program areas Digital Citizen

1. Why has the FTC waited so long to review this serious threat to our privacy? The Federal Trade Commission’s November 16, 2015, workshop (link is external) on cross-device tracking is a examination of a very disturbing practice that emerged several years ago. The online industry’s business model of identifying specific individuals and following them on whatever device they may use (PCs, mobile, etc.), so their behaviors can be analyzed for more effective micro-targeting, is well-known. For example, companies such as Drawbridge, which “track how [an] individual user traverses the web on his or her smartphone, tablet, laptop and PC,” and analyze “billions” of pieces of data on us, has been around since 2010.[1] Cross-device targeter Tapad has been operating since 2011.[2] During the last few years there has been a veritable explosion of cross-device tracking of individuals—illustrating how our privacy has been lost regardless of what device we may use.[3] The FTC should be monitoring much more closely industry developments to expand their data-driven profiling and targeting techniques. The serious erosion of our privacy is reported daily by leading trade publications and is not a secret.[4] The commission—and other agencies responsible for consumer privacy, such as the FCC and CFPB—need to become much more proactive if they are to actually protect the public. 2. Why isn’t the FTC bringing complaints against both Google and Facebook under their respective “consent decrees” for their own cross-device surveillance of consumers? Both Facebook and Google—as the two dominant online marketing companies—have significantly expanded their own collection, analysis, and use of data from individuals for cross-device tracking. Both companies are under 20-year legal agreements with the FTC that is supposed to ensure that their practices protect our privacy.[5] But the commission has been silent regarding a major violation of our privacy, given the range of Facebook and Google cross-device practices. For example, Facebook’s acquisition of Atlas and its incorporation of new ways to engage in cross-device tracking have not been challenged by the agency.[6] Nor has the FTC pursued Google’s cross-device tracking as a consent decree matter.[7] The commission’s consent decrees are only as good as their enforcement. The FTC’s inaction regarding Facebook’s and Google’s expansion of cross-device data harvesting undermines its claims that its decrees actually protect our privacy. 3. How has the FTC’s and Department of Justice’s (DoJ) failure to stop “Big Data” mergers furthered the expansion of cross-device gathering of our information? As one of two U.S. antitrust and competition regulators, the FTC plays a key role reviewing mergers and acquisitions. Yet the agency has approved Big Data-related mergers that have further weakened consumer privacy and expanded the ability of marketers to track our behaviors across devices. While the FTC’s consumer protection and competition bureaus are separate, the commission has a responsibility to protect the public. Even with mergers reviewed by the DoJ, the FTC should speak out against deals that erode privacy and place consumers at further disadvantage through the use of Big Data. For example, Oracle was allowed to acquire both BlueKai and Datalogix—significantly expanding its sources of data used to profile Americans and to engage in cross-platform targeting. Alliance Data Systems was permitted to acquire Conversant, which bolstered its cross-device applications. The FTC should acknowledge that it is helping weaken the privacy of the American public by allowing data-driven mergers to be approved without effective consumer safeguards.[8] 4. Isn’t cross-device tracking and targeting just a part of an ever-growing commercial Big Data surveillance complex that continually gathers and uses all our information? Anyone who follows the online industry recognizes that our privacy is being continually undermined. Every major company has become its own “data broker,” harvesting all the data they directly gather on a person (when you come to their site, for example). They now merge that data with the abundance of so-called third-party information available for sale or use today. A key goal is to engage in what they call “identity management, ”which means using information on us to help influence our actions, purchases, and behaviors. Cross-device tracking is made possible through the unlimited ability companies now have to use our online and offline information without any serious consideration of our privacy.[9] 5. What is the role that Big Data companies and technologies—such as Data Management Platforms (DMPs)—play in cross-device tracking of individuals? The most powerful U.S. companies are using sophisticated data engines and analytics to gather data on individuals. The growing use of technologies such as DMPs, along with the real-time data targeting now embraced by the industry (known as “programmatic”) is at the core of cross-device practices.[10] While the FTC is aware of these practices, it has not taken any actions to protect consumers.[11] 6. Isn’t the gathering of information from our use of mobile phones, including for cross-device targeting, a major privacy violation? The answer is yes. The mobile phone is the digital spy in our pockets that we take and use nearly everywhere. Gaining access and insights from our mobile phones serves as a veritable digital gold mine for brands and advertisers. Marketers continually research how we use mobile devices, in order to help their clients identify our actual or intended location, as well other data about us (such as income, race, ethnicity, and gender). Companies such as Facebook, Google, and many others have developed ingenious ways to encourage consumers to use “apps” that, once they are downloaded, report on our actions. Google, for example, explains they can help marketers understand how to take advantage of what they call a person’s “micro-moments”--when through the use of our mobile phone we reveal we are searching for a product, store, activity or location.[12] Cross-device tracking and targeting is fueled by the unchecked data gathering from our mobile devices.[13] 7. Will the FTC address how cross-device tracking is helping marketers and brands reach us when we are in retail, grocery stores, and other “real-world” locations? As we use our phone or tablet to search for information, download coupons, or scan for price information, these signals allow marketers to learn about our location and quickly connect data they have about us. So-called “hyper-location” tracking enables companies to identify what neighborhoods we live and work in, for example. As stores deploy so-called “beacons,” Wi-Fi-networks, “geo-fences,” and other ways to connect to people in and around stores, the data they gather from our use of multiple devices becomes more complex and valuable to them.[14] Online and offline distinctions are quickly fading, as cross-device tracking merges with sophisticated data targeting services. 8. Can the FTC protect consumers from cross-device tracking when we watch video online? There is an explosion of video consumption, as more people use their mobile devices to watch online video content. Internet-delivered video to TV’s (so-called “over-the-top”) is another key way we see such programming. Incorporating our video viewing as part of the cross-device tracking apparatus is the latest way our media behaviors are being closely observed, whether we watch on small or large-screen devices.[15] 9. Will the FTC investigate how consumers are tracked and analyzed by cross-device “measurement” services? Measurement is built in to today’s tracking and targeting online system. Marketers wish to know whether we see an ad or promotional message and how we responded. Since we use multiple devices, measurement techniques now reflect an analysis of what we do on all our devices. With advances in measurement having a direct impact on our privacy, as well as with the transactions we make, the commission should investigate the impact of cross-platform “attribution” techniques now broadly deployed.[16] 10. Will the FTC call on the online industry to “cease and desist” from cross-device tracking until privacy safeguards can be proposed and implemented? The online ad lobby has—for decades—worked to keep the FTC relatively powerless to protect privacy. It has opposed calls to provide the agency with “rulemaking” authority so it could develop safeguards that would protect the public.[17] The lack of FTC authority to effectively address privacy threats is a key reason why U.S. data-driven marketers are able to expand their commercial surveillance activities. Despite its lack of power to require companies to engage in a moratorium on cross-device tracking, the FTC should use its moral authority. The commission should declare that the use of cookie syncing, probabilistic or deterministic attribution, unique identifiers, and other methods of stealthily following us from device to device should not be permitted. Leading data companies such as Google and Facebook, digital marketing trade groups such as the Interactive Advertising Bureau and Mobile Marketing Association, data brokers such as Axciom, Oracle, and Merkle, and cross-platform companies such as Tapad and Drawbridge should all be asked to support the commission’s call to stop the tracking of individuals across devices. During the period established for the data-gathering moratorium, the FTC should propose safeguards. The commission’s policies should empower individuals to decide whether and how they can be tracked and analyzed on any device. It’s time for action by the FTC. It knows that Americans confront the loss of their privacy—and it should speak out against the eavesdropping practices that enable online companies to gather data on us—whether we use a PC, mobile phone, or even TV. [1] http://adage.com/article/digital/drawbridge-raises-14-million-vc-investm... (link is external) [2] http://adexchanger.com/press-release/tapad-announces/;http://techcrunch.... (link is external) [3] http://bits.blogs.nytimes.com/2013/10/10/a-senator-raises-privacy-questions-about-cross-device-tracking/?_r=0 (link is external); http://blogs.teradata.com/teradata-applications/connecting-the-dots-at-t... (link is external) http://adexchanger.com/ad-exchange-news/data-management-platforms-are-ev... (link is external) [4] https://econsultancy.com/blog/62754-cross-device-measurement-in-google-analytics-will-turn-mobile-marketing-on-its-head/ (link is external); https://www.admonsters.com/blog/fight-fragmentation-grasping-cross-device-audience-behavior (link is external); “Mobile creativity: Track mobile performance. AdMap. September 2015. Warc.com. Personal copy. [5] https://www.ftc.gov/news-events/press-releases/2011/11/facebook-settles-ftc-charges-it-deceived-consumers-failing-keep (link is external); https://www.ftc.gov/enforcement/cases-proceedings/102-3136/google-inc-ma... (link is external) [6] http://atlassolutions.com/why-atlas/cross-everything/ (link is external); http://atlassolutions.com/2015/09/02/in-app-conversion-measurement/ (link is external); http://atlassolutions.com/2015/09/17/cross-everything-dilemma/ (link is external); http://atlassolutions.com/2015/05/11/the-4cs/ (link is external); https://www.facebook.com/business/news/cross-device-measurement (link is external); http://digiday.com/platforms/omnicom-adds-atlas-tags-doubleclick-served-... (link is external) [7] http://doubleclickadvertisers.blogspot.com/2015/06/cross-device-conversion-metrics-come-to.html (link is external); http://adexchanger.com/online-advertising/google-adds-cross-device-metrics-to-doubleclick-partially-answers-facebooks-people-power/ (link is external); https://support.google.com/ds/answer/6139741?hl=en (link is external); https://www.youtube.com/watch?v=qFodrj2Drxg (link is external); http://adwords.blogspot.com/2013/10/estimated-total-conversions.html (link is external); http://adage.com/article/digital/google-tests-desktop-mobile-retargeting... (link is external) [8] https://www.oracle.com/marketingcloud/products/data-management-platform/id-graph.html (link is external); https://www.oracle.com/marketingcloud/products/cross-channel/mobile-marketing.html (link is external); http://adexchanger.com/data-exchanges/oracle-links-cross-platform-ids-touts-data-neutrality/ (link is external); http://www.bluekai.com/mobiledmp/ (link is external); http://www.tapad.com/press-release/tapads-cross-device-data-now-integrated-into-oracle-data-cloud/ (link is external); http://techcrunch.com/2015/05/04/drawbridge-cross-device/ (link is external); http://www.conversantmedia.com/digital-marketing-product-overview (link is external); https://www.quantcast.com/audience-grid/ (link is external) [9] http://adexchanger.com/mobile/google-allows-targeted-ads-based-on-first-party-data/ (link is external); http://liquid.pch.com/press/case-for-first-party-data-in-a-third-party-world/ (link is external); http://www.krux.com/blog/data-management/cross-device-identity-management-the-path-to-one-to-one-marketing/ (link is external); http://www.merkleinc.com/what-we-do/marketing-technology/merkle-data-management-cloud/connected-recognition#.Vkjj7craNyo (link is external); http://www.drawbrid.ge/technology (link is external); [10] https://www.neustar.biz/marketing-solutions (link is external); https://www.neustar.biz/blog/cross-device-dmp-as-the-unifying-layer-in-the-adtech-stack (link is external); http://www.lotame.com/resource/the-cross-device-question/ (link is external); http://blogs.adobe.com/digitalmarketing/digital-marketing/adobe-audiencemanager-takes-cross-device-targeting-new-level/ (link is external); http://www.mediapost.com/publications/article/237039/cross-device-marketing-no-longer-hypothetical-use.html (link is external); https://radiumone.com/products/advertiser/programmatic/ (link is external); http://www.digilant.com/digilant-announces-partnership-with-crosswise-to... (link is external) [11] http://www.mediapost.com/publications/article/242295/ftc-consumer-protec... (link is external) [12] http://www.nielsen.com/us/en/press-room/2015/exelate-expands-its-mobile-user-dataset-by-billions-of-monthly-interactions-with-pushspring.html (link is external); https://www.thinkwithgoogle.com/topics/mobile.html (link is external); https://developers.facebook.com/docs/app-ads/measuring/installs-and-in-app-conversions (link is external); http://doubleclickadvertisers.blogspot.com/2015/11/active-view-updates-improved-cross.html (link is external); https://www.fiksu.com/about/news-releases/precision-audience-targeting-w... (link is external) ; https://www.kochava.com/aol-partners-kochava-expand-programmatic-targeting-attribution-mobile-apps/ (link is external); http://adexchanger.com/mobile/kochava-attempts-to-crack-the-cross-device-attribution-code/ (link is external); https://www.fiksu.com/technology/audience-targeting (link is external); http://www.pushspring.com/news.html?post=124 (link is external) [13] http://streetfightmag.com/2015/06/02/why-cross-device-matching-will-transform-the-mobile-advertising-industry/ (link is external); http://www.marinsoftware.com/resources/whitepapers/the-cross-device-targeting-playbook-for-display-advertisers (link is external); http://www.marinsoftware.com/resources/whitepapers/the-cross-device-targ... (link is external) [14] http://www.criteo.com/resources/cross-device-advertising-how-to-navigate-the-next-big-opportunity-in-mobile-marketing/ (link is external); http://developer.android.com/training/location/geofencing.html (link is external); http://www.aislelabs.com/blog/2014/04/29/aislelabs-launches-the-first-marketing-automation-platform-for-physical-retail-locations/ (link is external); http://www.huffingtonpost.co.uk/jon-buss/cross-device-use_b_6969120.html (link is external) [15] http://www.experian.com/marketing-services/cross-device-video-analysis.html (link is external); https://www.doubleclickbygoogle.com/articles/?category=video&product=all&type=whitepaper (link is external); http://www.videologygroup.com/industry-insights/P40/programmatic-tv-driving-multi-screen-conversation/#.VkjyoMraNyo (link is external); https://www.tubemogul.com/cross-channel-advertising/ (link is external) [16] http://adexchanger.com/digital-tv/comscore-dives-deeper-into-cross-platform-video-measurement/ (link is external); http://cimm-us.org/cimms-annual-summit-examines-cross-platform-media-mea... (link is external) https://www.comscore.com/Products/Advertising-Analytics/validated-Campai... (link is external) [17] https://www.democraticmedia.org/content/how-industry-lobbyists-help-kill...

The Internet as a whole has become an important part of our global public sphere. Internet provides access to a wealth of information and knowledge, and the possibility to participate, create and communicate. This public space made up of internet infrastructures is increasingly threatened from two sides; by the centralization and commercialization through the dominant positions held by giant telecom and Internet companies, as well as by an increasing trend in state regulation and censorship of the net. This poses important questions about how we choose to organize and regulate our digital societies, and how Internet governance models can be developed and implemented to ensure fair and democratic participation. When it comes to the future of the Internet, a key discussion is one of infrastructures; who owns, runs and controls them. The question of regulation, and who oversees the regulators, is made complicated by the transnational nature of the net. As much as people expect a broadly and equitably accessible Internet open to diversity, we are, slowly but surely, moving away from it. Monopolization of Internet infrastructures and services by companies such as Facebook and Google has gone hand in hand with privacy intrusions, surveillance and the unbounded use of personal data for commercial gain. As we all interact in these centralized commercial platforms that monetize our actions we see an effective enclosure and manipulation of our public spaces. Decentralization and democratization of the Internet infrastructure and activities is essential to keep a free, open and democratic Internet for all to enjoy equitably. But can the “small is beautiful”-idea be compatible with the building of state-of-the-art successful infrastructure in the future? The debates around net neutrality, infrastructure neutrality and Internet monopolies reflect the important choices that are to be made. It is essential the EU formulates a comprehensive vision on the internet that addresses the protection of civil liberties such as free speech and privacy, but also the growing commercialization of our digital public spaces and the commodification of personal data with the effect of the market encroaching on all aspects of our daily lives. Only then can it make relevant interventions regarding the Internet and its governance. Let´s discuss how to re-decentralize and reclaim the Internet for all. This conference (link is external) is organised in cooperation with Commons Network and Heinrich Böll Foundation. DRAFT PROGRAMME (TBC) 15:00-15:30 Introduction 15:30-16:45 1st panel, The big picture What, if anything, in the current model of Internet Governance is clashing with a decentralized, resilient internet viewed as a common good? And what steps should be made by policymakers to foster the best environment for decentralized, community managed projects to grow? Confirmed speakers: Renata Avila, Aral Balkan 16:45-17:00 Coffee break 17:00–18:15 Decentralised infrastructure: Examples what examples of local and decentralized projects do we have today and what are the obstacles they face? Confirmed speakers: Edmon Chung, Robbert Mica, Olivier Schulbaum 18:15–18:30 Conclusions and final remarks This conference will be live streamed at: http://greenmediabox.eu/en/live/ (link is external) http://greenmediabox.eu/en/live/>* (link is external) Background & Programme: http://www.greens-efa.eu/internet-as-a-commons-13850.html (link is external) Joint the event community on Facebook: https://www.facebook.com/events/939398269451418/ (link is external) https://www.facebook.com/events/939398269451418/> (link is external) Registration: http://www.greens-efa.eu/events/registrations/658-internet-as-a-commons.... (link is external)

Summary: BEUC reiterates the urgent need to put consumers back in control over the way their personal data is processed online and hopes an agreement on the General Data Protection Regulation will be reached under the Luxembourg Presidency. However, the urgency to adopt the Regulation must not take its toll on consumers’ fundamental rights. Weak provisions on fundamental data protection principles (e.g. purpose limitation) and/or allowing too much flexibility for commercial entities to process personal data based on their alleged legitimate interests could have devastating effects for consumers’ privacy, especially if coupled with flawed rules on highly sensitive aspects like profiling. In general terms, we believe that the European Parliament’s first reading position provides a good basis for an agreement. We also welcome the proactive stance taken by the European Data Protection Supervisor, who has provided some useful recommendations. In contrast, the Council’s General Approach contains some provisions that would even weaken current protection standards, a clear red line set out in the beginning of this reform. That being said, we urge the Commission, the Parliament and the Council to be ambitious. The objective is to modernise and improve Europe’s data protection regime, not to merely maintain the status quo and certainly not to weaken existing protection. The outcome of these negotiations shall provide consumers with greater transparency and control over how their personal data is collected and used. Otherwise consumers will be left with little option than to systematically give up their privacy in order to access online goods and services. This would be unacceptable. A robust Data Protection Regulation must comprise: A broad and future-proof scope. Every company doing business in Europe or targeting users based in Europe must comply with EU laws, regardless of the company’s nationality or the place where it is established. Any kind of information that would allow to identify an individual or single someone out as an individual shall be considered personal data, including pseudonymous1 data. Solid data protection principles and strict legal grounds for data processing. Principles such as “purpose limitation” and “data minimisation” are at the core of the EU data protection regime and must not be weakened. The amount of personal data processed should be kept to the minimum necessary. Further processing of personal data for purposes incompatible with those that justified the initial processing should not be allowed. An enhanced set of data subjects’ rights. Strong and clear provisions are needed with regard to fundamental issues such as the information that must be provided to data subjects, profiling and the right to object. Restrictions on user rights should be strictly limited and include sufficient guarantees. A comprehensive enforcement scheme, including effective mechanisms for consumer redress. The Regulation must be effectively and uniformly enforced across all of the EU. It is crucial that consumers can easily access effective mechanisms to seek redress and that consumer organisations are allowed to proactively defend the rights of data subjects. [see attached for rest of this important document]

The digital video world will converge on Anaheim, Calif., this week for the sixth annual VidCon, a three-day extravaganza that's grown from 1,400 YouTubers and their rabid fans, to 20,000 strong, with top-tier creators from Vine, Vimeo, Tumblr and Meerkat, just to name a few. Some of the biggest brands on the planet will also be in attendance. It's no wonder. While about 90 percent of video viewing is still on TV, according to Nielsen, 18- to 34-year-olds—a demographic coveted by advertisers—are increasingly cutting the cord. "It takes a very different media mix today to reach that audience than it did 10 years ago," explained Jenny Schauer, media director at Digitas. She believes YouTube, and increasingly Facebook, are uniquely positioned to reap the rewards of brand videos. "Taking content from a brand and putting it right in front of consumers in the News Feed, that's where Facebook is really strong." Meanwhile, at VidCon, YouTube will take its own well-deserved victory lap. An exhaustive study released today by video marketing firm Pixability digs into viewability, reach and growth of the top 100 global brands as determined by Interbrand (see above chart for the top five brands on YouTube and the top 100 global brands online (link is external)). The veritable treasure trove of data is a marketer's dream: YouTube's channels count 73 million subscribers, with subscribership up 47 percent year over year. Full article available at http://bit.ly/1TLmI9U (link is external)

July 20, 2015 — Over the last several years, publishers and advertisers have continued to adopt programmatic buying and selling of digital inventory into their media strategies; however, within the complex programmatic ecosystem there has been a lack of consensus around the definition of programmatic and its associated types and formats and the size of the programmatic market in comparison with the overall internet advertising market. This study, commissioned by the IAB, seeks to estimate revenue associated with programmatic selling and buying of advertising and establish a benchmark for measuring the growth of programmatic. Read the full report, attached.

Call it something dry like "data on-boarding" or something marketable like "connectivity." Whatever it's called, Acxiom-owned LiveRamp (link is external) is doing a lot more of it than a year ago. The company currently "on-boards" or connects 20 billion consumer records representing individuals or households each month, or around 240 billion per year. That's a big leap from the 3 billion customer records it brought to the web in March 2014, up from 1.3 billion in March 2013. Those records contain consumer data generated offline, such as information from auto leads, retail transactions or banking relationships. The digitized data is used by companies who want to communicate with their current customers via email or targeted digital ads, optimize website pages or measure the impact of digital ad campaigns on offline sales. More than 200 marketing-technology platforms are integrated with the LiveRamp system -- part of Acxiom's newly-named Connectivity division -- meaning the data can be plugged into all sorts of ad targeting, email marketing, site optimization and campaign analysis tools. Acxiom reported that Connectivity revenue rose 367% to $22 million in fiscal Q4 2015. The growth is a result of more awareness of data onboarding, said James Arra, VP-strategic partnerships for LiveRamp. But it's also the May 2014 Acxiom acquisition (link is external) that has facilitated business with clients that may have been out of reach when LiveRamp was still an indie, such as highly regulated financial services firms. Full article available at http://bit.ly/1SpFtgN (link is external)

Real-time Bidding (RTB), a key component of the programmatic advertising revolution, represents a massive platform change in the way we advertise online by bringing the relevance and efficiency of search to display. RTB spend will reach 429 million GBP this year (eMarketer) as budget moves away from more traditional channels. If advertisers consider RTB for display there are a couple of tips to help get it right: Advertise to the individual not the ‘segment’ Every customer is slightly different from the next. With this in mind the traditional marketing method of grouping customers into ‘buckets’ does not always make sense. For example, consumers within the “mums” segment will be vastly different. A mother with a newborn will have hugely different needs to one who is just about to send their eldest off to university. Everyone has unique demographic traits – income levels, hobbies, family statuses, interests, etc. Grouping customers into segments relies, partly, on human perception, but driving performance is not always intuitive in the same way. RTB means targeting at the impression level as opposed to traditional media buys of large chunks of inventory. Therefore, there is a unique opportunity to target individuals – segments of one. Machine learning and the application of algorithms make this possible. In the past guesswork decided the majority of ad buys and creative execution, now, through machine learning, we can use computers to impact specific performance goals. Fresh data is key for reaching and influencing consumers While the number of data sources available for advertisers is never-ending advertisers must remember that not all data sources are created equal. The time between collecting the data and using it is an important factor. Commonly datasets used in RTB can be over a week old, this means they are stale and fail to identify the right customer at the right point in their purchase journey. Find out more at http://bit.ly/1LefbPr (link is external)

Last week during the DoubleClick Leadership Summit (link is external) (DLS), we introduced cross-device measurement across all of our DoubleClick advertiser products. Today, as the first post of our week-long DLS series, we're excited to announce that these cross-device metrics will be rolling out to all DoubleClick advertisers in the next week. Mobile continues to reshape how consumers engage on digital: they are increasingly turning to the nearest device to act on an immediate need in the moment and then seamlessly shifting their attention from screen to screen to complete their journey. With the path to purchase becoming increasingly fragmented, it’s essential marketers understand how consumers interact with their brand across all devices. When marketers have access to cross-device insights, they will also make the best decisions about how to invest their marketing dollars. With this launch, advertisers can access cross-device metrics in all buying tools within our platform -- DoubleClick Campaign Manager, DoubleClick Bid Manager, and DoubleClick Search. Full article available at http://bit.ly/1I2qppH (link is external)

The Center for Digital Democracy (CDD), through its counsel, requests the following documents under the Freedom of Information Act (FOIA), 5 U.S.C. § 552, related to enforcement of the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq.: All annual reports submitted to the Federal Trade Commission (FTC) by COPPA safe harbor programs for the reporting period of July 1, 2014 through June 30, 2015 as required by the COPPA Rule, 16 C.F.R. § 312.11(d)(1), including, for illustrative purposes, reports from the following safe harbor programs: Aristotle International Inc. Children’s Advertising Review Unit (CARU) Entertainment Software Rating Board (ESRB) iKeepSafe kidSafe Seal Program (kidSAFE) Privacy Vaults Online (PRIVO) True Ultimate Standards Everywhere (TRUSTe) CDD asks that if any of the requested records are stored electronically that the FTC provide the requested records to CDD in their native electronic format as required under FOIA. 5 U.S.C. § 552(f)(2). Request for Fee Waiver or News Media Fee Benefit CDD asks the FTC to waive all fees associated with this request because disclosure of the records is in the public interest or, alternatively, to limit any fees charged to CDD to reasonable duplication fees because it is a noncommercial request by a member of the news media. 5 U.S.C. §§ 552(a)(4)(A)(ii)(II), 552(a)(4)(A)(iii). CDD is entitled to a waiver of all fees associated with this request under FOIA’s public interest standard and relevant FTC regulations. 16 C.F.R. § 4.8(e). The regulations permit the FTC to waive all fees associated with a particular request when a requester demonstrates that (1) “disclosure will likely contribute significantly to public understanding of the operations or activities of the government” and (2) “that the request not be primarily in the commercial interest of the requester.” 16 C.F.R. §§ 4.8(e)(2)(i)-(ii). CDD’s request qualifies under both prongs of the FTC’s public interest fee waiver standard. First, disclosure of the annual reports provided to the FTC by COPPA safe harbor providers and any related correspondence will contribute significantly to the public’s understanding of the FTC’s oversight of private entities tasked with enforcing federal law. COPPA was designed to protect children’s privacy online, an issue of significant public importance that concerns parents, consumers, lawmakers, and the general public. The instant request concerns data on how actively private safe harbor providers are policing COPPA compliance by their members. Relatedly, the records will also disclose whether and how the FTC performs its oversight role with respect to the safe harbor programs.1 From the reports, the public can scrutinize both the safe harbors’ performance and the FTC’s actions in administering the safe harbor program under COPPA. Because CDD intends to publish the requested documents, the public at large will benefit from better understanding whether and how the FTC is protecting children’s privacy online. Full complaint attached.