• Leaders of the Effort to Pass COPPA in 1998 Say Parents Should Now Have Greater Control of their Children’s Information Online Digital Media Companies Must Implement New Policies to Protect Children’s Privacy Online Washington, DC: The team of privacy advocates and lawyers responsible for passage of the Children’s Online Privacy Protection Act (COPPA) in the late 1990s expressed strong support for the Federal Trade Commission’s long-awaited release of its updated children’s privacy rules, announced today, while urging regulators to keep a watchful eye on continuing developments in the mobile app and social media industries. “We are at a critical moment in the growth of the children’s digital marketplace,” said Kathryn Montgomery, Professor of Communication at American University, “as social networks, mobile phones and gaming platforms become an increasingly powerful presence in the lives of young people. The new rules should help ensure that companies targeting children throughout the rapidly expanding digital media landscape will be required to engage in fair marketing and data collection practices. We applaud the FTC for its rigorous and comprehensive review of the COPPA rules and for bringing them up to date with industry changes. However, the Commission will need to engage in ongoing monitoring efforts, as well as strong enforcement actions, if the implementation of these rules is to be effective in the long run. The FTC’s recent report on the children’s app market indicates that, even in the midst of an intense public debate over privacy policy, too many companies in this industry have operated with little regard for their legal obligations to children.” “The Commission’s decision today is a major step forward,” said Jeff Chester, Executive Director of the Center for Digital Democracy. “We are especially gratified that this decision puts to rest the longstanding and disingenuous claims by the digital marketing industry that cookies and other persistent identifiers are not personally identifiable information. The revised rules also address the increasingly pervasive use of geolocation, behavioral targeting, and social media data collection. But we are concerned about possible loopholes that could undermine the intent of the rules. CDD plans to continue closely analyzing the emerging marketing and data practices targeted at children--with a sharp focus on app developers and social marketers like Facebook--and will file complaints against any company that violates the new rules.” “I am pleased that the FTC has updated its rules implementing the Children’s Online Privacy Protection Act, as Congress intended, to specifically account for new technologies and marketing practices,” observed Angela Campbell, Director of the Institute for Public Representation at Georgetown University Law Center. “While the revised rules provide significantly greater protections for children, we will monitor industry compliance with the new regulations. Where we find that companies fall short, as we did recently with the Mobbles and SpongeBob Diner Dash apps, we will file additional requests for investigation.” Kathryn Montgomery and Jeff Chester spearheaded the campaign to pass COPPA during the 1990s, leading a coalition of prominent education, health, and consumer groups in a two-year effort, and working closely with Angela Campbell and a team of law students at Georgetown Law’s Institute for Public Representation, which served as legal counsel to the coalition. Although the law took effect in the formative period of Internet marketing, it was purposely designed to adapt to changes in both technology and business practices, with periodic reviews by the FTC to ensure its continued effectiveness. With the expansion of digital media platforms and the growing sophistication of online data collection and profiling, the need for updating the rules became increasingly urgent. Since 2010, the Center for Digital Democracy and a coalition of other consumer and public health organizations have been urging the FTC to update its COPPA rules to encompass the expanding array of digital platforms and marketing services used to reach and target young people. In a letter submitted to the Commissioners last week, more than 50 organizations – including the American Academy of Child and Adolescent Psychiatry, CDD, Common Sense Media, Consumer Federation of America, Consumers Union, the American Academy of Pediatrics, the American Psychological Association, and the American Heart Association – strongly endorsed the agency’s proposed rules, calling for timely action to adopt them. --30--
  • The dramatic growth of the data broker industry, fueled by information on consumers culled from the Internet, social media, mobile phones, and in-store shopping, has created a multitude of all seeing eyes spying on Americans everyday. A digital gold mine of infinite details is harvested about each of us--what we buy, who are friends are, how much we earn, our ethnicity, health concerns, location, etc. For the most part, these records are off limits to consumers, who can't really discover what they say about us--including the likely errors they may contain. Today's action by the FTC (link is external) will unmask this largely stealth consumer surveillance industry. It will shine a powerful regulatory spotlight on such disturbing practices as the use of so-called "e-scores," which are used to signal to others information about our creditworthiness, potential revenues for marketers or even whether our calls for service should be answered first by telephone operators. Our data is sold to the highest commercial bidder in milliseconds, who can use the information for almost any purpose--yet it is unavailable so a consumer can review or challenge it. The data broker business, which now comprises far-reaching partnerships between numerous small and large companies, should not be permitted to operate without ensuring transparency and control to the individual consumer. That's especially important in this era of Big Data shaping our democracy. For a recent analysis of databroker tactics in the digital real-time consumer targeting era, see a paper (link is external)just published by Ed Mierzwinski of USPIRG and Jeff Chester of CDD An example of databroker techniques discussed by Acxiom is attached.
  • The dramatic growth of the data broker industry, fueled by information on consumers culled from the Internet, social media, mobile phones, and in-store shopping, has created a multitude of all seeing eyes spying on Americans everyday. A digital gold mine of infinite details is harvested about each of us--what we buy, who are friends are, how much we earn, our ethnicity, health concerns, location, etc. For the most part, these records are off limits to consumers, who can't really discover what they say about us--including the likely errors they may contain. Today's action by the FTC (link is external) will unmask this largely stealth consumer surveillance industry. It will shine a powerful regulatory spotlight on such disturbing practices as the use of so-called "e-scores," which are used to signal to others information about our creditworthiness, potential revenues for marketers or even whether our calls for service should be answered first by telephone operators. Our data is sold to the highest commercial bidder in milliseconds, who can use the information for almost any purpose--yet it is unavailable so a consumer can review or challenge it. The data broker business, which now comprises far-reaching partnerships between numerous small and large companies, should not be permitted to operate without ensuring transparency and control to the individual consumer. That's especially important in this era of Big Data shaping our democracy. We are also gratified that the FTC asked for databrokers to supply information related to both children and adolescents. For a just published report on digital databroker practices, the FCRA, and consumer protection written by Ed Mierzwinski of USPIRG and Jeff Chester of CDD, go to SSRN. (link is external) For an example of databroker techniques, see attached.
  • Center for Digital Democracy Charges that Nickelodeon’s Mobile SpongeBob Game Violates the Children’s Online Privacy Protection Act Urges Federal Trade Commission to Investigate and Bring Action Against the Leading Children’s Cable Channel Nickelodeon and PlayFirst Don’t Play Fair, Collecting Personal Information from Kids and Inducing In-Game Purchases Washington, DC: The Center for Digital Democracy (CDD) filed a complaint today asking the Federal Trade Commission (FTC) to investigate and bring action against cable network Nickelodeon and mobile game-maker PlayFirst for deceptive marketing of the SpongeBob Diner Dash game and for violating the Children’s Online Privacy Protection Act (COPPA). The mobile game, which is featured as a free iPhone and iPad app in the “Kids Games” section of Apple’s iTunes store, is based on characters from the popular “SpongeBob SquarePants” cable show (which for the past 12 years has been the most-watched television program for kids ages 2-11). The app store description assures consumers that the game complies with COPPA. However, as CDD’s filing documents, Nickelodeon and PlayFirst engage in several practices that are clear violations of the children’s privacy law. The objective of the game is for children to help SpongeBob “seat, serve, and satisfy all kinds of fishy customers in five colorful Bikini Bottom restaurants,” run by the greedy, selfish Mr. Krabs from the show. SpongeBob Diner Dash is a “freemium” game, which can be initially downloaded for free, but is designed to encourage users to buy virtual “coins” that can be spent on items such as shoes that make SpongeBob walk faster, or a frying pan that makes the food cook faster. Children are also prompted to spend more money to buy upgraded versions of the game. As the complaint documents, Nickelodeon and PlayFirst engage in deceptive acts by representing in the privacy disclosure on the Apple App Store that the app’s “data collection is in accordance with applicable law, such as COPPA,” when in fact it is not. The SpongeBob Diner Dash game asks children to provide a wide range of personal information, including full name, email address, and other online contact information, without providing notice to parents or obtaining prior parental consent, as required by the Children’s Online Privacy Protection Act. Nor does the app provide an adequate description of the personal information it collects or how it is used. The filing asks the FTC to investigate the apps’ data collection and privacy notice practices, including its use of mobile marketing technologies such as unique device identifiers (UDIDs) and “device tokens,” which enable companies to send custom messages to individual children in the form of “push notifications.” These forms of “online contact information” are considered personal information under current COPPA rules. “It is disturbing to learn that a well known children’s brand such as Nickelodeon is flouting basic privacy protections for children. Even more troubling, Nickelodeon tells parents that it complies with the law protecting children’s privacy when it does not” commented Laura Moy, an attorney at Georgetown Law’s Institute for Public Representation (IPR), which prepared the complaint on behalf of CDD. Moy urged that “the FTC take action to ensure that all companies targeting mobile apps to kids are complying with the law.” “It is clear that this is not an isolated incident,” said Jeff Chester, CDD’s Executive Director. “As the FTC report last week on children’s mobile apps revealed, this industry is not taking seriously its obligations under COPPA. The Commission needs to step up its enforcement actions and adopt new rules that will address the growing threats to children’s privacy in the expanding mobile marketplace.” A copy of CDD’s request is available at (link is external) --30--
  • FOR IMMEDIATE RELEASE December 13, 2012 50+ ADVOCACY GROUPS CALL FOR UPDATES TO KIDS’ ONLINE PRIVACY PROTECTIONS WASHINGTON, DC and SAN FRANCISCO, CA -- A broad coalition of child advocacy, health, parents, privacy, and consumer organizations--including the American Academy of Pediatrics, the American Heart Association, the American Psychological Association , US Conference of Catholic Bishops, and Consumers Union -- has released a letter to the Federal Trade Commission (FTC) to express strong support for proposed updates to the Children’s Online Privacy Protection Act (COPPA). COPPA was passed by Congress in 1998, and is designed to enable parents to decide how and whether Internet companies and operators can collect and use personal information from their children under the age of 13. The FTC is considering the first updates to the COPPA rules, which were established in 2000. Since then, dramatic changes in the online and mobile world, and sophisticated new data collection and marketing practices, have undermined the ability of parents to make meaningful decisions for protecting their children’s privacy and safety. Recognizing those changes, the coalition letter describes the proposed updates to the COPPA rules as “not only essential, but also urgent.” The letter and list of co-signing organizations can be found at In addition, in three separate petitions organized by Public Citizen (link is external), Campaign for a Commercial-Free Childhood (link is external), and Common Sense Media and the Center for Digital Democracy (link is external) over 10,000 petitioners have shown support for the FTC’s plans to update COPPA and keep parents--and not companies--in control of their children's online data.
  • Washington, DC: The Center for Digital Democracy (CDD) filed a complaint today with the Federal Trade Commission (FTC) calling for an investigation of and action against the Mobbles Corporation for operating the mobile application Mobbles in violation of the Children’s Online Privacy Protection Act (COPPA). Mobbles, a game involving virtual pets, is directed at children under age 13. It collects personal information from children without providing any notice to parents (nor even attempting to obtain verifiable parental consent), as required by law. Available since May 2012 on iTunes for the iPhone and from the Google Play store for Android devices, Mobbles has ranked among the top 100 grossing “Entertainment” iTunes apps in 24 countries, and among the top 10 in 10 countries. Between 10,000 and 50,000 users downloaded Mobbles over the last 30 days in the Google Play store alone. An elaborate, location-based game that involves capturing, collecting, trading, and caring for virtual pets, “Mobbles” raises a number of privacy and child-safety issues, CDD’s complaint explains. First, because Mobbles is a location-based game, it uses smart-phone technology both to determine and to share the precise physical location of children playing the game. Second, because users must be within 54 yards of a Mobble to “catch” it, the game encourages children to wander around at all hours to get close enough to capture a particular Mobble (some of which are only available at night). Third, through its newsletter sign-up and registration required for pet trading, Mobbles collects children’s email addresses and other contact information without parental notice or consent. And, finally, although many of the game’s items are available free (as is the game itself), Mobbles encourages the expenditure of actual funds (via credit-card accounts) to acquire virtual items that are only available for purchase. As CDD’s complaint makes clear, Mobbles violates COPPA’s requirement that any online service directed at children provide notice “of what information it collects from children, how it uses such information, and its disclosure practices for such information,” and obtain parental consent before collecting personal information from a child. Mobbles provides no privacy policies nor does it make any attempt to obtain parental consent before collecting a child’s physical address, online contact information, or the online contact information of a child’s friends. “This case underscores the urgent need to update the Federal Trade Commission’s rules on children’s online privacy,” said CDD Executive Director Jeff Chester. “The use of persistent identifiers on mobile devices and other platforms must be covered under the proposed new COPPA regulations.” “By its very design, the Mobbles app takes unfair advantage of children’s developmental vulnerabilities, and even potentially threatens their personal safety,” commented Dr. Kathryn Montgomery, Professor of Communication at American University, who spearheaded the campaign for COPPA in the 1990’s. “This complaint provides a glimpse into a much larger, rapidly growing children’s mobile market, in which companies are unleashing all of the available techniques for targeting kids, including geo-location, instant rewards, and in-phone purchases. In the process, these companies are capturing a wide range of personal information available on smart phones and other mobile devices. Such practices not only violate the law, but also fly in the face of industry promises to protect children’s privacy in the digital media marketplace.” CDD’s filing was prepared by the Institute for Public Representation at Georgetown University Law Center. Georgetown Law Student Jessica Wang, who researched and drafted the request, urged the FTC “to act promptly to stop mobile apps such as Mobbles from pinpointing children's physical location, sending them direct messages, and contacting kids' friends without their parents' knowledge and permission.” Noting that on Monday the FTC released a report documenting that a large percentage of the most popular mobile apps for kids are collecting information without parental notice and consent, Angela Campbell, Director of the Institute for Public Representation, urged the FTC to include Mobbles as one of the apps it planned to investigate.
  • FOR IMMEDIATE RELEASE Dec. 6, 2012 New Survey Reveals Strong Support for Updating Children’s Online Privacy Protection Act Majority express concerns about new marketing and data-collection practices such as behavioral profiling and mobile tracking WASHINGTON, DC and SAN FRANCISCO – Two leading nonprofit groups, the Center for Digital Democracy and Common Sense Media, today released the results of a new survey on public attitudes about children’s online privacy. The study — conducted over a two-week period in November by Princeton Research Associates International (PSRAI) — polled more than 2,000 adults and found overwhelming support for the Children’s Online Privacy Protection Act (COPPA), the law that requires parental consent before websites can collect personal information from children under the age of 13. The findings revealed strong support not only for the basic principles of the law, but also for several key proposed changes in the rules that would address a range of online business practices — including mobile marketing and behavioral profiling — that have emerged since the COPPA took effect more than a decade ago. The Federal Trade Commission is expected to announce a number of updates to the COPPA regulations in the coming weeks. The majority of respondents in the survey (90%) expressed support for COPPA’s basic requirement that online companies seeking to collect personal information from young children must first obtain permission from parents. In addition, the survey found significantly high levels of support for safeguards to protect children from many of the data collection and marketing practices that are frequently used to target them in today’s digital media environment. Respondents expressed disapproval of a number of techniques increasingly employed by many child-directed websites — 80% of adults were opposed to allowing advertisers to collect and use information about a child’s activities online, even in cases where advertisers do not know the actual name and address of a child. The survey also found that both parents and nonparents largely agree on many points: 91% of both parents and adults believe it is not okay for advertisers to collect information about a child’s location from that child’s mobile phone. 94% of parents and 91% of adults agree that advertisers should receive the parent’s permission before putting tracking software on a child’s computer.96% of parents and 94% of adults expressed disapproval when asked if it is “okay OK for a website to ask children for personal information about their friends.” 91% of parents said they strongly disagree with the idea, as did 86% of adults. Congress passed COPPA in 1998 with bipartisan support. The law established a set of safeguards for website operators targeting children under 13, and ensured that parents would play the key decision-making role in determining whether and how their children’s personal information would be used in the online environment. The law was purposely designed to respond to changing technologies and business practices, and requires the Federal Trade Commission to conduct periodic reviews. A coalition of child advocacy, consumer, public health, and privacy groups has called on the FTC to update its COPPA rules to cover many of the techniques that marketers are using today, which include: collecting geolocation information from a child’s mobile phone; targeting children and their friends through social networks and interactive games; and employing cookies, plug-ins, and other software to track young peoples’ online behaviors. The FTC proposed changes to the rules last year, and has sought comments from a wide range of industry and public interest groups, but has yet to release its revised regulations. “It is clear from these findings that the public supports strong action by the FTC to address the disturbing and widespread practices that threaten the privacy and safety of our nation’s children,” said Kathryn C. Montgomery, Ph.D, professor of communication at American University and one of the leaders of the campaign to pass COPPA during the 1990s. “Children should be able to reap the benefits of this new participatory media culture without being subjected to techniques that take advantage of their developmental vulnerabilities. We must ensure that the COPPA rules are updated effectively so that the generation of young people growing up online today will be treated fairly in the growing digital marketplace.” “The results of this poll should be a wake-up call to the industry that parents understand what’s at stake for their kids in a digital world, and want the power to protect their children to remain in their hands,” said James P. Steyer, CEO and founder, Common Sense Media. “The industry argues that updates to COPPA will stifle innovation and cost jobs, when in fact, they should respect the role of parents and use it build consumer trust. The FTC’s recommended updates to COPPA represent the most important regulation of the past 10 years when it comes to protecting our kids’ privacy. They will help ensure that parents have better information and tools, and that parents -- not third-party ad networks and data brokers -- get to decide when their children’s personal information can -- and can’t -- be collected, shared, and sold.” Additional information about the survey, including a summary of findings, full tables, and an infographic can be found at and (link is external). To download the summary of findings directly, and a new Infographic on "Big Data, Little Kids," see attached. About Center for Digital Democracy The Center for Digital Democracy (CDD) is recognized as one of the leading consumer protection and privacy organizations in the United States. Since its founding in 2001 (and prior to that through its predecessor organization, the Center for Media Education), CDD has been at the forefront of research, public education, and advocacy on protecting consumers in the digital age. Its impact has been highly significant, fostering widespread debate, educating a spectrum of stakeholders, and creating a legacy of government and self-regulatory safeguards across a variety of Internet and digital media platforms. CDD’s public education programs are focused on informing consumers, policy makers, and the press about contemporary digital marketing issues, including its impact on public health, children and youth, and financial services. For more information, visit (link is external). About Common Sense Media Common Sense Media is dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in a world of media and technology. We exist because our kids are growing up in a culture that profoundly impacts their physical, social, and emotional well-being. We provide families with the advice and media reviews they need in order to make the best choices for their children. Through our education programs and policy efforts, Common Sense Media empowers parents, educators, and young people to become knowledgeable and responsible digital-citizens. For more information, go to: (link is external).
  • The Children's Online Privacy Protection Act (COPPA) protects children's privacy online. It is a powerful safeguard empowering parents to make decisions about how personal information from their child can be collected and used. As the Federal Trade Commission nears its historic vote to ensure that COPPA addresses the range of digital data collection practices that threaten child privacy--including from behavioral profiling and geo-location targeting--here's a brief primer.
  • Facebook engaged in a "Thanksgiving surprise" last week (link is external), announcing changes to its "Rights and Responsibilities" system of involving users in its decisions on data collection and privacy. It also announced plans designed to make additional collection of data readily available for them to use, including from so-called affiliates. Through its Facebook Exchange (link is external)and other data-enabled marketing (link is external) services--especially designed to bolster its ability (link is external)to monetize (link is external) through mobile devices--the social media behometh is pushing the privacy envelope. EPIC and CDD's letter asks Mr. Zuckerberg to reverse course. Stay tuned for further action. PS: Take a look at this clip (link is external)from Citizen Kane, when he signed his "Declaration of Principles." Remember when you see it that Kane--as he becomes successful as a media mogul--abandons them.
  • CDD and EPIC (link is external) submitted this letter to the FTC today. Both groups have had a long history of monitoring Facebook's privacy and online data-related marketing practices. We have both worked to ensure that the FTC and other regulators engage in the due diligence required to ensure Facebook respects the privacy rights of its users. Over the last several months, we have especially analyzed Facebook's growing (link is external)use of user data (link is external) as part of its ad exchange (link is external), including Datalogix (link is external). There are a range of data partners (link is external)that raise critical concerns. Here are some of Datalogix's data collection and user targeting affiliates--a never ending data daisy chain: Admeld (link is external), adnetik (link is external) (Digilant), appnexus, (link is external) Audience Science (link is external), bluekai (link is external), Cadreon (link is external), DataXU, (link is external) eXelate (link is external), invite media, (link is external) jumptap (link is external), Lotame (link is external), Mediamat (link is external)h, netmining, resonate, Rocket Fuel, (link is external) Tribal Fusion, TURN, (link is external) ValueClick, Vivaki, (link is external) X+1 (link is external) and Xaxis. The letter is attached.
  • Continuing its work to protect the privacy of children under 13 in the "Big Data" era, a coalition of leading groups just filed Comments with the Federal Trade Commission on its proposed new rules under the Children's Online Privacy Protection Act (COPPA). Many of these groups worked to get the law passed back in 1998. Even back then the kinds of personalized data collection commonplace today was part of our design for COPPA (since the basic "one-to-one" data collection model has remained a dominant paradigm). Under the proposed FTC rules, parents would be empowered for the first time to make decisions about whether online marketers, including on mobile devices, can stealthily use "cookies" and other unique and persistent identifiers to track and target a child. The filing explains how companies such as Viacom (, etc), Time Warner/Turner (Cartoon Network) and Disney (Disney XD, etc) are using advanced state of the art data collection tools to track, profile and target users online. It discusses documents and other information we uncovered during our investigation for this filing that raise serious concerns about the commitment of many online companies to protect the privacy of kids and ensure parents are in charge. Groups filing these comments with CDD include: American Academy of Child and Adolescent Psychiatry, Berkeley Media Studies Center, Campaign for a Commercial Free-Childhood, Center for Media Justice, CSPI, ChangeLab Solutions, Children Now, Consumer Action, Consumer Federation of America, Consumers Union, the advocacy and policy division of Consumer Reports, Consumer Watchdog, National Consumers League, Privacy Rights Clearinghouse, Public Citizen, Public Health Advocacy Institute and The Praxis Project. The FTC filing was written by Prof. Angela Campbell and Fellow Laura Moy at the Institute for Public Representation, Georgetown Law Center. She was assisted by her able law students. CDD provided research and analysis.
  • CDD statement on today's FTC COPPA (link is external) proposal. Today, the FTC took a giant step to protect children's privacy by proposing that the online data broker industry be required to comply with the Children's Online Privacy Protection Act (COPPA). Children--like adults--confront a pervasive data collection and targeting system made up of ad networks, data exchanges, and other digital marketing companies able to target anyone in real-time. The FTC's proposal ensures that parents will have control over how information can be collected from their children via mobile phones, online games and when they use computers. In addition, the commission will also rein in the data brokers targeting kids who use social media, so-called "plug-ins," to gather information on a child and their friends. Consumer, child advocacy, privacy and public health groups have called on the FTC to ensure that COPPA protects kids and empowers parents in today's data collection intensive, targeting 24/7 online environment. This proposal will help accomplish this. We are concerned, however, about the lobbying of the Walt Disney Company and others to secure an exemption for so-called family websites. We will be reviewing the commission's proposal and industry practices on such sites.
  • When CDD reviewed the proposed Facebook Sponsored Stories (link is external) settlement it was clear it failed to address how marketing and targeting on the social network really works. It also didn't do anything to ensure that parents and teens have the control they require over the Sponsored Story process (link is external) and its inter-related series (link is external)of premium ad products. Clearly, Facebook users require a settlement that protects their privacy and rights. As Sponsored Stories is deployed on the mobile p (link is external)latform, and Facebook users confront new privacy threats from the Facebook Exchange ad targeting (link is external) service, as well as new measurement (link is external) capabilities, policies need to be enacted to protect users (especially adolescents and other youth). We revised our letter of objection, now that a new Judge has been assigned to the case.
  • This letter was sent today to Lawrence Strickling, Ass't Sec of Commerce, as well as The White House. Despite our best efforts (link is external) to encourage the Commerce Department to ensure that people across the country can meaningfully participate in the first key stakeholder meeting scheduled for 12 July, the agency has failed to embrace an effective means to do so. Over the last few weeks we did get the Commerce people to change their plans to allow some outside of the Beltway involvement--but in a very limited way. The groups previously submitted a set of principles (link is external) last February to help govern the negotiations and ensure equitable representation and deliberation. Today's letter is attached. See too Consumer Federation of America press statement. (link is external)
  • Today, CDD, Consumers Union and a coalition of leading child advocacy, health, consumer and privacy groups sent a letter to Facebook CEO Mark Zuckerberg. The letter discusses the safeguards required to ensure Facebook `does no harm' to young people if it decides to open its platform to children (in order to comply with COPPA, etc).
  • Today we filed Comments on the Obama Administration's privacy plan via the Dep't of Commerce proceeding. Highlights below. Need for Legislation: We have said from the beginning of this process that the reliance on multi-stakeholder negotiations to effectively protect consumer welfare, including privacy, is a flawed approach....what is required is more courageous action by the Obama Administration: the submission to Congress of draft legislation that implements the CPBR principles. Multi-stakeholder Negotiations Must Address the Full Scope of the CPBR Principles at Each Stage: In order for any “code of conduct” to be developed, each issue (such as mobile applications, ethnic/racial digital profiling, youth online marketing, real-time targeting) must reflect all of the administration’s Privacy Bill of Rights. Stakeholders Should Decide the Topics, not the Administration: The administration should respect the independence of the multi-stakeholder process to identify issues for negotiation. Commit to the W3C’s Do-Not-Track Multi-stakeholder Process: The administration should clarify that it fully supports the multi-stakeholder process now underway by the World Web Consortium’s Tracking Protection Working Group. The support by the White House of the Digital Advertising Alliance’s closed-door, non-transparent, and non-representative work on Do-Not-Track suggests there is a lack of serious commitment to an independent and participatory multi-stakeholder process. The Department of Commerce should immediately recognize that the WC3’s work on Do-Not-Track is part of the development of meaningful new codes of conduct... All Issues Must Be on the Table, with No Exemptions for Self-regulatory Codes: Some digital data collection trade groups have suggested, in recent Congressional testimony, that the multi-stakeholder deliberations “should target only those issues that are not subject to existing statutory regimes or self-regulatory programs..." The administration should reject such a self-serving suggestion, which would deprive U.S. consumers of having fairly negotiated codes of conduct. Industry self-regulatory codes have been developed without public input, and already have drawn criticism from leading scholars. All issues must be addressed if this process is to have credibility Ensuring a Transparent and Open Process: these deliberations must be public...We urge that they be Webcast, and that there is a robust mechanism put in place for both the news media and the public to be informed of the proceedings... Issues related to both Children and Adolescents Should Be Addressed in Every Topic Identified for a Code of Conduct: Rather than addressing young people under a separate code of conduct, we support identifying the child and adolescent issues raised by each issue Concerns on the International Role for the Multi-stakeholder Negotiations and Codes of Conduct: We have grave reservations about the U.S. attempting to negotiate a “code of conduct” as the equivalent of formal law (such as in the EU) or where effective new consumer protection laws are required (such as in South America or the Asia Pacific markets). There isn’t a one-size-protects-all privacy regime that can be exported from the U.S Ensuring an Informed Discussion About the Digital Data Collection Landscape: One cannot easily choose a small piece of the puzzle (such as the “low-hanging fruit” of mobile privacy) to tackle, because all types of data collection and analysis are intrinsically connected to the fundamental forces shaping privacy in the commercial digital era. Ensuring Civil Society Participation, Especially Independent NGOs: We support the “Principles for Multi-Stakeholder Process” endorsed by leading NGOs on February 23, 2012 (with the leadership of the World Privacy Forum)... There must be robust civil society involvement in each deliberation, with sufficient levels of participation to ensure an effective—not marginal—contribution.
  • FTC Makes Advances Protecting the Privacy of Americans in Big Data Era, with Call for Congress to Rein-in Data Brokers But major concerns loom as report leaves consumers vulnerable to widespread data collection and tracking. Battles ahead as consumer group presses for action Statement of Jeff Chester, Executive Director, Center for Digital Democracy The Commission’s new privacy report zeros in on one of the most glaring threats to consumers today—the growth of the online-merged with-offline data collection complex. In its call for Congress to enact legislation to rein in the data broker industry, the FTC has opened up an important new ‘front’ in the battle to protect consumer privacy. Today, consumers face an ever growing and largely invisible data apparatus that collects and pools their information 24/7. The harvesting and sale--often in real-time--of our valuable data, including about our financial and health interests, poses a major threat to consumers. The FTC’s call for legislation is a digital wake-up call to Congress. The commission’s recommendation that Do-Not-Track means do not collect, potentially could help create a powerful new privacy tool for consumers. Overall, the FTC’s call for ensuring the public has greater control over how their data is collected and used online, should prompt industry leaders to rethink how they address protecting consumer privacy. The FTC's further clarification of what is considered personally identifiable information is also a step forward. However, we call on the FTC to specifically spell out how to ensure consumers have meaningful “choice” to control the collection and use of their information. The commission’s overall support for industry self-regulation (such as the largely invisible “icon” placed on ads) is disappointing, and reveals a FTC still too often constrained from effectively protecting the public. We see this report and the recent White House Consumer Privacy Bill of Rights endorsing what consumer groups have been warning about for years--that the Internet's growing focus on the tracking of individuals, along with the sale of their data by a largely out of view digital marketing industry, requires 21st Century consumer protection safeguards. Other key elements in the report: The commission’s proposal on affiliates and third-parties also helps rein-in a dizzying digital-consumer tracking daisy chain. Websites that share data with other parts of their company or ad networks require new safeguards. Requiring affirmative consent for the collection and use of sensitive information, including on first and third party sites. This is a positive step forward as consumers increasingly are targeted by financial and health marketers. But if consumers are to be protected, the FTC (and for financial, the CFPB) must engage in serious enforcement efforts. Called on the online ad industry (Digital Advertising Alliance, DAA) to work “within the W3C process” on Do-not-Track. The World Wide Web Consortium's (W3C) work on Do-not-Track is being potentially undermined by a separate effort organized by the DAA. Today, the FTC sent a message that it expects the online ad industry to work with the “multi-stakeholder” process established by W3C. [CDD is a member of the W3C Tracking Protection Group]. The commission resisted calls from the telephone and cable lobby to endorse the controversial Deep-Packet Inspection (DPI) surveillance system. The FTC plans to hold a workshop and conduct further study on this critical privacy and civil liberties issue, which is prudent. The report calls for greater protections for teens when they are targeted, something CDD has urged. The commission will expand its focus on mobile privacy, including applications and transactions.
  • This letter was sent today to US and EU policymakers.