program areas Digital Consumer

The Center for Digital Democracy (CDD), a leading US NGO specializing in consumer data protection issues in the digital marketplace, is pleased to respond to the request that we provide information applicable to first annual review of the EUUS Privacy Shield. CDD has been assessing the Privacy Shield since it came into force in 2016, in part as a result of its work coordinating the activities from the US side of the Transatlantic Consumer Dialogue (TACD) working group on the Information Society. EU citizens and consumers who deal with companies enrolled in the Privacy Shield program confront a serious erosion of their data protection and privacy rights. The rights of EU citizens under the Privacy Shield program are not equivalent to how they would be protected by EU law. We urge the Commission and EU Data Protection Authorities to suspend the Privacy Shield in light of its lack of any policies, rules, or enforcement that would provide meaningful adequacy or equivalency. The Commission should insist that U.S. companies targeting EU citizens or consumers must operate under the forthcoming General Data Protection Regulation (GDPR) framework. For this submission, we reviewed the activities of several major U.S. companies enrolled in the Privacy Shield program, examining their submissions on the U.S. Commerce Department website (including descriptions of their activities, the link to and content of their privacy policy statements). We compared these statements to the actual data collection and use-related activities conducted by the companies, including their own descriptions of how they operationalize their business goals. We supplemented this analysis with the information that CDD extensively gathers on the commercial digital marketplace, such as automated “programmatic” decision making and other contemporary consumer-directed applications. --- For the full PDF of the letter, see attachment in link below.

Public Knowledge joined by the Consumer Federation of America, the Center For Digital Democracy, Consumer Action, Consumer Federation of California, and the Privacy Rights Clearinghouse writes a letter urging the Federal Trade Commission Acting Chairman, Maureen Ohlhausen, to protect consumer privacy. The letter is asking the FTC Chairwoman to publicly and expeditiously resolve a pending complaint concerning cable TV and satellite TV privacy. --- June 12, 2017 Maureen Ohlhausen Acting Chairman Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Dear Acting Chairman Ohlhausen: The Federal Trade Commission (FTC) has long protected consumer privacy, in tandem with other agencies, and you recently reiterated your dedication to protecting consumer privacy in the digital age through FTC enforcement. We therefore urge the FTC to quickly resolve the complaint filed one year ago by a coalition of consumer advocates. The complaint provides evidence that the nation’s cable and satellite providers have and continue to deceive consumers about their privacy practices by failing to provide adequate notice, in violation of Section 5 of the FTC Act. Since the complaint was filed, leading Internet Service Providers, cable and telephone companies have significantly expanded their ability to gather, analyze and make actionable data that is used to target subscribers, their families, and other consumers. --- See the link below for the full PDF of the complaint.

The new report by Cracked Labs titled "Corporate Surveillance in Everyday Life" with contributions by CDD's Katharina Kopp, provides a powerful overview of the commercial surveillance infastructure, key players and trends. The report is available as a ten-part overview online (link is external) and as a free, detailed 93-page PDF (link is external).

Chart: Here’s How 5 Tech Giants Make Their Billions Courtesy of: Visual Capitalist (link is external) For the full article visit, http://www.visualcapitalist.com/chart-5-tech-giants-make-billions/ (link is external)

Facebook should immediately release all documents describing how it collected and analyzed psychological information it recently (link is external) collected about its youngest users, some as young as 14, and college students, Public Citizen and a coalition of 25 groups said in a letter (link is external) to the corporation today. The groups are concerned about how this information might have been used or may be used in the future by marketers and others to take advantage of young people’s emotions, all without users’ knowledge. Marketing companies and Facebook have secretly moved to tap into teens’ emotions and developmental vulnerabilities strictly for profit, the letter says. The groups want to know how the data was used, when it was used, how many users were impacted and the names of the companies that received the data. “What began as a way for college students to keep in touch has morphed into a platform for brand-saturated marketing and psychological manipulation,” said Kristen Strader, campaign coordinator for Public Citizen’s Commercial Alert campaign. “It is incumbent upon Facebook as a cultural leader to protect, not exploit, the privacy of young people, especially when their vulnerable emotions are involved.” According to The Australian (link is external) newspaper, Facebook presented research to one of its advertisers that shows it collects sensitive data regarding young users’ emotions and “mood shifts.” The research detailed how Facebook can analyze sensitive user data in real time to determine how young users are communicating emotion, and at which points during the week they are doing so, the letter continued. Facebook’s research was conducted without users’ knowledge, which raises ethical concerns. “Because Facebook plays such a powerful role in the lives of teens, it must adopt a policy that respects and protects them,” said Dr. Kathryn Montgomery, professor of communication at American University and a consultant to the Center for Digital Democracy. “This should include not only strong safeguards for its advertising and data practices, but also clear limits on the kinds of research it conducts for marketing purposes. Under no circumstances should marketers be using emotional states, stress levels, biometric information or other highly sensitive data to target users. And this should apply to both young people and adults.” “Facebook needs to come clean and publicly release the full internal document, reported in The Australian, describing how Facebook collected and analyzed psychological information on high school students, college students and young users, said Finn Lützow-Holm Myrstad, European Union co-chair of the Transatlantic Consumer Dialogue. “The burden of proof is on Facebook to document publicly that they don’t collect and use such information. We are concerned that companies don’t overreach and abuse their users’ fundamental right to privacy and data protection.” The public, its users and elected officials have a right to know how pervasive this research was, who was affected and how the company will ensure it does not occur again, the groups said. The only way to fully address those concerns is to publicly release the internal document and related materials, accompanied by a more detailed explanation from Facebook of what was intended, what happened and the company’s actual practices, the letter says. —30— --- See full PDF of letter to Facebook below.

President Trump has killed the first real protections for commercial privacy that Americans have online. Phone and cable giants, allied with the GOP Congressional majority, have just voted to overturn the historic consumer-data safeguards adopted last year by the Federal Communications Commission (FCC). AT&T, Comcast, Verizon—the country’s dominant providers of high speed broadband—along with industry and Congressional GOP allies, intensely opposed the new FCC rule. Why? Merely because it gives Americans some say in whether their sensitive information, such as web browsing activity and geo-location, can be used for digital marketing purposes. That’s right. The new FCC safeguard that was tossed into the legislative waste bin merely says that ISPs must first ask for permission before they can take this personal data in order to target us. Such an “opt-in” approach, requiring prior informed consent, is heretical to digital marketers, whose profits depend on using all of our information without ever really having to ask to do so. Until the FCC stepped in, it was the Federal Trade Commission (FTC) that served as the primary federal agency handling Internet privacy. But unlike the FCC, which can readily issue regulations to protect the public, the FTC is constrained from doing so. More than three decades ago, the advertising industry successfully lobbied Congress to curb that agency’s rulemaking authority (during a fight over another media issue—whether there should be limits on children’s advertising). Primarily, the FTC can only punish companies that engage in “unfair” or “deceptive” acts—such as lying to customers about how they use or protect our information. But if a company writes a privacy policy that basically provides them with unlimited access to all our data—which is what they do—the FTC is basically powerless to do anything at all. Which is why the phone and cable giants—along with Google and Facebook—prefer the FTC. It provides the illusion of having actual oversight and limits, when really nothing much is possible. Under the FTC’s watch, Americans have just experienced an unprecedented loss of their privacy. In the last few years, for example, digital marketers have aggressively pushed the boundaries of what information they gather from us and how it can be used. Our offline and online data is now routinely merged, generating “profiles” that connect our street address to the “cookies” and other online identifiers provided by our digital devices. Our precise geo-location is also regularly captured by mobile phones and “apps” that stealthily send our whereabouts to online companies and retail stores. Massive one-stop data broker “clouds” have emerged that provide reams of information, including about our finances, health, political interests, ethnicity—sold to marketers large and small. Our data “profiles”—digital dossiers—have become invaluable corporate assets that are bought and sold in milliseconds by powerful computers scattered across the globe, our identities traded for profit, as if they are just another commodity. Ongoing advances in how data are analyzed and used—so called “Big Data”—is ushering in even more ways companies can more precisely determine who we are, what we do, where we go, and how we should be treated. The leading phone and cable broadband ISPs have made major investments in tapping into the latest “Big Data” techniques. For example, Verizon recently introduced “Smartplay,” which helps deliver “smarter advertising” by creating what it calls “individual viewer personas that capture viewing history, account profile details and other valuable data….” Comcast Labs employs “Big Data research teams” that have expertise in “machine learning algorithms, forecasting models, intelligent image and video search, automated scene analysis, voice biometrics, recommender systems, personalization, and deep metadata.” AT&T is relying on its “Consumer Insights Platform” team to turn “big data into big insights….” ISPs also partner with leading data providers, such as Acxiom and Oracle, to enhance the robust details they already have about their broadband and video service subscribers. The big ISPs have also been on a shopping spree, acquiring companies that further their digital data advertising clout. Verizon acquired AOL and is now in the process of buying Yahoo; AT&T bought the leading satellite TV company, DirecTV, in part because of its digital ad capabilities; it now wants to fold Time Warner into its empire. Comcast has swallowed up ad-tech companies such as Visible World, FreeWheel, and StickyAds (and its NBC subsidiary has also embarked on its own formidable data-driven ad initiative). It is precisely because ISPs provide us access to residential broadband or wireless networks that they have a unique window into our lives. While Google and Facebook have their own far-reaching capabilities, they are primarily ad-supported marketing companies. When we pay a (hefty) monthly subscriber fee for Internet access, we should not also be exposed to having our Internet provider capture every bit of information it can, let alone tie that data together with what we do when we use our mobile and gaming devices or watch TV. The FCC’s new privacy rule builds on the agency’s network neutrality policy requiring that companies providing access to the Internet must operate in a fair and nondiscriminatory manner. Long-standing safeguards for protecting the privacy of our voice conversations over the telephone network have been brought into the 21st century—and now it’s also our broadband communications that must be respected. (Network neutrality is also under threat of elimination by the Trump FCC.) The ISPs and ad industry lobbyists disingenuously claim that having the FTC protect consumer privacy for all Internet companies, including ISPs and data giants like Google, is the most effective approach. It would be so, perhaps, if the FTC had any real clout. Many of the companies and trade groups urging that the FTC replace the FCC as a privacy regulator have lobbied against giving the trade commission actual authority to do so. They cynically know that turning over our broadband privacy to the FTC will mean business as usual—more of our offline and online data endlessly flowing into sophisticated databases that provide advertisers and other commercial entities (and perhaps government) detailed actionable blueprints of our lives. It will also mean that the only real potential privacy protection Americans have had to make their own mind up about whom to share data with and for what purpose will be lost. The ISPs, data-marketing companies, and their supporters are also fighting against the privacy rule because they know we are also on the eve of a new era—the Internet of Things—that will generate even more personal information about us. In today’s digital era, data is power. And that power should be in the hands of the people—not those that wish to financially and politically benefit by harvesting our information. --30-- President Trump has killed any hope that Americans would enjoy basic privacy protections online. By signing the bill, Mr. Trump has allied himself with the telecommunications and digital media giants who seek to profit from every detail of our lives. This is a betrayal of the American people and an insult to our democracy. All that the FCC safeguard did was to require cable and phone companies to ask for permission before they could profit from a person’s most sensitive information—including that individual’s web browsing, geo-location, financial details and data on children. President Trump helped the special interests and abandoned American families. Mr. Trump directly benefited from the absence of any federal privacy law or rule that protects having our information easily made available to commercial interests. His senior counselor Steve Bannon has been paid by and has investments in data-marketing firm Cambridge Analytica, which helped the Trump campaign. Mr. Bannon would have understood that the new federal privacy protections would enable the public to restrict the flow of commercial data going to political campaigns. We find this potential conflict of interest troubling, and it requires further scrutiny. (Kellyanne Conway was also a Cambridge Analytica consultant.) While today’s action by the president ends the FCC broadband privacy rule approved last October, we believe the public has also won something significant. For the first time, millions of Americans have been informed that they have little or no privacy on the Internet and when they use their mobile devices. Moreover, we have assembled one of the largest public-interest coalitions ever to advance consumer privacy protections. Many policymakers—on both sides of the aisle—have declared themselves as advocates for stronger protections. We will be back. But today, President Trump has given America a digital black eye before the world—a world in which most advanced nations understand that personal privacy is a fundamental democratic right. - Jeff Chester is executive director of the Center for Digital Democracy, a Washington-DC-based consumer digital rights group.

The following can be attributed to Katharina Kopp, Policy Director, Center for Digital Democracy. --- Today’s House vote to overturn the first major Internet privacy protection for Americans, may be a win for ISP monopolies, but it’s a tragic loss for our democracy. Broadband providers, such as AT&T, Comcast and Verizon, will now be able to sell our sensitive information to the highest bidder without first receiving our permission. We believe today’s misguided vote will unleash even more “Big Data” profiling and tracking of Americans, and spur an array of discriminatory practices. Without any restraints, ISPs will dramatically erode what should be an important American fundamental right—that of privacy. If President Trump allows this bill to become law, his Administration will place new burdens on hard-working Americans and their families—who will be at the mercy of a handful of digital giants. CDD and our allies, here and in the EU, pledge to continue our fight against the special interests that have gained new ways to control how we use the Internet and other digital media. Contact: Jeff Chester Executive Director Center for Digital Democracy Washington, DC. www. democraticmedia.org jeff@democraticmedia.org (link sends e-mail) 202-494-7100