CDD

Newsroom

  • Beginning a more informed discussion on the privacy and consumer protection implications of Facial Recognition Technology: NTIA Privacy Multi-stakeholder Process: The NTIA's present inquiry must be based on a solid foundation that objectively analyzes actual commercial FR developments, places its use in the context of the multi-dimensional and cross-platform contemporary data-driven practices, identifies its implications beyond consumer concerns to reflect upon its broader societal impact (such as civil liberties), and engages with legal frameworks or proposals that have or could address how FR should be properly regulated. Given that the focus of the Commerce Department-led proceeding is to help implement the Obama Administration’s Consumer Privacy Bill of Rights (CPBR), stakeholders should also address how FR should be dealt with in related legislation and identify the specific CPBR principles inherent in such a discussion (such as “Individual Control,” “Respect for Context,” “Accountability,” etc.). To help promote a more informed discussion of actual FR and related biometric data practices, CDD provides this overview on ten of the hundreds that could be cited. The report is attached.
  • EPIC and CDD filed this at the FTC today. Despite the protestations (link is external)of Whatsapp's founders, they cannot guarantee that Facebook won't eventually incorporate the rich vein of mobile, location and other data that flows from its services. If the Whatsapp founders are truly to commited to its user privacy, we ask them to enter into a voluntary 20 year consent decree with the FTC, placing on the record that they will maintain privacy practices without Facebook interference.
  • We were pleased to learn that the FTC filed an Amicus brief in the 9th Circuit yesterday to help create the misleading record Facebook created in the so-called "Sponsored Stories" case. CDD, along with Public Citizens and the Children's Advovacy Institute (U of San Diego) have been closely working together on the case, to support an outcome that provides the privacy safeguards teens require. Here's what CDD's attorney Hudson Kingston said about the FTC's filing: "The Federal Trade Commission's brief in this case is a major development for the protection of teenagers' privacy. Facebook's attorneys tried to get this settlement through by using a law meant to protect children to block state law protection of teens – now the agency made clear that this is a wrong reading of the law, this settlement clearly harms teenagers by ignoring their rights under state laws. States play a vital role protecting teens from privacy violations. Settlements that are based on illegality cannot stand. While the agency did not officially support either party, its reading of the law undermines one of Facebook’s key arguments that it can get out of this case without first addressing its weak privacy protections for teens. We hope that the Ninth Circuit accepts this authoritative view and throws out the settlement." The FTC's Amicus is attached. So is the State of California's amicus.
  • Here's a summary from our attorney Eric Null at Institute for Public Representation, Georgetown University Law Center: CDD filed its initial complaint against Disney and Marvelkids.com in December 2013. Shortly thereafter, Disney updated Marvelkids' nearly two-year-old privacy policy with Disney's company-wide policy. Apparently, Disney thought this would solve its COPPA-related issues, but our investigation shows that it did not. Our review showed multiple deficiencies, including insufficient notice of data collection and use, as well as continued ability to collect and use data for unlawful purposes. Further, its violations include allowing well-known third party behavioral advertisers, such as Omniture and TapJoy, to collect information from Marvelkids.com users--these practices may violate the COPPA Rule. CDD calls on the FTC to take a close look at the new policy and practices, and to investigate Marvelkids.com and all Disney-operated child-directed websites to ensure COPPA compliance. PS: Disney has challenged our complaint, suggesting we are interested in headlines. What CDD is interested in is meaningful compliance with the key law protecting privacy and empowering parents. CDD suggests Disney engage in a more serious review of its digital data collection system--something we expect FTC action to help spur.
  • Summary: These scores have long been an area of research interest for the non-partisan non-profit organizations U.S. PIRG and the Center for Digital Democracy. The growing use of so-called “e-scores” —a form of invisible (to the consumer) online ratings — can help determine our credit worthiness, “lifetime value,” or even the prices we pay. These e-scores can be used to blacklist or engage in discriminatory practices against individuals or even groups of consumers. We are aware that there are numerous online scores being generated for a variety of generally non-controversial uses, including predicting identity theft or fraud. However, we remain concerned that the largest and most important uses of online scoring are to substitute for the highly-regulated pre-screening regime that for years has governed the use of consumer credit reports for marketing purposes. Its proponents claim that the files developed are not on individual consumers, but on clusters of consumers. Its proponents claim online scores are simply a method for establishing audiences for serving ads. Not subject to the Fair Credit Reporting Act FCRA) regulation, they assert, are scores and other products that identify consumers on an aggregate basis (which for them means information narrowed to a small cluster of households at the ZIP+4 level) or consumers not named by name. We disagree with these representations and commend FTC for its inquiry. For CDD and other comments on this issue, see FTC docket. (link is external)
  • We urge you to review the attached FTC complaint that was filed today by EPIC (link is external) and CDD. The millions of WhatsApp users who signed up for the service were promised--repeatedly as you will read in the complaint--that the company didn't want to gather and commercialize their data. They posed as the "unFacebook," deriding the commercial surveillance apparatus that lies at the core of contemporary online practices. Yet at the same time they made their public privacy promises, they were being wooed (link is external) by Mark Zuckerberg to join The Circle (link is external)--oops, I mean Facebook. Despite Facebook's denial that WhatsApp and its digital gold mine of mobile numbers, address books, and access to selling all kinds of financial services in real-time won't become part of its Big Data-driven (link is external) advertising machine, one only has to look at what happened with Instagram (link is external) (let alone the track record of the industry). The Dutch and Canadian data protection authorities raised serious questions (link is external) about WhatsApp's own data and privacy policies in January. The Dutch report (attached) provides insights into how WhatsApp operates. The FTC (which will likely review the merger) needs to stand up for privacy and act on the complaint. Otherwise, WhatsApp's users will be merely Facebook customers who have lost their privacy and consumer protection rights.
  • Project

    Big Data Means Big Opportunities and Big Challenges

    Promoting Financial Inclusion and Consumer Protection in the “Big Data” Financial Era

    Dramatic changes are transforming the U.S. financial marketplace. Far-reaching capabilities of “Big-Data” processing that gather, analyze, predict, and make instantaneous decisions about an individual; technological innovation spurring new and competitive financial products; the rapid adoption of the mobile phone as the principal online device; and advances in e-commerce and marketing that change the way we shop and buy, are creating a new landscape that holds both potential promise and risks for economically vulnerable Americans. Using advances in data analytics specifically to promote economic inclusion and fairness during this period of transformation in the U.S. economy should be a proactive strategy embraced by all stakeholders. While not a panacea to address growing financial inequality, a wise investment in strategies that harvest the potential of the new digital financial system may better enable struggling Americans to maneuver a difficult economic future. This work is licensed under a Creative Commons Attribution 4.0 International License (link is external)
  • More than 40 groups sent a letter to President Obama today on the second anniversary of the Administration's promise it would seek a new "Consumer Privacy Bill of Rights." Although the President said in 2012 that "we can't wait" (link is external) for such new safeguards, so far the Administration has failed to deliver proposed legislative language. Civil rights, civil liberties, consumer, privacy and child advocacy groups signed the letter, which urged the President to now fulfill its commitment to advance enforceable rights for the public. The letter is attached. The New York Times editorial board also called (link is external) on the White House to deliver "specific legislative proposals."
  • Center for Digital Democracy Leads Coalition of Children’s, Health, and Consumer Advocates in Challenging District Court Decision Friend-of-the-Court Brief Urges Stronger Privacy Protections for Teen Facebook UsersWashington, DC: The Center for Digital Democracy, joined by a coalition of public health, children’s advocacy, and media justice groups, today filed an amicus curiae (“friend of the court”) brief in a case concerning teen privacy online. In Fraley v. Facebook, the social networking company was sued for violating the privacy of users of all ages, and the company settled with class-action attorneys before going to litigation. Facebook’s proposed settlement, which was eventually approved by the U.S. District Court, does not protect teen users from appearing in sponsored advertisements on Facebook, even though seven states forbid this kind of appropriation without parental consent. Although numerous parties have objected to the settlement, CDD’s brief specifically supports the objection of six families represented by Public Citizen, a leading consumer protection organization.CDD’s brief covers the many strong policy arguments in favor of having enhanced privacy protections online for teens. The settlement, and Facebook’s current policy, does nothing to account for teen development, or for the differences in how teens use and understand social media. The broad coalition of groups joining in the brief shows what an important case this is for the work of public health, digital-consumer rights, and childhood-obesity experts. Joining the brief are the American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Berkeley Media Studies Group, Center for Global Policy Solutions, Center for Science in the Public Interest, Children Now, Consumer Watchdog, First Star, Media Alliance, Media Literacy Project, Pediatrics Now, Public Health Advocacy Institute, Praxis Project, and Yale Rudd Center for Food Policy and Obesity.The proposed settlement was deemed so inimical to the privacy rights of teens that another nonprofit organization, Campaign for a Commercial-Free Childhood, rejected nearly $300,000 in compensation in order to come out against it and to support Public Citizen’s objection. “All of our organizations hope that the Ninth Circuit will see through a deal that was bad for teens and that tramples states’ legal protections of minors. The court has a great opportunity to respect states’ laws and the parents’ role simply by throwing the settlement out,” said Hudson Kingston, CDD’s legal director.A copy of the coalition’s brief is attached. See too the Appeal by our friends at the Children's Advovacy Institute.
  • Feb. 13, 2014 Facebook Settlement Endangers Kids and Breaks Law in Seven States, Public Interest Groups, Parents Tell 9th Circuit Children’s Privacy Organization Denounces Settlement, Refuses Money WASHINGTON, D.C. – Consumer, children’s safety, digital privacy groups and parents are urging a federal appeals court to toss out a settlement agreement that permits Facebook to use kids’ pictures in ads without the consent of their parents – which is illegal in seven states. In a brief filed today with the U.S. Court of Appeals for the Ninth Circuit, several parents, on behalf of their teenaged children, called on the court to vacate the settlement. “This settlement authorizes Facebook to continue doing what California and six other states specifically prohibit by law: use children’s images for advertising without their parents’ consent,” said Scott Michelman, attorney with Public Citizen, which is representing the parents in challenging the settlement. The other states are Florida, New York, Oklahoma, Tennessee, Virginia and Wisconsin. Margaret Becker of Brooklyn, N.Y., is one of the parents Public Citizen represents. She explained, “I’m fighting this settlement because Facebook shouldn’t be permitted to use my teenage daughter’s image for profit without my consent. The Internet compromises children's privacy in many ways that we parents must grapple with. But this settlement lets Facebook make my daughter a shill and leaves me powerless to stop it.” Added Hudson Kingston, legal director of the Center for Digital Democracy, which is filing an amicus brief supporting the challenge to the settlement, “Teens are unprepared to address the consequences of Facebook’s practice of creating ads with profile information but without their knowledge. If this settlement stands, teens face a serious loss of their privacy and a damaged reputation continuing into adulthood. Research proves teens are not ready for this kind of exposure, and parents’ consent for commercial appropriation is a necessary protection.” Also today, one of the groups designated in the settlement agreement to receive money, the Campaign (link is external)for a Commercial-Free Childhood (CCFC), announced that it was rejecting the money because it opposes the agreement. The group was to receive approximately $290,000 in a “cy pres” award – settlement money distributed to a public interest group whose work relates to the subject of the lawsuit. In a statement, the CCFC explained that the settlement’s supposed protections for minors were “hollow” and “meaningless.” “While we always understood the Fraley settlement agreement as a compromise, we came to understand that it’s worse than no settlement,” said CCFC Director Susan Linn, “Its purported protections are largely illusory, and it will undermine future efforts to protect minors on Facebook. We could do a lot of good with $290,000, but we cannot benefit from a settlement that we now realize conflicts with our mission to protect children from harmful marketing.” The case began with a lawsuit (link is external) filed in 2011 by some Facebook users over the use of their images in ads without their consent and the use of their children’s images without parental consent. If a user “likes” a company that advertises on Facebook, or if she “checks in” (identifies her location) at a restaurant, or uses an application associated with that company, her image may appear next to an ad for the business on Facebook, with text suggesting that she endorses that business. It is unlikely the children or the parents will know it’s going to happen until after it has occurred. Under a settlement that a federal district court approved in August, Facebook will include new language in its terms of service stating that users under age 18 “represent” that their parents consented to the use of the children’s names and images in advertising. The settlement does not require Facebook to obtain consent from the parents. “The capture and republication of teen postings by Facebook is a pernicious assault on their rights to decide where their messages should go,” said Professor Robert Fellmeth, director of the Children’s Advocacy Institute at the University of San Diego School of Law, which is representing another challenger to the settlement.
  • This letter was sent today to John Holdren, the director of the White House Office of Science and Technology Policy, and was signed by 25 groups. It calls on the White House to include a public comment period as part of its current 90-day "Big Data" review announced by the President during his speech on NSA reforms. It coincides as well with a meeting planned today on the issue led by John Podesta.
  • Today, CDD filed Comments (link is external) in the FTC's forthcoming (link is external)"Mobile Device Tracking" workshop (link is external) (Feb. 19) on mobile and retail tracking. As we explain (excerpt): While it is important to examine the individual components of what is an increasingly pervasive and unregulated source of commercial surveillance in the “Big Data” era, such as in-store tracking of consumers, the Federal Trade Commission (FTC) must place this one use of mobile tracking in a larger context. Such tracking is but one part of a more elaborate and increasingly seamless “always-on” collection apparatus that operates across devices and user experiences. This surveillance is invisible to most consumers and connected to a range of other practices such as “hyper-local” targeting, multi-screen tracking, and data broker-driven offline and online “connected recognition” and data on-boarding services. Current self-regulatory approaches are ineffective and do a disservice to consumers by falsely claiming to provide privacy protection and user control. The FTC should issue a set of recommendations to govern cross-platform marketing that includes mobile devices. This is urgently required as intrusive geo-locational data-gathering practices, some of which raise concerns about the potential for new forms of “digital redlining” and other discriminatory practices, dramatically expand during the next few years. We believe it is especially important for the FTC to examine how geo-location tracking is being used to identify people by race, ethnicity, economic class, and by their age (such as young people and seniors). The FTC should also reiterate its call for Congress to enact meaningful omnibus privacy legislation.... Today, consumer profiles are developed that include so-called first-, second-, and third-party data, linking our online and offline selves. This filing will not address the purposeful and disingenuous claim that such data profiles of individuals are “anonymous.” It is not the case, and the commission should reject such absurd claims. Companies say much of what they now do is “privacy compliant,” hiding behind the falsehood that cookies and all the other ways they collect and analyze data aren’t linked to an actual person. Such distortions should not be tolerated. Real people are being tracked and targeted.... The growth of hyper-local targeting is spurring new forms of segmentation of individuals and their distinct communities. The country is being broken up into highly discrete areas that are mapped to identify unique characteristics—beyond actual location. The use of these so-called “tiles” raises profound concerns. For example, PlaceIQ explains that “What we do is map data from multiple sources onto a grid of tiles that cover every square foot of the US. Each tile is 100 meters by 100 meters, and we inject third-party demographic information about that area into the tile, as well as data on what’s physically located there—points of interest like parks and airports, tourist attractions, retailers, stadiums, and so forth. Then, we connect that data with where a mobile device is in real time, or where it has recently been, to build unique audience segments for brands to target.”... The use of geo-fencing, “geobehavioral targeting,” “geo-cookies” and the role of location analytics, especially when integrated into broader data gathering, requires action by the FTC. As we will document for the forthcoming “Alternative Scoring Products” workshop, geo-location data are being made actionable at real-time events as well as used to make a range of critical decisions about an individual (whether they are credit worthy, seeking some product or service linked to sensitive concerns, etc.). These privacy and consumer-protection concerns extend beyond the individual to their communities and neighborhoods as well. The commission should examine the impact location-driven data gathering has on the financial health and consumer well-being of distinct communities, especially those in which its residents may suffer economically or due to other factors (such as age). CDD will soon be filing on Alternative Scoring Products (e-scores, lifetime value predictaors, etc) for the FTC's March 19th workshop. Today's Comments are attached.
  • excerpt via Exchangewire (link is external): Privacy awareness body Truste has today (28 January) released its annual Consumer Confidence Index, revealing 60% of participants in the survey were more concerned about their online privacy compared to 12 months ago, with 89% actively “avoiding” companies they don’t believe protect their privacy adequately....However, it seems that contagion has spread to the private sector too, as there are three times as many survey participants concerned about companies sharing their personal information with other companies (60%), than governments’ monitoring activity (20%)....Ken Parnham, Truste managing director, Europe, commenting that the online advertising sector can only suffer over such widespread negative public sentiment.He says: “After a barrage of media headlines about government surveillance programmes such as NSA’s PRISM, it is perhaps unsurprising that consumer online trust has fallen to its lowest point yet, with only 55% of internet users prepared to trust companies with personal data online.“It is a wake-up call for businesses that commercial data collection and sharing, rather than government activity, is the main driver of increased online privacy concerns.”In fact the use of personal data for the purposes of targeting online advertising ranked as the second-biggest concern among the survey participants, with 54% of respondents reporting it as a major concern, while 19% were concerned about companies tracking their location on a smartphone.
  • When Facebook proposed (link is external) to change its data use practices late last August, we wrote a number of papers to help the FTC. This is one of them, which discusses the company's ad practices and its relationship to its privacy claims. This paper addresses a number of Facebook data use and digital marketing strategies, and their impact on user privacy.
  • A personal essay in the New York Review of Books (link is external) by Dr. Arnold Relman on his recent serious accident reminds us that not only does fate play an important role in our lives, but the limits of our health care system. I urge you to read it. But in addition to the horrific experience he (and his family) had to undergo (and he's a lucky one). Dr. Relman's piece also underscores that the very much-hyped use of technology in health care (such as electronic patient records) brings its own set of contradictions and problems. He writes:But what I hadn’t appreciated was the extent to which, when there is no emergency, new technologies and electronic record-keeping affect how doctors do their work. Attention to the masses of data generated by laboratory and imaging studies has shifted their focus away from the patient. Doctors now spend more time with their computers than at the bedside. That seemed true at both the ICU and Spaulding. Reading the physicians’ notes in the MGH and Spaulding records, I found only a few brief descriptions of how I felt or looked, but there were copious reports of the data from tests and monitoring devices. Conversations with my physicians were infrequent, brief, and hardly ever reported.
  • “The Federal Trade Commission’s investigation of Apple sheds light on a growing practice that poses risks to children and families,” commented Jeff Chester, Executive Director of the Center for Digital Democracy. “Children are spending increasing amounts of time with mobile apps, generating potentially huge profits for the rapidly expanding gaming and app industries. In-app purchasing is becoming the dominant business model in many online games and other children’s entertainment content on mobile phones, tablets and gaming devices. Yet the techniques used to trigger these purchases are, in many cases, unfair and deceptive, taking advantage of children’s vulnerabilities. CDD commends today’s action by the commission. However, the agency should conduct a broad investigation of emerging techniques that target children on mobile, gaming and other platforms, and identify a set of industry-wide fair marketing guidelines.” “Today’s decision should be viewed as a first step in a wider initiative to develop clear government rules for protecting children and their families across a spectrum of digital devices,” said Dr. Kathryn Montgomery, Professor of Communication at American University, who led the campaign to enact the Children’s Online Privacy Protection Act (COPPA). “Just as we have principles and rules for safeguarding children’s privacy online, we need a policy for protecting young people and their families from covert and manipulative in-app marketing practices,” she explained. “Requiring app developers to secure informed parental consent before in-app purchases can be made will only address part of the problem. We need a comprehensive set of rules that take into account the cognitive and other developmental needs of children and their vulnerabilities in the digital marketplace.”
  • U.S. online marketing companies are pioneering the dramatic expansion of data collection throughout the world, as they gather, analyze, and make actionable all of our information. Giants such as Google and Facebook effectively become “private NSAs”—tracking us on social media, mobile devices, search engines, online games, and increasingly even when we are in the grocery or department store. Telephone companies involved with the NSA’s “bulk” data-collection program are expanding their own data gathering on the Internet and mobile devices as well. This information is used to create dossiers—online targeting profiles—on individuals. While U.S. online data companies will claim that all this information is used primarily for selling and interactive advertising, in reality it’s connected to a powerful system that uses personal data to make decisions about us in order to influence our behaviors. This handout is designed for a "Teach-in" held on December 17" on the impact of the Transatlantic Trade and Investment Partnership (TTIP). It discusses the relationship between NSA and U.S. commercial online data company practices.
  • A report written by Ed Mierzwinski of USPIRG and Jeff Chester of CDD.
  • CDD, joined by the Electronic Privacy Information Center, filed comments at the FTC yesterday opposing the request by AssertID that the commission approve a new method of verifiable parental consent under COPPA (Children's Online Privacy Protection Act). The proposed method would mine parents’ online social network information and ask third parties to judge whether that information is truthful or not, a method based on a “trust score” algorithm that the company claims is confidential and secret from the public. CDD asked the commission to oppose the application because it lacked information that explains how it assures that consenting parties are parents, and it leaves big questions about what the company is going to do with information it requires from parents. “This proposed method would take a parent’s personal information (including their location, photos, and full friends list from Facebook) and sensitive information on their child, without first telling parents that they had a right to refuse consent – parents have to pay out their own privacy in order to protect their children’s. This turns the regulations on their head by undercutting families’ privacy, and this method should not be approved by the FTC without significant changes in the application,” said CDD’s Legal Director, Hudson Kingston. The request (link is external)to approve a new parental consent mechanism is the first COPPA proceeding under the stronger children's privacy rules that went into effect last July. Jeff Chester, CDD's executive director, noted that this filing launches an expanded effort to ensure that online and mobile commercial sites and services are in compliance with COPPA's enhanced safeguards. "CDD has added legal, public outreach and technical resources designed to protect kids and empower parents and caregivers," he explained. The Institute for Public Representation at the Georgetown University Law Center, under the direction of Prof. Angela Campbell, collaborates with CDD on this child-protection initiative.
  • The Center for Digital Democracy (CDD) closely analyzes Facebook’s privacy and marketing policies. In partnership with other child advocacy, health and consumer organizations, we are in an on-going discussion about Facebook's data collection and marketing policies and its impact on children and teens. As part of our public outreach work, CDD is releasing “5 Reasons Why Facebook is Not Suitable for Children Under 13." The guide lays out some of the key problematic business and marketing practices that makes Facebook own data-driven marketing practices of concern for children. For example, it discusses how Facebook's marketing practices take advantage of children's cognitive, social and developmental vulnerabilities.CDD and our partners plan to expand the public conversation on children and Facebook to include issues related to the platform's extensive data collection, profiling and marketing practices. These issues compound existing concerns about children's risks involving cyberbullying, harmful content, or the activities of predators while on Facebook.The guide can be found below: