program areas Digital Consumer

Chart: Here’s How 5 Tech Giants Make Their Billions Courtesy of: Visual Capitalist (link is external) For the full article visit, http://www.visualcapitalist.com/chart-5-tech-giants-make-billions/ (link is external)

Facebook should immediately release all documents describing how it collected and analyzed psychological information it recently (link is external) collected about its youngest users, some as young as 14, and college students, Public Citizen and a coalition of 25 groups said in a letter (link is external) to the corporation today. The groups are concerned about how this information might have been used or may be used in the future by marketers and others to take advantage of young people’s emotions, all without users’ knowledge. Marketing companies and Facebook have secretly moved to tap into teens’ emotions and developmental vulnerabilities strictly for profit, the letter says. The groups want to know how the data was used, when it was used, how many users were impacted and the names of the companies that received the data. “What began as a way for college students to keep in touch has morphed into a platform for brand-saturated marketing and psychological manipulation,” said Kristen Strader, campaign coordinator for Public Citizen’s Commercial Alert campaign. “It is incumbent upon Facebook as a cultural leader to protect, not exploit, the privacy of young people, especially when their vulnerable emotions are involved.” According to The Australian (link is external) newspaper, Facebook presented research to one of its advertisers that shows it collects sensitive data regarding young users’ emotions and “mood shifts.” The research detailed how Facebook can analyze sensitive user data in real time to determine how young users are communicating emotion, and at which points during the week they are doing so, the letter continued. Facebook’s research was conducted without users’ knowledge, which raises ethical concerns. “Because Facebook plays such a powerful role in the lives of teens, it must adopt a policy that respects and protects them,” said Dr. Kathryn Montgomery, professor of communication at American University and a consultant to the Center for Digital Democracy. “This should include not only strong safeguards for its advertising and data practices, but also clear limits on the kinds of research it conducts for marketing purposes. Under no circumstances should marketers be using emotional states, stress levels, biometric information or other highly sensitive data to target users. And this should apply to both young people and adults.” “Facebook needs to come clean and publicly release the full internal document, reported in The Australian, describing how Facebook collected and analyzed psychological information on high school students, college students and young users, said Finn Lützow-Holm Myrstad, European Union co-chair of the Transatlantic Consumer Dialogue. “The burden of proof is on Facebook to document publicly that they don’t collect and use such information. We are concerned that companies don’t overreach and abuse their users’ fundamental right to privacy and data protection.” The public, its users and elected officials have a right to know how pervasive this research was, who was affected and how the company will ensure it does not occur again, the groups said. The only way to fully address those concerns is to publicly release the internal document and related materials, accompanied by a more detailed explanation from Facebook of what was intended, what happened and the company’s actual practices, the letter says. —30— --- See full PDF of letter to Facebook below.

President Trump has killed the first real protections for commercial privacy that Americans have online. Phone and cable giants, allied with the GOP Congressional majority, have just voted to overturn the historic consumer-data safeguards adopted last year by the Federal Communications Commission (FCC). AT&T, Comcast, Verizon—the country’s dominant providers of high speed broadband—along with industry and Congressional GOP allies, intensely opposed the new FCC rule. Why? Merely because it gives Americans some say in whether their sensitive information, such as web browsing activity and geo-location, can be used for digital marketing purposes. That’s right. The new FCC safeguard that was tossed into the legislative waste bin merely says that ISPs must first ask for permission before they can take this personal data in order to target us. Such an “opt-in” approach, requiring prior informed consent, is heretical to digital marketers, whose profits depend on using all of our information without ever really having to ask to do so. Until the FCC stepped in, it was the Federal Trade Commission (FTC) that served as the primary federal agency handling Internet privacy. But unlike the FCC, which can readily issue regulations to protect the public, the FTC is constrained from doing so. More than three decades ago, the advertising industry successfully lobbied Congress to curb that agency’s rulemaking authority (during a fight over another media issue—whether there should be limits on children’s advertising). Primarily, the FTC can only punish companies that engage in “unfair” or “deceptive” acts—such as lying to customers about how they use or protect our information. But if a company writes a privacy policy that basically provides them with unlimited access to all our data—which is what they do—the FTC is basically powerless to do anything at all. Which is why the phone and cable giants—along with Google and Facebook—prefer the FTC. It provides the illusion of having actual oversight and limits, when really nothing much is possible. Under the FTC’s watch, Americans have just experienced an unprecedented loss of their privacy. In the last few years, for example, digital marketers have aggressively pushed the boundaries of what information they gather from us and how it can be used. Our offline and online data is now routinely merged, generating “profiles” that connect our street address to the “cookies” and other online identifiers provided by our digital devices. Our precise geo-location is also regularly captured by mobile phones and “apps” that stealthily send our whereabouts to online companies and retail stores. Massive one-stop data broker “clouds” have emerged that provide reams of information, including about our finances, health, political interests, ethnicity—sold to marketers large and small. Our data “profiles”—digital dossiers—have become invaluable corporate assets that are bought and sold in milliseconds by powerful computers scattered across the globe, our identities traded for profit, as if they are just another commodity. Ongoing advances in how data are analyzed and used—so called “Big Data”—is ushering in even more ways companies can more precisely determine who we are, what we do, where we go, and how we should be treated. The leading phone and cable broadband ISPs have made major investments in tapping into the latest “Big Data” techniques. For example, Verizon recently introduced “Smartplay,” which helps deliver “smarter advertising” by creating what it calls “individual viewer personas that capture viewing history, account profile details and other valuable data….” Comcast Labs employs “Big Data research teams” that have expertise in “machine learning algorithms, forecasting models, intelligent image and video search, automated scene analysis, voice biometrics, recommender systems, personalization, and deep metadata.” AT&T is relying on its “Consumer Insights Platform” team to turn “big data into big insights….” ISPs also partner with leading data providers, such as Acxiom and Oracle, to enhance the robust details they already have about their broadband and video service subscribers. The big ISPs have also been on a shopping spree, acquiring companies that further their digital data advertising clout. Verizon acquired AOL and is now in the process of buying Yahoo; AT&T bought the leading satellite TV company, DirecTV, in part because of its digital ad capabilities; it now wants to fold Time Warner into its empire. Comcast has swallowed up ad-tech companies such as Visible World, FreeWheel, and StickyAds (and its NBC subsidiary has also embarked on its own formidable data-driven ad initiative). It is precisely because ISPs provide us access to residential broadband or wireless networks that they have a unique window into our lives. While Google and Facebook have their own far-reaching capabilities, they are primarily ad-supported marketing companies. When we pay a (hefty) monthly subscriber fee for Internet access, we should not also be exposed to having our Internet provider capture every bit of information it can, let alone tie that data together with what we do when we use our mobile and gaming devices or watch TV. The FCC’s new privacy rule builds on the agency’s network neutrality policy requiring that companies providing access to the Internet must operate in a fair and nondiscriminatory manner. Long-standing safeguards for protecting the privacy of our voice conversations over the telephone network have been brought into the 21st century—and now it’s also our broadband communications that must be respected. (Network neutrality is also under threat of elimination by the Trump FCC.) The ISPs and ad industry lobbyists disingenuously claim that having the FTC protect consumer privacy for all Internet companies, including ISPs and data giants like Google, is the most effective approach. It would be so, perhaps, if the FTC had any real clout. Many of the companies and trade groups urging that the FTC replace the FCC as a privacy regulator have lobbied against giving the trade commission actual authority to do so. They cynically know that turning over our broadband privacy to the FTC will mean business as usual—more of our offline and online data endlessly flowing into sophisticated databases that provide advertisers and other commercial entities (and perhaps government) detailed actionable blueprints of our lives. It will also mean that the only real potential privacy protection Americans have had to make their own mind up about whom to share data with and for what purpose will be lost. The ISPs, data-marketing companies, and their supporters are also fighting against the privacy rule because they know we are also on the eve of a new era—the Internet of Things—that will generate even more personal information about us. In today’s digital era, data is power. And that power should be in the hands of the people—not those that wish to financially and politically benefit by harvesting our information. --30-- President Trump has killed any hope that Americans would enjoy basic privacy protections online. By signing the bill, Mr. Trump has allied himself with the telecommunications and digital media giants who seek to profit from every detail of our lives. This is a betrayal of the American people and an insult to our democracy. All that the FCC safeguard did was to require cable and phone companies to ask for permission before they could profit from a person’s most sensitive information—including that individual’s web browsing, geo-location, financial details and data on children. President Trump helped the special interests and abandoned American families. Mr. Trump directly benefited from the absence of any federal privacy law or rule that protects having our information easily made available to commercial interests. His senior counselor Steve Bannon has been paid by and has investments in data-marketing firm Cambridge Analytica, which helped the Trump campaign. Mr. Bannon would have understood that the new federal privacy protections would enable the public to restrict the flow of commercial data going to political campaigns. We find this potential conflict of interest troubling, and it requires further scrutiny. (Kellyanne Conway was also a Cambridge Analytica consultant.) While today’s action by the president ends the FCC broadband privacy rule approved last October, we believe the public has also won something significant. For the first time, millions of Americans have been informed that they have little or no privacy on the Internet and when they use their mobile devices. Moreover, we have assembled one of the largest public-interest coalitions ever to advance consumer privacy protections. Many policymakers—on both sides of the aisle—have declared themselves as advocates for stronger protections. We will be back. But today, President Trump has given America a digital black eye before the world—a world in which most advanced nations understand that personal privacy is a fundamental democratic right. - Jeff Chester is executive director of the Center for Digital Democracy, a Washington-DC-based consumer digital rights group.

The following can be attributed to Katharina Kopp, Policy Director, Center for Digital Democracy. --- Today’s House vote to overturn the first major Internet privacy protection for Americans, may be a win for ISP monopolies, but it’s a tragic loss for our democracy. Broadband providers, such as AT&T, Comcast and Verizon, will now be able to sell our sensitive information to the highest bidder without first receiving our permission. We believe today’s misguided vote will unleash even more “Big Data” profiling and tracking of Americans, and spur an array of discriminatory practices. Without any restraints, ISPs will dramatically erode what should be an important American fundamental right—that of privacy. If President Trump allows this bill to become law, his Administration will place new burdens on hard-working Americans and their families—who will be at the mercy of a handful of digital giants. CDD and our allies, here and in the EU, pledge to continue our fight against the special interests that have gained new ways to control how we use the Internet and other digital media. Contact: Jeff Chester Executive Director Center for Digital Democracy Washington, DC. www. democraticmedia.org jeff@democraticmedia.org (link sends e-mail) 202-494-7100

Re: Exploring Special Purpose National Bank Charters for Fintech Companies Dear Comptroller Curry: The Center for Digital Democracy and U.S. Public Interest Research Group (U.S. PIRG) agree with the consumer, civil rights, and community groups and their separately filed group letter in which they expressed strong opposition to the proposed new federal nonbank lending charters. U.S. PIRG also signed and concurs with the detailed comment from National Consumer Law Center et al. The Office of the Comptroller of the Currency (OCC) must not undermine state rate caps; must not weaken states’ ability to oversee lenders and act to prevent harmful lending practices; and the OCC must not undermine efforts to provide fair and inclusive lending practices, particularly for people of color and low- and moderate-income consumers, in the areas where they operate. Further, the OCC must not allow nonbank lenders to engage in practices that violate privacy rights, or engage in unfair data and marketing practices. State laws often operate as the primary line of defense for consumers and small businesses. The OCC’s charter proposal inadequately protects consumers from these harmful practices and it should not take state law enforcers off the beat of preventing these practices. Center for Digital Democracy and U.S. PIRG file this supplemental comment to focus on the digital rights and consumer privacy concerns raised by the use of opaque Big Data algorithms used by Fintech firms. These practices increasingly threaten consumer privacy and the OCC must also take them into account when considering non-bank special purpose charters. An ongoing and increasingly challenging issue confronting citizens and consumers is the new threats to their privacy and their ability to control how personal and non- personal data about their online and offline behavior are collected and used by online financial services companies. The use of personal data by Fintech companies is pervasive and touches every aspect of their business operation, including marketing, customer loyalty management, pricing, fraud prevention, and underwriting. Fintech companies use many new on- and offline data sources, either directly collecting data from consumers or relying on third parties for Big Data analytics to classify consumers and to make predictions about them. Assigning individuals to socially constructed classifications and then making inferences about them based on group profiles is likely to have consequences that are not well understood and may further increase social inequities. Consumers’ privacy is increasingly undermined and no adequate protections are in place. The OCC must not allow an expansion of these practices via a federal charter that does not provide for adequate privacy safeguards. The OCC must proactively investigate unfair marketing practices and not grant national licenses without affirmative protections. Fintech companies are using Facebook, Instagram, and other digital behavioral data that combine data and interactive experiences to influence consumers and their social networks. Sophisticated data-processing capabilities allow for more precise micro-targeting, the creation of comprehensive profiles, and the ability to act instantly on the insights gained from consumer behaviors. Targeted and highly personalized marketing offers can be intrusive and foster consumer behaviors that are not in the best interest of the individual. Behavioral science shows that consumers are susceptible to ‘nudges’ which raises concerns about the risk of financial institutions taking advantage of the behavioral biases and limitations of consumers. Increasing personalization which Big Data makes possible, could also reduce the comparability of products, making it harder for consumers to compare one offer with another which could have an impact on market competition. Similarly, lack of transparency around the processing of data and automated algorithms may lead to increasing information asymmetries between the financial institution and the individual and thus consumers are left with less awareness and a lack of understanding and control over important financial decisions. These practices happen behind the scenes and can only be addressed by a vigilant regulator. The OCC should not allow fintech companies to operate a national license without properly addressing these data practices. The OCC must also not allow nonbank lenders or partner depository institutions to engage in unfair and discriminatory lending practices. The use of ‘alternative data’ sources can be the cause of bias or contain errors and may lead to consumer harm or unfairness. While alternative credit scoring can be a boon for the underbanked, there need to be standards and safeguards to ensure that any new data are not biased and that their use may not lead to unintended consequences. While industry has argued that increased automation will help expand access to credit and lower costs overall, credit models that are more “accurate” may lead to a more stratified society, as it will leave those at the bottom potentially excluded from credit forever. Models that judge individuals against group profiles based on past data inevitably incorporate elements of past inequality and discrimination. Communities of color are thus most vulnerable. Unless additional policies are put in place to address these consequences, inequality is likely to become more entrenched the more we rely on models for risk evaluations. Fintech platforms must comply fully with the requirements of the Fair Credit Reporting Act and Equal Credit Opportunity Act. In conclusion, the OCC must not grant new federal nonbank lending charters that would give firms free rein to use unfair data and marketing practices. Instead the OCC must proactively mitigate risks from unfair data, marketing, and lending practices that threaten to undermine privacy, consumer rights and economic inclusion. Sincerely, Jeff Chester and Katharina Kopp Center for Digital Democracy Edmund Mierzwinski U.S. PIRG Recommended further reading: BIG DATA MEANS BIG OPPORTUNITIES AND BIG CHALLENGES: Promoting Financial Inclusion and Consumer Protection in the “Big Data” Financial Era U.S. PIRG Education Fund and Center for Digital Democracy, 27 March 2014 Available at http://www.uspirg.org/reports/usf/big-data-means-big-opportunities-and-b... (link is external)

Edith Ramirez brought the FTC into the 21st century. Under her leadership, the agency made it clear that new technologies had to treat consumers fairly, including when it came to protecting their privacy. Through enforcement, litigation, and publicly exposing new threats, Edith Ramirez’s commission has created a unique consumer protection legacy that will have a long-lasting and positive impact. Ramirez’s tenure has also been marked by a strong commitment to protecting economically vulnerable and other at-risk consumers, including those who reflect the country’s diversity. More than any other federal agency, Ramirez’s FTC understood how the emerging “Internet of Things”—where we are always connected online—provided both a promise and a threat. Through a series of cutting-edge cases—Snapchat, (link is external) D-Link (link is external), inMobi (link is external) and Turn (link is external), for example—the commission made it clear that tech companies that deceived consumers or failed to protect their security would be punished and publicly shamed. Companies, including Amazon (link is external), Google (link is external) and Apple (link is external), that failed to ensure that consumers who purchased apps had been treated fairly had to change their practices. New and deceptive ways in how companies advertise to the public also came under her scrutiny, including the role of “influencers.” Cases included Machinima (link is external) and Warner Brothers (link is external), for example. Ramirez assembled a highly effective and strategic consumer protection team, led by bureau director Jessica Rich. The commission played a major role in the $10 billion settlement with Volkswagen (link is external), and also pursued cases where vulnerable consumers had been financially harmed (such as DeVry (link is external) University and Cancer Fund of America (link is external)). It also took on challenging cases to make it clear that the agency had the authority and responsibility to proactively act in the best interests of consumers (e.g., Wyndham, (link is external) Herbalife, (link is external) and Lifelock (link is external)). Ramirez cast a spotlight on emerging privacy issues involving “smart TV’s,” cross-device tracking, and other technologies. The agency also created a new Office of Technology Research and Investigations, within the Bureau of Consumer Protection, to stay on top of digital media and data developments. Finally, Edith Ramirez understood that all Americans require effective consumer protection. Under her leadership, the FTC expressly reached out to Hispanics, African Americans, and others in order to involve them in the work of the commission. Jeff Chester, CDD

Statement of Jeff Chester, executive director, Center for Digital Democracy October 27, 2016: The Federal Communications Commission, led by Chairman Tom Wheeler, delivered a very early Christmas present to Americans today. For the first time, the public will be guaranteed that when they use broadband to connect to the Internet, whether on a mobile device or personal computer, they will have the ability to decide whether and how much of their information can be gathered and used by Internet Service Providers (ISPs) without first getting their consent. This is a tremendous public interest breakthrough for privacy rights in the U.S., which lags behind nearly every other democracy when it comes to protecting online privacy. Today’s decision (link is external) provides a new crucial consumer protection safeguard. When consumers use a mobile app or engage in search, that information cannot be stealthily monitored and used by their ISP without a person first agreeing it can do so (known as opt-in). Such information is classified by the commission as “sensitive” data and triggers a set of rights for the consumer. The new rule is a critical building block for better protecting our privacy in this period of growing commercial surveillance, and should significantly curtail the ability of ISPs to stealthily monitor our activities. The handful of phone and cable giants that dominate the broadband telecommunications market are increasingly using sophisticated data-mining techniques to track and analyze their customers, whether at home or—via a mobile phone—on the go. This new rule will help ensure that a consumer’s most personal information—about their finances, health, geo-location, children—will not be swept into this far-reaching apparatus. Safeguards to prevent unfair “pay-for-privacy” schemes are also part of this new FCC order—and we expect the commission to be vigilant to make sure consumers aren’t forced, because of financial circumstances, to give up their privacy. The 3-2 vote is also a rejection of the intense lobbying conducted by the phone and cable lobby, as well as by other Internet giants, to effectively kill the plan. They aggressively lobbied to weaken the FCC’s proposal, disingenuously arguing that the commission should merely adopt the Federal Trade Commission’s privacy regime. They preferred the FTC’s approach because it doesn’t have any real legal teeth, and has allowed Internet giants to freely gather and use our data without any regard to our privacy. One reason that Americans face a crisis today in terms of their loss of privacy is because the FTC has been prevented from having the regulatory authority to actually protect the public. The very same companies calling for its approach have tirelessly worked to undermine its authority, in Congress and the courts.CDD would have preferred an earlier version of the commission’s privacy proposal that didn’t make distinctions between sensitive and non-sensitive data. This is a concept that is increasingly irrelevant today, because of technological advances in “Big Data” analytics and the massive growth of consumer data across all devices, where innocuous data can be used to generate highly personal and sensitive details. But today’s FCC decision is a critical advance in protecting our information. This decision sets the stage for a long-overdue debate on the need also to protect the privacy of Americans who use other online services, including Google and Facebook. It sets a critically new privacy baseline, which should lead to action by Congress that provides strong privacy protections for all of us, regardless of the devices or online services we use. These rules also need to be applied to any plans by AT&T and Time Warner to expand their commercial data activities under their proposed merger. Finally, this victory would not have been possible without the FCC’s Open Internet decision (network neutrality). That triggered this privacy review, so that long-standing privacy safeguards when we use our telephones was brought up to date. A truly open and democratic Internet requires one that incorporates robust privacy safeguards. Today’s decision is step one in helping achieve that important goal.