobbles collects children’s email addresses and other contact information without parental notice or consent. And, finally, although many of the game’s items are available free (as is the game itself), Mobbles encourages the expenditure of actual funds (via credit-card accounts) to acquire virtual items that are only available for purchase. As CDD’s complaint makes clear, Mobbles violates COPPA’s requirement that any online service directed at children provide notice “of what information it collects from children, how it uses such information, and its disclosure practices for such information,” and obtain parental consent before collecting personal information from a child. Mobbles provides no privacy policies nor does it make any attempt to obtain parental consent before collecting a child’s physical address, online contact information, or the online contact information of a child’s friends. “This case underscores the urgent need to update the Federal Trade Commission’s rules on children’s online privacy,” said CDD Executive Director Jeff Chester. “The use of persistent identifiers on mobile devices and other platforms must be covered under the proposed new COPPA regulations.” “By its very design, the Mobbles app takes unfair advantage of children’s developmental vulnerabilities, and even potentially threatens their personal safety,” commented Dr. Kathryn Montgomery, Professor of Communication at American University, who spearheaded the campaign for COPPA in the 1990’s. “This complaint provides a glimpse into a much larger, rapidly growing children’s mobile market, in which companies are unleashing all of the available techniques for targeting kids, including geo-location, instant rewards, and in-phone purchases. In the process, these companies are capturing a wide range of personal information available on smart phones and other mobile devices. Such practices not only violate the law, but also fly in the face of industry promises to protect children’s privacy in the digital media marketplace.” CDD’s filing was prepared by the Institute for Public Representation at Georgetown University Law Center. Georgetown Law Student Jessica Wang, who researched and drafted the request, urged the FTC “to act promptly to stop mobile apps such as Mobbles from pinpointing children's physical location, sending them direct messages, and contacting kids' friends without their parents' knowledge and permission.” Noting that on Monday the FTC released a report documenting that a large percentage of the most popular mobile apps for kids are collecting information without parental notice and consent, Angela Campbell, Director of the Institute for Public Representation, urged the FTC to include Mobbles as one of the apps it planned to investigate.
  • FOR IMMEDIATE RELEASE Dec. 6, 2012 New Survey Reveals Strong Support for Updating Children’s Online Privacy Protection Act Majority express concerns about new marketing and data-collection practices such as behavioral profiling and mobile tracking WASHINGTON, DC and SAN FRANCISCO – Two leading nonprofit groups, the Center for Digital Democracy and Common Sense Media, today released the results of a new survey on public attitudes about children’s online privacy. The study — conducted over a two-week period in November by Princeton Research Associates International (PSRAI) — polled more than 2,000 adults and found overwhelming support for the Children’s Online Privacy Protection Act (COPPA), the law that requires parental consent before websites can collect personal information from children under the age of 13. The findings revealed strong support not only for the basic principles of the law, but also for several key proposed changes in the rules that would address a range of online business practices — including mobile marketing and behavioral profiling — that have emerged since the COPPA took effect more than a decade ago. The Federal Trade Commission is expected to announce a number of updates to the COPPA regulations in the coming weeks. The majority of respondents in the survey (90%) expressed support for COPPA’s basic requirement that online companies seeking to collect personal information from young children must first obtain permission from parents. In addition, the survey found significantly high levels of support for safeguards to protect children from many of the data collection and marketing practices that are frequently used to target them in today’s digital media environment. Respondents expressed disapproval of a number of techniques increasingly employed by many child-directed websites — 80% of adults were opposed to allowing advertisers to collect and use information about a child’s activities online, even in cases where advertisers do not know the actual name and address of a child. The survey also found that both parents and nonparents largely agree on many points: 91% of both parents and adults believe it is not okay for advertisers to collect information about a child’s location from that child’s mobile phone. 94% of parents and 91% of adults agree that advertisers should receive the parent’s permission before putting tracking software on a child’s computer.96% of parents and 94% of adults expressed disapproval when asked if it is “okay OK for a website to ask children for personal information about their friends.” 91% of parents said they strongly disagree with the idea, as did 86% of adults. Congress passed COPPA in 1998 with bipartisan support. The law established a set of safeguards for website operators targeting children under 13, and ensured that parents would play the key decision-making role in determining whether and how their children’s personal information would be used in the online environment. The law was purposely designed to respond to changing technologies and business practices, and requires the Federal Trade Commission to conduct periodic reviews. A coalition of child advocacy, consumer, public health, and privacy groups has called on the FTC to update its COPPA rules to cover many of the techniques that marketers are using today, which include: collecting geolocation information from a child’s mobile phone; targeting children and their friends through social networks and interactive games; and employing cookies, plug-ins, and other software to track young peoples’ online behaviors. The FTC proposed changes to the rules last year, and has sought comments from a wide range of industry and public interest groups, but has yet to release its revised regulations. “It is clear from these findings that the public supports strong action by the FTC to address the disturbing and widespread practices that threaten the privacy and safety of our nation’s children,” said Kathryn C. Montgomery, Ph.D, professor of communication at American University and one of the leaders of the campaign to pass COPPA during the 1990s. “Children should be able to reap the benefits of this new participatory media culture without being subjected to techniques that take advantage of their developmental vulnerabilities. We must ensure that the COPPA rules are updated effectively so that the generation of young people growing up online today will be treated fairly in the growing digital marketplace.” “The results of this poll should be a wake-up call to the industry that parents understand what’s at stake for their kids in a digital world, and want the power to protect their children to remain in their hands,” said James P. Steyer, CEO and founder, Common Sense Media. “The industry argues that updates to COPPA will stifle innovation and cost jobs, when in fact, they should respect the role of parents and use it build consumer trust. The FTC’s recommended updates to COPPA represent the most important regulation of the past 10 years when it comes to protecting our kids’ privacy. They will help ensure that parents have better information and tools, and that parents -- not third-party ad networks and data brokers -- get to decide when their children’s personal information can -- and can’t -- be collected, shared, and sold.” Additional information about the survey, including a summary of findings, full tables, and an infographic can be found at www.democraticmedia.org and www.commonsense.org/COPPA (link is external). To download the summary of findings directly, and a new Infographic on "Big Data, Little Kids," see attached. About Center for Digital Democracy The Center for Digital Democracy (CDD) is recognized as one of the leading consumer protection and privacy organizations in the United States. Since its founding in 2001 (and prior to that through its predecessor organization, the Center for Media Education), CDD has been at the forefront of research, public education, and advocacy on protecting consumers in the digital age. Its impact has been highly significant, fostering widespread debate, educating a spectrum of stakeholders, and creating a legacy of government and self-regulatory safeguards across a variety of Internet and digital media platforms. CDD’s public education programs are focused on informing consumers, policy makers, and the press about contemporary digital marketing issues, including its impact on public health, children and youth, and financial services. For more information, visit www.democraticmedia.org (link is external). About Common Sense Media Common Sense Media is dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in a world of media and technology. We exist because our kids are growing up in a culture that profoundly impacts their physical, social, and emotional well-being. We provide families with the advice and media reviews they need in order to make the best choices for their children. Through our education programs and policy efforts, Common Sense Media empowers parents, educators, and young people to become knowledgeable and responsible digital-citizens. For more information, go to: www.commonsense.org (link is external).
  • The Children's Online Privacy Protection Act (COPPA) protects children's privacy online. It is a powerful safeguard empowering parents to make decisions about how personal information from their child can be collected and used. As the Federal Trade Commission nears its historic vote to ensure that COPPA addresses the range of digital data collection practices that threaten child privacy--including from behavioral profiling and geo-location targeting--here's a brief primer.
  • Facebook engaged in a "Thanksgiving surprise" last week (link is external), announcing changes to its "Rights and Responsibilities" system of involving users in its decisions on data collection and privacy. It also announced plans designed to make additional collection of data readily available for them to use, including from so-called affiliates. Through its Facebook Exchange (link is external)and other data-enabled marketing (link is external) services--especially designed to bolster its ability (link is external)to monetize (link is external) through mobile devices--the social media behometh is pushing the privacy envelope. EPIC and CDD's letter asks Mr. Zuckerberg to reverse course. Stay tuned for further action. PS: Take a look at this clip (link is external)from Citizen Kane, when he signed his "Declaration of Principles." Remember when you see it that Kane--as he becomes successful as a media mogul--abandons them.
  • CDD and EPIC (link is external) submitted this letter to the FTC today. Both groups have had a long history of monitoring Facebook's privacy and online data-related marketing practices. We have both worked to ensure that the FTC and other regulators engage in the due diligence required to ensure Facebook respects the privacy rights of its users. Over the last several months, we have especially analyzed Facebook's growing (link is external)use of user data (link is external) as part of its ad exchange (link is external), including Datalogix (link is external). There are a range of data partners (link is external)that raise critical concerns. Here are some of Datalogix's data collection and user targeting affiliates--a never ending data daisy chain: Admeld (link is external), adnetik (link is external) (Digilant), appnexus, (link is external) Audience Science (link is external), bluekai (link is external), Cadreon (link is external), DataXU, (link is external) eXelate (link is external), invite media, (link is external) jumptap (link is external), Lotame (link is external), Mediamat (link is external)h, netmining, resonate, Rocket Fuel, (link is external) Tribal Fusion, TURN, (link is external) ValueClick, Vivaki, (link is external) X+1 (link is external) and Xaxis. The letter is attached.
  • Continuing its work to protect the privacy of children under 13 in the "Big Data" era, a coalition of leading groups just filed Comments with the Federal Trade Commission on its proposed new rules under the Children's Online Privacy Protection Act (COPPA). Many of these groups worked to get the law passed back in 1998. Even back then the kinds of personalized data collection commonplace today was part of our design for COPPA (since the basic "one-to-one" data collection model has remained a dominant paradigm). Under the proposed FTC rules, parents would be empowered for the first time to make decisions about whether online marketers, including on mobile devices, can stealthily use "cookies" and other unique and persistent identifiers to track and target a child. The filing explains how companies such as Viacom (Nick.com, etc), Time Warner/Turner (Cartoon Network) and Disney (Disney XD, etc) are using advanced state of the art data collection tools to track, profile and target users online. It discusses documents and other information we uncovered during our investigation for this filing that raise serious concerns about the commitment of many online companies to protect the privacy of kids and ensure parents are in charge. Groups filing these comments with CDD include: American Academy of Child and Adolescent Psychiatry, Berkeley Media Studies Center, Campaign for a Commercial Free-Childhood, Center for Media Justice, CSPI, ChangeLab Solutions, Children Now, Consumer Action, Consumer Federation of America, Consumers Union, the advocacy and policy division of Consumer Reports, Consumer Watchdog, National Consumers League, Privacy Rights Clearinghouse, Public Citizen, Public Health Advocacy Institute and The Praxis Project. The FTC filing was written by Prof. Angela Campbell and Fellow Laura Moy at the Institute for Public Representation, Georgetown Law Center. She was assisted by her able law students. CDD provided research and analysis.