News

CDD statement on today's FTC COPPA (link is external) proposal. Today, the FTC took a giant step to protect children's privacy by proposing that the online data broker industry be required to comply with the Children's Online Privacy Protection Act (COPPA). Children--like adults--confront a pervasive data collection and targeting system made up of ad networks, data exchanges, and other digital marketing companies able to target anyone in real-time. The FTC's proposal ensures that parents will have control over how information can be collected from their children via mobile phones, online games and when they use computers. In addition, the commission will also rein in the data brokers targeting kids who use social media, so-called "plug-ins," to gather information on a child and their friends. Consumer, child advocacy, privacy and public health groups have called on the FTC to ensure that COPPA protects kids and empowers parents in today's data collection intensive, targeting 24/7 online environment. This proposal will help accomplish this. We are concerned, however, about the lobbying of the Walt Disney Company and others to secure an exemption for so-called family websites. We will be reviewing the commission's proposal and industry practices on such sites.

When CDD reviewed the proposed Facebook Sponsored Stories (link is external) settlement it was clear it failed to address how marketing and targeting on the social network really works. It also didn't do anything to ensure that parents and teens have the control they require over the Sponsored Story process (link is external) and its inter-related series (link is external)of premium ad products. Clearly, Facebook users require a settlement that protects their privacy and rights. As Sponsored Stories is deployed on the mobile p (link is external)latform, and Facebook users confront new privacy threats from the Facebook Exchange ad targeting (link is external) service, as well as new measurement (link is external) capabilities, policies need to be enacted to protect users (especially adolescents and other youth). We revised our letter of objection, now that a new Judge has been assigned to the case.

This letter was sent today to Lawrence Strickling, Ass't Sec of Commerce, as well as The White House. Despite our best efforts (link is external) to encourage the Commerce Department to ensure that people across the country can meaningfully participate in the first key stakeholder meeting scheduled for 12 July, the agency has failed to embrace an effective means to do so. Over the last few weeks we did get the Commerce people to change their plans to allow some outside of the Beltway involvement--but in a very limited way. The groups previously submitted a set of principles (link is external) last February to help govern the negotiations and ensure equitable representation and deliberation. Today's letter is attached. See too Consumer Federation of America press statement. (link is external)

Today, CDD, Consumers Union and a coalition of leading child advocacy, health, consumer and privacy groups sent a letter to Facebook CEO Mark Zuckerberg. The letter discusses the safeguards required to ensure Facebook `does no harm' to young people if it decides to open its platform to children (in order to comply with COPPA, etc).

Today we filed Comments on the Obama Administration's privacy plan via the Dep't of Commerce proceeding. Highlights below. Need for Legislation: We have said from the beginning of this process that the reliance on multi-stakeholder negotiations to effectively protect consumer welfare, including privacy, is a flawed approach....what is required is more courageous action by the Obama Administration: the submission to Congress of draft legislation that implements the CPBR principles. Multi-stakeholder Negotiations Must Address the Full Scope of the CPBR Principles at Each Stage: In order for any “code of conduct” to be developed, each issue (such as mobile applications, ethnic/racial digital profiling, youth online marketing, real-time targeting) must reflect all of the administration’s Privacy Bill of Rights. Stakeholders Should Decide the Topics, not the Administration: The administration should respect the independence of the multi-stakeholder process to identify issues for negotiation. Commit to the W3C’s Do-Not-Track Multi-stakeholder Process: The administration should clarify that it fully supports the multi-stakeholder process now underway by the World Web Consortium’s Tracking Protection Working Group. The support by the White House of the Digital Advertising Alliance’s closed-door, non-transparent, and non-representative work on Do-Not-Track suggests there is a lack of serious commitment to an independent and participatory multi-stakeholder process. The Department of Commerce should immediately recognize that the WC3’s work on Do-Not-Track is part of the development of meaningful new codes of conduct... All Issues Must Be on the Table, with No Exemptions for Self-regulatory Codes: Some digital data collection trade groups have suggested, in recent Congressional testimony, that the multi-stakeholder deliberations “should target only those issues that are not subject to existing statutory regimes or self-regulatory programs..." The administration should reject such a self-serving suggestion, which would deprive U.S. consumers of having fairly negotiated codes of conduct. Industry self-regulatory codes have been developed without public input, and already have drawn criticism from leading scholars. All issues must be addressed if this process is to have credibility Ensuring a Transparent and Open Process: these deliberations must be public...We urge that they be Webcast, and that there is a robust mechanism put in place for both the news media and the public to be informed of the proceedings... Issues related to both Children and Adolescents Should Be Addressed in Every Topic Identified for a Code of Conduct: Rather than addressing young people under a separate code of conduct, we support identifying the child and adolescent issues raised by each issue Concerns on the International Role for the Multi-stakeholder Negotiations and Codes of Conduct: We have grave reservations about the U.S. attempting to negotiate a “code of conduct” as the equivalent of formal law (such as in the EU) or where effective new consumer protection laws are required (such as in South America or the Asia Pacific markets). There isn’t a one-size-protects-all privacy regime that can be exported from the U.S Ensuring an Informed Discussion About the Digital Data Collection Landscape: One cannot easily choose a small piece of the puzzle (such as the “low-hanging fruit” of mobile privacy) to tackle, because all types of data collection and analysis are intrinsically connected to the fundamental forces shaping privacy in the commercial digital era. Ensuring Civil Society Participation, Especially Independent NGOs: We support the “Principles for Multi-Stakeholder Process” endorsed by leading NGOs on February 23, 2012 (with the leadership of the World Privacy Forum)... There must be robust civil society involvement in each deliberation, with sufficient levels of participation to ensure an effective—not marginal—contribution.

FTC Makes Advances Protecting the Privacy of Americans in Big Data Era, with Call for Congress to Rein-in Data Brokers But major concerns loom as report leaves consumers vulnerable to widespread data collection and tracking. Battles ahead as consumer group presses for action Statement of Jeff Chester, Executive Director, Center for Digital Democracy The Commission’s new privacy report zeros in on one of the most glaring threats to consumers today—the growth of the online-merged with-offline data collection complex. In its call for Congress to enact legislation to rein in the data broker industry, the FTC has opened up an important new ‘front’ in the battle to protect consumer privacy. Today, consumers face an ever growing and largely invisible data apparatus that collects and pools their information 24/7. The harvesting and sale--often in real-time--of our valuable data, including about our financial and health interests, poses a major threat to consumers. The FTC’s call for legislation is a digital wake-up call to Congress. The commission’s recommendation that Do-Not-Track means do not collect, potentially could help create a powerful new privacy tool for consumers. Overall, the FTC’s call for ensuring the public has greater control over how their data is collected and used online, should prompt industry leaders to rethink how they address protecting consumer privacy. The FTC's further clarification of what is considered personally identifiable information is also a step forward. However, we call on the FTC to specifically spell out how to ensure consumers have meaningful “choice” to control the collection and use of their information. The commission’s overall support for industry self-regulation (such as the largely invisible “icon” placed on ads) is disappointing, and reveals a FTC still too often constrained from effectively protecting the public. We see this report and the recent White House Consumer Privacy Bill of Rights endorsing what consumer groups have been warning about for years--that the Internet's growing focus on the tracking of individuals, along with the sale of their data by a largely out of view digital marketing industry, requires 21st Century consumer protection safeguards. Other key elements in the report: The commission’s proposal on affiliates and third-parties also helps rein-in a dizzying digital-consumer tracking daisy chain. Websites that share data with other parts of their company or ad networks require new safeguards. Requiring affirmative consent for the collection and use of sensitive information, including on first and third party sites. This is a positive step forward as consumers increasingly are targeted by financial and health marketers. But if consumers are to be protected, the FTC (and for financial, the CFPB) must engage in serious enforcement efforts. Called on the online ad industry (Digital Advertising Alliance, DAA) to work “within the W3C process” on Do-not-Track. The World Wide Web Consortium's (W3C) work on Do-not-Track is being potentially undermined by a separate effort organized by the DAA. Today, the FTC sent a message that it expects the online ad industry to work with the “multi-stakeholder” process established by W3C. [CDD is a member of the W3C Tracking Protection Group]. The commission resisted calls from the telephone and cable lobby to endorse the controversial Deep-Packet Inspection (DPI) surveillance system. The FTC plans to hold a workshop and conduct further study on this critical privacy and civil liberties issue, which is prudent. The report calls for greater protections for teens when they are targeted, something CDD has urged. The commission will expand its focus on mobile privacy, including applications and transactions.

This letter was sent today to US and EU policymakers.

This letter from the US/EU consumer group organization (link is external)Trans Atlantic Consumer Dialogue, which formally advises both the EU and US, calls on Google to suspend its planned privacy changes.

CDD has made a commitment to the White House that it will work on “multi-stake holder” negotiations to help develop new consumer online privacy safeguards. We recognize that in the absence of federal legislation, the inability of the FTC to issue regulations, and the ever-increasing digital data collection system, some progress must be made to protect consumers. Increasingly, consumers face a daily whirlwind of data collection, confronting a vast and largely uncontrollable apparatus that tracks their every move. Whether we are using a PC, a mobile device, playing a video game or even listening to music, our information is being stealthily packaged into personal data profiles. Our financial, health, political, and family data are sold to the highest online bidder, whether they are marketers, financial companies or even political parties. The White House’s new framework for protecting privacy, especially its Bill of Rights, is an important development to protect consumers in the digital age. Consumers require a “Bill of Rights” that ensure they are in control over their personal information—not the digital data companies. As the public increasingly relies on the Internet to make purchases and other financial decisions, they also should have 21st Century consumer protection safeguards. However, the new framework largely depends on the development of voluntary codes of conduct, to be negotiated between consumer groups and companies like Google, Facebook, Microsoft, Yahoo and others. Consumers groups, such as CDD, will engage in these negotiations in good faith. But we cannot accept any “deal” that doesn’t really protect consumers, and merely allows the data-profiling status quo to remain. Instead of negotiations, CDD would have preferred the White House to introduce new legislation that clearly protected consumers online. Two, we are very concerned that the Administration’s new privacy plan is designed to undermine the European Union’s rights-based approach protecting privacy. The U.S. online data companies are the global leaders in digital advertising, especially Google and Facebook. These companies increasingly feel threatened by a EU approach that protects its citizens from pervasive and unaccountable data collection. We will not support an effort by the U.S. to secure a trade agreement with the EU and the Asia Pacific region that permits digital marketers to collect user data unabated. A voluntary code of conduct should not be the basis of a global trade deal designed to bolster Google and Facebook profits. Finally, we are also concerned about today’s announcement by the Digital Advertising Alliance (DAA), including Google, that they will develop its own Do-Not-Track system. The plan by the DAA to add Do-Not-Track to its self-regulatory system could derail a promising privacy effort by the Worldwide Web Consortium standards group (W3C) that is being designed to give consumers greater control over data collection. The new DAA scheme will enable companies to continue to collect profiling data on users, and merely prevent the delivery of targeted ads. DAA members are terrified about the development of a DNT system with teeth, which would stop so much data collection, profiling and tracking. The White House and the FTC should ensure that consumers can receive the benefits of a robust, uniform and independent DNT service. We should not allow Do-Not-Track to be hijacked by the data collection industry

The attached complaint was sent today to the FTC, including the following to the Secretary, Commissioners, and staff: The Center for Digital Democracy submits this complaint regarding the failure of Google, Inc. to abide by the commission's Consent Decree in the Google "Buzz" case (Docket No. C-4366). We respectfully urge the FTC to find Google in violation of the Consent Decree for its failure to accurately and honestly inform users the real reasons it is changing its privacy policy. This petition provides data and analysis showing how Google's business practices, especially those announced or implemented in 2011, are the real reasons why it is now altering its consumer privacy practices. CDD also seeks to have the FTC request that Google postpone the launch of its new privacy policy on March 1, 2012, pending the outcome of its investigation. Here's an excerpt: We believe that an analysis of Google’s business operations over the last year will demonstrate the true rationale for the changes to its privacy policy—which has nothing to do with making it “easier” or “more convenient” for users. We fail to see where Google has provided to users—as it claims to have done in its “Compliance Report” submitted to the commission—“clear information in order to exercise meaningful choice regarding their continued use of Google services….” In particular, Google fails to inform its users that the new privacy regime is based on its own business imperatives: to address competition from Facebook; to grow its capacity to finely profile and target through audience buying; to collect, integrate, and utilize a user’s information in order to expand its social media, social search, and mobile marketing activities (through YouTube, Google+, and Admob, for example); to extend the length of time during which users are subject to targeting and real-time auctions via its DoubleClick Ad Exchange and Display Network; to provide additional data points for its Teracent, Invite Media, and Admeld operations; and generally to expand its DoubleClick operations. Finally, Google should have explained to consumers what it told a private industry meeting—that to help fulfill its February 2011 prediction that display advertising will be a $200 billion dollar global industry, it would need to better integrate user data across platforms and application using digital ad marketing automation.

Facial recognition technologies are now a part of the commercial digital marketing "complex," providing additional data and "activation" techniques designed to trigger engagement and commercial behavior. The Federal Trade Commission requested comments on the issue. Although CDD is concerned about the use of Facial Recognition on all consumers/citizens, inc. adults, we focused on the need for child and adolescent safeguards. Facial Recognition tactics have already become a part of youth marketing, inc, for food (link is external)and beverage (link is external) products. Here's an excerpt with filing attached: The growth of real-time targeting, with the routine merging of offline and online data for profiling-based user ad sales, is the context for the FTC to develop safeguards related to FR. Physical data will be added to the plethora of information layered to target users (which now also includes increasingly neuromarketing-derived data. The commission must also address how FR is designed to identify and target multicultural youth. Today, digital marketers engage in a range of ethnic and racial targeting, including children of color. African-American, Hispanic/Latino and Asian-American children and adolescents are the focus of wide-ranging data collection, profiling, and targeting applications. The use of FR to identify race/ethnicity without COPPA or new adolescent digital marketing rules requires proactive policy action by the commission... The commission must take into consideration, in its work to address FR, the current state of behavioral advertising and related digital direct marketing applications—including cross-platform. FR cannot be viewed in isolation, and an effective and comprehensive set of safeguards are required in the youth digital marketplace... CDD urges the FTC to issue appropriate rules, under its current COPPA proceeding, that place decisions about the use of FR under the control of a parent or appropriate adult guardian. It also must recommend new safeguards for adolescents, giving them greater information and control over how interactive marketing applications and data collection, including FR, are used in targeting. Specifically, we ask that: 1. The commission issue a regulation, under the COPPA rule, stipulating that the results of facial recognition applications are inherently personally identifiable information, and thus cannot be collected or used without parental consent. 2. For teens, companies must have a clear opt-in structure in order to undertake FR. 3. The commission oversee the development of a set of Fair Marketing Practices for all digital marketing targeting both children and teens, which should address how the overall use of facial recognition will be governed.

This draft document represents the current consensus views of the following organizations: ACLU, Center for Digital Democracy, Center for Media and Democracy, Consumer Federation of America, Consumers International, Consumers Union, Consumer Watchdog, Electronic Frontier Foundation, Fundacja Panoptykon, Privacy Rights Clearinghouse, and World Privacy Forum. The full document is attached.

Statement of Jeff Chester: Washington, November 29, 2011: "Since 2007, the social media giant has purposefully worked to erode the concept of privacy by disingenuously claiming users want to share all their personal information. But very few of Facebook’s more than 850 million users understand—let alone can control—the vast amounts of data mining used to propel its advertising business (in 2011, Facebook is predicted to top $4 billion in ad revenues). Facebook’s drive to reap the rewards of a potentially ground-breaking IPO next Spring has also helped unleash a range of data practices that stealthily monetizes the actions and interests of users and their networks of friends. For example, there are now a complex of Facebook tools designed to help marketing campaigns trigger a range of “experiences” and actions tied to measureable events. Facebook has also increasingly focused on a “social by design” concept in an effort to help its advertisers utilize “profile data.” Once the FTC consent decree (link is external)is finalized, Facebook users will have new tools at their disposal to help ensure their privacy is better protected. If Facebook makes any claim that is found to be untrue, they can press the FTC to conduct a review, order a correction and require the imposition of financial penalties. We applaud the FTC for conducting a much-needed investigation of Facebook and diligently pursuing this settlement. CDD joined with the Electronic Privacy Information Center and other groups petitioning the FTC to investigate Facebook’s privacy practices. We will work to ensure that Facebook’s further expansion into mobile marketing, social commerce and online gaming doesn’t come at the expense of user privacy. However, this proposed settlement also requires leadership changes at Facebook. They misled consumers and should pay a price beyond a 20 year agreement to conduct their business practices in a more above-board fashion. We call on Mark Zuckerberg and the Facebook board of directors to accept responsibility for this breech of conduct. They should resign and be replaced by officials that have strong pro-privacy credentials."

Children’s Privacy Advocates Praise Federal Trade Commission on Proposed New Safeguards to Protect Children’s Privacy Online Leaders of the Effort that Helped Pass COPPA in 1998 Say Parents Will Now Have Better Ways to Ensure Their Children’s Information is Safe in the Smart Phone and Social Networking Era Washington, DC: Today, the FTC released a Notice of Proposed Rulemaking on its rules implementing the Children’s Online Privacy Protection Act (COPPA), the 1998 law designed to protect the privacy of children under 13. The Commission’s plan would help safeguard children’s data when they are on a mobile phone, playing an interactive game on the Internet, or participating in a virtual world. Under the proposed new rules, children could not be tracked and profiled when online through the use of behavioral targeting and other techniques now regularly used to stealthily collect information on Internet and mobile phone users. Parents and children’s security and safety would be better protected, since the proposed COPPA rules would cover a child’s geo-location data, as well as photos they post online, and would impose new requirements to ensure against data breaches. “Since its passage in 1998, COPPA has served as an important safeguard for young consumers under the age of 13 in the online marketing environment,” commented Kathryn Montgomery, PhD, Professor of Communication at American University, and one of the leaders of the campaign that led to passage of the law. “It established a level playing field by creating a law that applied to every commercial player—from the largest children’s media companies to the smallest start-ups. And it sent a strong signal to the online marketing industry: If you are going to do business with our nation’s children, you will have to follow some basic rules. COPPA was purposely designed to adapt to changes in both technology and business practices. The proposed rules announced by the FTC today reflect careful research and analysis, as well as widespread consultation with major stakeholders. We believe they will help address a number of concerns raised by consumer groups, privacy experts, and child advocates, while at the same time, balancing children’s ability to be active participants in digital culture with the need to protect them from unfair data collection and marketing practices.” Montgomery concurred with the Commission’s recognition that teens also need some privacy protections online. “While some of the mechanisms for protecting younger children are not appropriate for older youth,” she noted, “adolescents are entitled to fair information practices in the digital marketplace. We urge the FTC to address this issue in its forthcoming new comprehensive privacy framework report.” “The Center for Digital for Democracy is pleased that the FTC has finally brought protecting a child’s privacy into the 21st Century,” explained CDD’s executive director, Jeff Chester. “This proposal balances the need to protect the privacy of children, ensure parental involvement, and promotes the growth of kid-oriented online media. At a time when our children spend much of their daily lives online and are always connected to the Internet via games, cell phones and other devices, parents should thank the FTC for acting responsibly on behalf of children.” Among the provisions highlighted by the advocates are: § Extension of privacy protections to the expanding array of digital platforms and marketing venues used to reach and engage young people, including mobile phones and internet-enabled gaming. § The rules’ acknowledgement of increasingly sophisticated technologies for identifying individuals, including IP addresses and geo-location. § Closing of loopholes that made it possible for companies to engage in behavioral targeting and one-to-one marketing aimed at children. § More user-friendly privacy notices to enable parents to make better decisions about their children’s use of online services. “The Institute for Public Representation, which has served as counsel to children’s advocacy groups in efforts to protect children’s online privacy for over sixteen years, is pleased that the FTC is proposing to update its rules to cover new technologies and practices,” said IPR Co-Director and Georgetown University Law Professor, Angela Campbell. The Institute for Public Representation, at Georgetown University Law Center, represented a broad coalition of groups in this FTC proceeding. They included the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, the American Academy of Pediatrics, the Benton Foundation, Berkeley Media Studies Group, the Campaign for a Commercial-Free Childhood, the Center for Science in the Public Interest, Children Now, Consumer Action, Consumer Federation of America, Consumers Union, Consumer Watchdog, National Consumers League, Public Health Institute, U.S. PIRG, and World Privacy Forum. The Children’s Online Privacy Protection Act was passed in 1998 as bi-partisan legislation that had the support of children’s advocates, public health, education, consumer, and privacy groups, as well as leading online marketing companies.

Bush FTC Nominee a Triple Threat: To Media Diversity, Affordable Gas Prices, and Role of States Supporter of Plan to Remove FTC from Media Merger Review to Be Head of FTC Wyden, Boxer and Consumer Groups Express Concern 3 June 2004 Deborah Majoras, a former Bush administration Department of Justice official, who supervised the controversial settlement with Microsoft, is on track to become the chair of the Federal Trade Commission. Majoras, who represents some of the country’s largest oil and media companies, would become the federal government’s lead “consumer advocate.” But as Senators Wyden and Boxer and a number of consumer groups have made clear, Majoras at the FTC would be bad for consumers, competitors, and citizens alike. One major objection to Majoras is her stance on the role that the FTC should play in reviewing media mergers. She backed a secret plan developed by the Bush Administration in 2002 that would have removed the FTC from reviewing such mergers. Under the proposal, only the Department of Justice would have had media merger authority. DOJ has been notoriously friendly to the big media companies that lobby an administration (regardless of which party is in charge). Only at the FTC have consumers and competitors been given serious attention (as in the case of AOL and Time Warner, where the FTC imposed some “open access” and non-discrimination safeguards). As chair of the FTC, Majoras would be unlikely to seek review of media mergers, permitting the DOJ to rubberstamp even more consolidation. While at DOJ, Majoras also led the Bush administration’s backroom deal that approved a much-criticized agreement with Microsoft. The Majoras plan essentially left the computer giant intact, and cut off the crucial rule of the states in imposing more significant safeguards. Finally, Majoras has represented Chevron-Texaco and other major oil and gas interests, an area that the FTC is supposed to regulate. Senators Barbara Boxer (D-CA) and Ron Wyden (D-Or) have placed a “hold” on the nomination for now, pending assurances that Ms. Majoras will pursue an agenda designed to ensure a competitive gasoline industry. The Jones, Day law firm, where Majoras works in the government regulation/anti-trust division, represents some of the biggest media (and media-related) companies in the country, including: DIRECTV, General Electric Company,The Goldman Sachs Group, Halliburton Company, Kellogg Brown & Root, Knight Ridder, Lehman Brothers Holdings, Liberty Media Group, Merrill Lynch & Co., Procter & Gamble, R.R. Donnelley & Sons, Thomson Multimedia S.A., Time Warner, the Tribune Company, and the Washington Post Company. The firm also represents ICANN (Internet Corporation for Assigned Names and Numbers).