CDD

program areas Digital Consumer

  • Press Release

    Transatlantic Consumer Dialogue (TACD) Calling on White House and Administration to Take Immediate Action on Generative AI

    Transatlantic Consumer Dialogue (TACD), a coalition of the leading consumer organizations in North America and Europe, asking policymakers on both side of the Atlantic for action

    The Honorable Joseph R. BidenPresident of the United StatesThe White House1600 Pennsylvania Avenue NWWashington, DC 20500 June 20, 2023  Dear President Biden,We are writing on behalf of the Transatlantic Consumer Dialogue (TACD), a coalition of the leading consumer organizations in North America and Europe, to ask you and your administration to take immediate action regarding the rapid development of Generative Artificial Intelligence in a growing number of applications, such as text generators like ChatGPT, and the risks these entail for consumers. We are calling on policymakers and regulators on both sides of the Atlantic to use existing laws and regulations to address the problematic uses of Generative Artificial Intelligence; adopt a cautious approach to deploying Generative Artificial Intelligence in the public sector; and adopt new legislative measures to directly address Generative Artificial Intelligence harms. As companies are rapidly developing and deploying this technology and outpacing legislative efforts, we cannot leave consumers unprotected in the meantime.  Generative Artificial Intelligence systems are now already widely used by consumers in the U.S. and beyond. For example, chatbots are increasingly incorporated into products and services by businesses. Although these systems are presented as helpful, saving time, costs, and labor, we are worried about serious downsides and harms they may bring about.Generative Artificial Intelligence systems are incentivized to suck up as much data as possible to train the AI models, leading to inclusion of personal data that may be irremovable once the sets have been established and the tools trained. Where training models include data that is biased or discriminatory, those biases become baked into the Generative Artificial Intelligence’s outputs, creating increasingly more biased and discriminatory content that is then disseminated. The large companies making advances in this space are already establishing monopolistic market concentration. Running Generative Artificial Intelligence tools requires enormous amounts of water and electricity, leading to heightened carbon emissions. The speed and volume of information creation with these technologies speeds the generation and spread of increasing misinformation and disinformation. Three of our members (Public Citizen, The Electronic Privacy Information Center, and The Norwegian Consumer Council) have already published reports setting forth the specific harms of Generative Artificial Intelligence and proposing steps to counter these harms – we would be happy to discuss these with you. In addition, TACD has adopted policy principles which we believe are key to safely deploying Generative Artificial Intelligence. Our goal is to provide policymakers,                                lawmakers, enforcement agencies, and other relevant entities with a robust starting point to ensure that Generative Artificial Intelligence does not come at the expense of consumer, civil, and human rights.  If left unchecked, these harms will become permanently entrenched in the use and development of Generative Artificial Intelligence. We are calling for actions that insist upon transparency, accountability, and safety in these Generative Artificial Intelligence systems, including ensuring that discrimination, manipulation, and other serious harms are eliminated. Where uses of GAI are clearly harmful or likely to be clearly harmful, they must be barred completely.  In order to combat the harms of Generative Artificial Intelligence, your administration must ensure that existing laws are enforced wherever they apply. New regulations must be passed that specifically address the serious risks and gaps in protection identified in the reports mentioned above. Companies and other entities developing Generative Artificial Intelligence must adhere to transparent and reviewable obligations. Finally, once binding standards are in place, the Trade and Technology Council must not undermine those binding standards.We welcome the administration’s efforts on AI to protect Americans’ rights and safety, particularly your efforts to center civil rights, via executive action. Furthermore, we are encouraged to see the leading enforcement agencies underscore their collective commitment to leverage their existing legal authorities to protect the American people. But more must be done, and soon, especially for those already disadvantaged and the most vulnerable, including people of color and others who have been historically underserved and marginalized, as well as children and teenagers. We want to work with you to ensure that privacy and other consumer protections remain at the forefront of these discussions, even when new technology is involved.Sincerely, Finn Lützow-Holm Myrstad                                Director of Digital Policy, Norwegian Consumer European Co-Chair of TACD’s Digital Policy Calli SchroederSenior Counsel and Global Privacy Counsel, EPIC U.S. Co-Chair of TACD’s Digital PolicyTransatlantic Consumer Dialogue (TACD)Rue d’Arlon 80, B-1040 Brussels  Tel. +32 (0)2 743 15 90  www.tacd.org  @TACD_ConsumersEC register for interest representatives: identification number 534385811072-96                                       
  • Consumer financial safeguards for online payments needed, says U.S. PIRG & CDDBig Tech Payment PlatformsSupplemental Comments of USPIRG and the Center for Digital DemocracyCFPB-2021-0017December 7, 2022United States Public Interest Research Group (USPIRG) and the Center for Digital Democracy (CDD) submit these additional comments to further inform the Bureau’s inquiry. They amplify the comments USPIRG and CDD submitted last year.[1]  We believe that since we filed our original comment, the transformation of “Big Tech” operated digital payment platforms has significantly evolved, underscoring the need for the Bureau to institute much needed consumer protection safeguards. We had described how online platform based payment services seamlessly incorporate the key elements of “commerce” today—including content, promotion, marketing, sales and payment. We explained how these elements are part of the data-driven “surveillance” and personalized marketing system that operates as the central nervous system for nearly all U.S. online operations. We raised the growing role that “social media commerce” plays in contemporary payment platforms, supporting the Bureau’s examination of Big Tech platforms and consumer financial payment services. For example, U.S. retail social media commerce sales will generate $53 billion in 2022, rising to $107 billion by 2025, according to a recent report by Insider Intelligence/eMarketer. Younger Americans, so-called “Generation Z,” are helping drive this new market—an indicator of how changing consumer financial behaviors are being shaped by the business model and affordances of the Big Tech platforms, including TikTok, Meta and Google.[2]In order to meaningfully respond to the additional questions raised by the Bureau in its re-opening of the comment period, in particular regarding how the payment platforms handle “complaints, disputes and errors” and whether they are “sufficiently staffed…to address consumer protection and provide responsible customer service,” USPIRG and CDD offer some further analysis regarding the structural problems of contemporary platform payment systems below.[3]First, payment services such as operated by Google, Meta, TikTok and others have inherent conflicts of interest.They are, as the Bureau knows, primarily advertising systems, that are designed to capture the “engagement” of individuals and groups using a largely stealth array of online marketing applications (including, for example, extensive testing to identify ways to engage in subconscious “implicit” persuasion).[4] Our prior comment and those of other consumer groups have already documented the extensive use of data profiling, machine learning, cross-platform predictive analysis and “identity” capture that are just a few of current platform monetization tactics. The continually evolving set of tools available for digital platforms to target consumers has no limits—and raises critical questions when it comes to the financial security of US consumers.  The build-out of Big Tech payment platforms leveraging their unique capabilities to seamlessly combine social media, entertainment, commerce with sophisticated data-driven contemporary surveillance has transformed traditional financial services concepts. Today’s social media giants are also global consumer financial banking and retail institutions. For example, J.P. Morgan has “built a real-time payments infrastructure” for TikTok’s parent company ByteDance: “that can be connected to local clearing systems. This allows users, content producers, and influencers to be paid instantaneously and directly into their bank accounts at any day or time. ByteDance has enabled this capability in the U.S. and Europe, meaning it covers approximately one-fifth of TikTok’s 1 billion active users worldwide.”[5]J.P. Morgan assisted ByteDance to also replace its “host-to host connectivity with banks, replacing it with application programming interfaces (API) connectivity that allows real-time exchange of data” between ByteDance and Morgan. This allows ByteDance to “track and trace the end-to-end status through the SWIFT network, see and monitor payments, and allow users to check for payments via their TikTok or other ByteDance apps in real time.” Morgan also has “elevated and further future-proofed ByteDance’s cash management through a centralized account structure covering all 15 businesses” through a “virtual account management and liquidity tool.”[6]Google’s Pay operations also illustrate how distinct digital payment platforms are from previous forms of financial services. Google explains to merchants that by integrating “with Google Wallet [they can] engage with users through location-based notifications, real-time updates” and offers, including encouraging consumers to “add offers from your webpage or app directly to Google wallet.” Google promotes the use of “geofenced notifications to drive engagement” with its Pay and Wallet services as well. Google’s ability to leverage its geolocation and other granular tracking and making that information available through a package of surveillance and engagement tools to merchants to drive financial transactions in real-time is beyond the ability of a consumer to effectively address. A further issue is the growing use of “personalization” technologies to make the financial services offering even more compelling. Google has already launched its “Spot” service to deliver “payment enabled experiences for users, including “fully customized experiences” in Google Pay. Although currently available only in India and Singapore, Google’s Spot platform, which allows consumers with “a few simple taps…to search, review, choose and pay” for a product is an example of how payment services online are continually advanced—and require independent review by consumer financial regulators. It also reflects another problem regarding protecting the financial well-being of US consumers. What are the impacts to financial security when there is no distance—no time to reflect—when the seamless, machine and socially-driven marketing and payment operations are at work?[7]A good example of the lack of meaningful protections for online financial consumers is Google Pay’s use of what’s known as “discovery,” a popular digital marketing concept meaning to give enhanced prominence to a product or service. Here’s how Google describes how that concept works in its Spot-enabled Pay application: “We understand that discovery is where it starts, but building deep connections is what matters the most - a connection that doesn’t just end with a payment, but extends to effective post sale engagement. The Spot Platform helps merchants own this relationship by providing a conversational framework, so that order updates, offers, and recommendations can easily be surfaced to the customer. This is powered by our Order API which is specialised to surface updates and relevant actions for users' purchases, and the Messaging API which can surface relevant messages post checkout to the user.”[8]Meta (Facebook), along with ad giant WPP, also relies on the growing use of “discovery” applications to promote sales. In a recent report, they explain that “digital loyalty is driven by seamless shopping experiences, convenience, easy discovery, consistent availability, positive community endorsement and personal connections.”[9]  Since Google and other payment platforms have relationships with dozens of financial institutions, and also have an array of different requirements for vendors and developers, USPIRG and CDD are concerned that consumers are placed at a serious disadvantage when it comes to protecting their interests and also seeking redress for complaints. The chain of digital payment services relationships, including with partners that conduct their own powerful data driven marketing systems, requires Bureau review. For example, PayPal is a partner with Google Pay, while the PayPal Commerce Platform has Salesforce as one of many partners.[10]See also PIRG’s recent comments to the FTC, for an extensive discussion of retail media networks and data clean rooms:[11]“Clean rooms are data platforms that allow companies to share first party data with one another without giving the other party full access to the underlying, user-level data. This ability to set controls on who has access to granular information about consumers is the primary reason that data clean rooms are able to subvert current privacy regulations.” Another important issue for the Bureau is the ability of the Big Tech payment platforms to collect and analyze data in ways that allow it to identify unique ways to influence consumer spending behaviors. In a recent report, Chinese ecommerce platform Alibaba explained how such a system operates: “The strength of Alibaba’s platforms allows a birds-eye view of consumer preferences, which is combined with an ecosystem of tactical solutions, to enable merchants to engage directly and co-create with consumers and source suppliers to test, adapt, develop, and launch cutting-edge products…helps merchants identify new channels and strategies to tap into the Chinese market by using precise market analysis, real-time consumer insights, and product concept testing.”[12]Such financial insights are part of what digital payment and platform services provide. PayPal, for example, gathers data on consumers as part of their “shopping journey.” In one case study for travel, PayPal explained that its campaign for Expedia involved pulling “together data-driven destination insights, creative messaging and strategic placements throughout the travel shoppers’ journey.” This included a “social media integration that drove users to a campaign landing page” powered by “data to win.” This data included what is the growing use of what’s euphemistically called “first-party data” from consumers, where there has been alleged permission to use it to target an individual. Few consumers will ever review—or have the ability to influence—the PayPal engine that is designed for merchants to “shape [their] customer journey from acquisition to retention.” This includes applications that add “flexible payment options…right on product pages or through emails;” “relevant Pay Later offer to customers with dynamic messaging;’ ability to “increase average order value” through “proprietary payment methods;” or “propose rewards as a payment option to help inspire loyalty.”[13]The impact of data-driven fostered social commerce on promoting the use of consumer payments should be assessed. For example, Shopify’s “in-app shopping experience on TikTok” claims that the placement of its “shopping tabs” by vendors on posts, profiles and product catalogs unleashes “organic discovery.” This creates “a mini-storefront that links directly to their online store for check out.’’ A TikTok executive explains how the use of today’s digital payment services are distinct—“rooted in discovery, connection, and entertainment, creating unparalleled opportunities for brands to capture consumers’ attention…that drives [them] directly to the digital point of purchase.”[14] TikTok also has partnered with Stripe, helping it “become much more integrated with the world of payments and fintech.”[15]TikTok’s Stripe integrations enable “sellers to send fans directly from TikTok videos, ads, and shopping tabs on their profiles to products available in their existing Square Online (link is external)store, providing a streamlined shopping experience that retains the look and feel of their personal brand.”[16] The Square/TikTok payment alliance illustrates the role that data driven commercial surveillance marketing plays in payment operations, such as the use of the “TikTok pixel” and “advanced matching.”[17] In China, ByteDance’s payment services reflects its growing ability to leverage its mass customer data capture for social media driven marketing and financial services.[18]We urge the Bureau to examine TikTok’s data and marketing practices as it transfers U.S. user information to servers in the U.S., the so-called “Project Texas,” to identify how “sensitive” data may be part of its financial services offerings.[19]Apple’s payment services deserve further scrutiny as its reintroduces its role as a digital advertising network, leveraging its dominant position in the mobile and app markets.[20] PayPal recently announced that it will be “working with Apple to enhance offerings for PayPal and Venmo merchants and consumers.” Apple is also making its payment service available through additional vendors, including the giant Kroger grocery store chain stores in California.[21]Amazon announced in October 2022 that Venmo was now an official payment service, where users could, during checkout, “select “Select a payment method” and then “Add a Venmo account.” This will redirect them to the Venmo app, where they can complete the authentication. Users can also choose Venmo to be their default payment method for Amazon purchases on that screen.”[22] Amazon’s AWS partners with fintech provider Plaid, another example of far-reaching partnerships restructuring the consumer financial services market.[23]ConclusionUSPIRG and CDD hope that both our original comments and these additional comments help the Bureau to understand the impact of rapid changes in Big Tech’s payments network relationships and partnerships. We believe urgent CFPB action is needed to protect consumers from the threat of Big Tech’s continued efforts to breach the important wall separating banking and commerce and to ensure that all players in the financial marketplace follow all the rules. Please contact us with additional questions.Sincerely yours,Jeff Chester, Executive Director, Center for Digital DemocracyEdmund Mierzwinski, Senior Director, Federal Consumer Program, U.S. PIRG [[1] /comment/CFPB-2021-0017-0079[2] /what-s-behind-social-commerce-surge-5-charts[3] We also believe that the Bureau’s request for comments concerning potential abuse of terms of service and use of penalties merits discussion. We look forward to additional comments from others. [4] /business/en-US/blog/mediascience-study-brands-memorable-tiktok; see Google, Meta, TikTok as well: https://www.neuronsinc.com/cases[5] /content/dam/jpm/treasury-services/documents/case-study-bytedance.pdf[6] /content/dam/jpm/treasury-services/documents/case-study-bytedance.pdf[7] /about/business/checkout/(link is external); /pay/spot(link is external); /about/business/passes-and-rewards/[8] /pay/spot[9] /news/meta-publishes-new-report-on-the-importance-of-building-brand-loyalty-in-on/625603/[10] See, for example, the numerous bank partners of Google in the US alone: /wallet/answer/12168634?hl=en. Also: /payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=buyertos&ldr=us; /wallet/retail; /wallet/retail/offers/resources/terms-of-service; /us/webapps/mpp/google-pay-paypal; /products/commerce-cloud/overview/?cc=dwdcmain[11] /wp-content/uploads/2022/11/PIRG-FTC-data-comment-no-petitions-Nov-2022.pdf[12] /article/how-merchants-can-use-consumer-insights-from-alibaba-to-power-product-development/482374[13] /us/brc/article/enterprise-solutions-expedia-case-study(link is external); /us/brc/article/enterprise-solutions-acquire-and-retain-customers[14] /scaling-social-commerce-shopify-introduces-new-in-app-shopping-experiences-on-tiktok#[15] /financial-services-finserv/tiktok-partners-fintech-firm-stripe-tips-payments[16] /us/en/press/square-x-tiktok[17] /help/us/en/article/7653-connect-square-online-with-tiktok(link is external); /help/article/data-sharing-tiktok-pixel-partners[18] /video/douyin-chinas-version-tiktok-charge-093000931.html; /2021/01/19/tiktok-owner-bytedance-launches-mobile-payments-in-china-.html[19] /a/202211/16/WS6374c81ea31049175432a1d8.html[20] /news/newsletters/2022-08-14/apple-aapl-set-to-expand-advertising-bringing-ads-to-maps-tv-and-books-apps-l6tdqqmg?sref=QDmhoVl8[21] /231198771/files/doc_financials/2022/q3/PYPL-Q3-22-Earnings-Release.pdf;/2022/11/08/ralphs-begins-accepting-apple-pay/[22] /2022/10/25/amazon-now-allows-customers-to-make-payments-through-venmo/[23] /blogs/apn/how-to-build-a-fintech-app-on-aws-using-the-plaid-api/pirg_cdd_cfpb_comments_7dec2022.pdf
    Jeff Chester
  • Coalition of child advocacy, health, safety, privacy and consumer organization document how data-driven marketing undermines privacy and welfare of young peopleChildren and teenagers experience widespread commercial surveillance practices to collect data used to target them with marketing. Targeted and personalized advertising remains the dominant business model for digital media, with the marketing and advertising industry identifying children and teens as a prime target. Minors are relentlessly pursued while, simultaneously, they are spending more time online than ever before. Children’s lives are filled with surveillance, involving the collection of vast amounts of personal data of online users. This surveillance, informed by behavior science and maximized by evolving technologies, allows platforms and marketers to profile and manipulate children.The prevalence of surveillance advertising and targeted marketing aimed at minors is unfair in violation of Section 5. Specifically, data-driven marketing and targeted advertising causes substantial harm to children and teens by:violating their privacy;manipulating them into being interested in harmful products;undermining their autonomyperpetuating discrimination and bias;Additionally, the design choices tech companies use to optimize engagement and data collection in order to target marketing to minors further harm children and teens. These harms include undermining their physical and mental wellbeing and increasing the risk of problematic internet risk. These harms cannot reasonably be avoided by minors or their families, and there are no countervailing benefits to consumers or competition that outweigh these harms.Surveillance advertising is also deceptive to children, as defined by the Federal Trade Commission. The representations made about surveillance advertising by adtech companies, social media companies, apps, and games are likely to mislead minors and their parents and guardians. These misrepresentations and omissions are material. Many companies also mislead minors and their guardians by omission because they fail to disclose important information about their practices. These practices impact the choices of minors and their families every day as they use websites, apps, and services without an understanding of the complex system of data collection, retention, and sharing that is used to influence them online. We therefore urge the Commission to promulgate a rule that prohibits targeted marketing to children and teenagers.Groups filing the comment included: The Center for Digital Democracy, Fairplay, and #HalfTheStory, American Academy of Pediatrics, Becca Schmill Foundation, Berkeley Media Studies Group, Children and Screens: Institute of Digital Media and Child Development, Consumer Federation of America, Consumer Federation of California, CUNY Urban Food Policy Institute, Eating Disorders Coalition for Research, Policy & Action, Enough is Enough, LookUp.live, Lynn’s Warriors, National Eating Disorders Association, Parents Television and Media Council, ParentsTogether, Peace Educators Allied for Children Everywhere (P.E.A.C.E.), Public Citizen and UConn Rudd Center for Food Policy & Health FairPlay's executive director Josh Golin said: "Big Tech's commercial surveillance business model undermines young people's wellbeing and development.  It causes kids and teens to spend excessive time online, and exposes them to harmful content and advertising targeted to their vulnerabilities. The FTC must adopt a series of safeguards to allow vulnerable youth to play, learn, and socialize online without being manipulated or harmed. Most importantly, the Commission should prohibit data-driven advertising and marketing to children and teens, and make clear that Silicon Valley profits cannot come at the expense of young people's wellbeing.”CDD's Jeff Chester underscored this saying: "Children and teens are key commercial targets of today’s data-driven surveillance complex.  Their lives are tethered to a far-reaching system that is specifically designed to influence how they spend their time and money online, and uses artificial intelligence, virtual reality, geo-tracking, neuromarketing and more to do so.  In addition to the loss of privacy, surveillance marketing threatens their well-being, health and safety. It’s time for the Federal Trade Commission to enact safeguards that protect young people. "[full filing attached]
  • Press Statement regarding today’s FTC Notice(link is external) of Proposed Rulemaking Regarding the Commercial Surveillance and Data SecurityKatharina Kopp, Deputy Director, Center for Digital Democracy:Today, the Federal Trade Commission issued its long overdue advanced notice of proposed rulemaking (ANPRM) regarding a trade regulation rule on commercial surveillance and data security. The ANPRM aims to address the prevalent and increasingly unavoidable harms of commercial surveillance. Civil society groups including civil rights groups, privacy and digital rights and children’s advocates had previously called on the commission to initiate this trade regulation rule to address the decades long failings of the commission to reign in predatory corporate practices online. CDD had called on the commission repeatedly over the last two decades to address the out-of-control surveillance advertising apparatus that is the root cause of increasingly unfair, manipulative, and discriminatory practices harming children, teens, and adults and which have a particularly negative impact on equal opportunity and equity.The Center for Digital Democracy welcomes this important initial step by the commission and looks forward to working with the FTC. CDD urges the commission to move forward expeditiously with the rule making and to ensure fair participation of stakeholders, particularly those that are disproportionately harmed by commercial surveillance.press_statement_8-11fin.pdf
  • Considering Privacy Legislation in the context of contemporary digital data marketing practices Last week, the leading global advertisers, online platforms and data marketers gathered for the most important awards given by the ad industry—the “Cannes Lions.” Reviewing the winners and the “shortlist” of runners-up—competing in categories such as “Creative Data,” “Social and Influencer,” “Brand Experience & Activation,” “Creative Commerce” and “Mobile”—is essential to learn where the data-driven marketing business—and ultimately much of our digital experiences—is headed. An analysis of the entries reveals a growing role for machine learning and artificial intelligence in the creation of online marketing, along with geolocation tracking, immersive content and other “engagement” technologies. One takeaway, not surprisingly, is that the online ad industry continues to perfect techniques to secure our interest in its content so it can to gather more data from us.A U.S.-based company that also generated news during Cannes was The Trade Desk, a relatively unknown data marketing service that is playing a major role assisting advertisers and content providers to overcome any new privacy challenges posed by emerging or future legislation. The Trade Desk announced last week a further integration of its data and ad-targeting service with Amazon’s cloud AWS division, as well as a key role assisting grocer Albertsons new digital ad division. The Trade Desk has brokered a series of alliances and partnerships with Walmart, the Washington Post, Los Angeles Times, Gannett, NBC Universal, and Disney—to name only a few.There are several reasons these marketers and content publishing companies are aligning themselves with The Trade Desk. One of the most important is the company’s leadership in developing a method to collect and monetize a person’s identity for ongoing online marketing. “Unified ID 2.0” is touted to be a privacy-focused method that enables surveillance and effective ad targeting. The marketing industry refers to these identity approaches as “currencies” that enable the buying and selling of individuals for advertising. There are now dozens of identity “graph” or “identity spine” services, in addition to UDID, which reflect far-reaching partnerships among data brokers, publishers, adtech specialists, advertisers and marketing agencies. Many of these approaches are interoperable, such as the one involving Acxiom spin-off LiveRamp and The Trade Desk. A key goal, when you listen to what these identity brokers say, is that they would like to establish a universal identifier for each of us, to directly capture our attention, reap our data, and monetize our behavior. For the last several years, as a result of the enactment of the GDPR in the EU, the passage of privacy legislation in California, and the potential of federal privacy legislation, Google, Apple, Firefox and others have made changes or announced plans related to their online data practices. So-called “third party cookies,” which have long enabled commercial surveillance, are being abandoned—especially since their role has repeatedly raised concerns from data-protection regulators. Taking their place are what the surveillance marketing business believes are privacy-regulation-proof strategies. There are basically two major, but related, efforts that have been underway—here in the U.S. and globally.The first tactic is for a platform or online publisher to secure the use of our information through an affirmative consent process—called a “first-party” data relationship in the industry. The reasoning goes is that an individual wants an ongoing interaction with the site—for news, videos, groceries, drugs and other services, etc. Under this rationale, we are said to understand and approve how platforms and publishers will use our information as part of the value exchange. First-party data is becoming the most valuable asset in the global digital marketing business, enabling ongoing collection, generating insights, and helping maintain the surveillance model. It is considered to have few privacy problems. All the major platforms that raise so many troubling issues—including Google, Amazon, Meta/Facebook—operate through extensive first-party data relationships. It’s informative to see how the lead digital marketing trade group—the Interactive Advertising Bureau (IAB)—explains it: “ “first party data is your data…presents the least privacy concerns because you have full control over its collection, ownership and use.”The second tactic is a variation on the first, but also relies on various forms of identity-resolution strategies. It’s a response in part to the challenges posed by the dominance of the “walled garden” digital behemoths (Google, etc.) as well the need to overcome the impact of privacy regulation. These identity services are the replacement for cookies. Some form of first-party data is captured (and streaming video services are seen as a gold mine here to secure consent), along with additional information using machine learning to crunch data from public sources and other “signals.” Multimillion member panels of consumers who provide ongoing feedback to marketers, including information about their online behaviors, also help better determine how to effectively fashion the digital targeting elements. The Trade Desk-led UDID is one such identity framework. Another is TransUnion’s “Fabrick,” which “provides marketers with a sustainable, privacy-first foundation for all their data management, marketing and measurement needs.” Such rhetoric is typical of how the adtech/data broker/digital marketing sectors are trying to reframe how they conduct surveillance.Another related development, as part of the restructuring of the commercial surveillance economy, is the role of “data clean rooms.” Clean rooms enable data to be processed under specific rules set up by a marketer. As Advertising Agerecently explained, clean rooms enable first-party and other marketers to provide “access to their troves of data.” For Comcast’s NBCU division and Disney, this treasure chest of information comes from “set-top boxes, streaming platforms, theme parks and movie studios.” Various privacy rules are supposed to be applied; in some cases where they have consent, two or more parties will exchange their first-party data. In other cases, where they may not have such open permission, they will be able to “create really interesting ad products; whether it's a certain audience slice, or audience taxonomy, or different types of ad units….” As an NBCU executive explained about its clean room activity, “we match the data, we build custom audiences…we plan, activate and we measure. The clean room is now the safe neutral sandbox where all the parties can feel good sharing first party data without concerns of data leakage.”We currently have at least one major privacy bill in Congress that includes important protections for civil rights and restricts data targeting of children and teens, among other key provisions. It’s also important when examining these proposals to see how effective they will be in dealing with the surveillance marketing industry’s current tactics. If they don’t effectively curtail what is continuous and profound surveillance and manipulation by the major digital marketers, and also fail to rein in the power of the most dominant platforms, will such a federal privacy promise really deliver? We owe it to the public to determine whether such bills will really “clean up” the surveillance system at the core of our online lives.
    Jeff Chester
  • Deal reflects Big Tech move to grab more data for omnipresent tracking & targeting Microsoft is rapidly expanding its surveillance advertising complex—first acquiring AT&T’s powerful Xandr targeting system last December, and adding a few weeks later the online gaming and eSports giant Activision Blizzard. The combination of Microsoft, AT&T and Activision assets raises a set of concerns regarding competition in the gaming and eSports marketplaces; privacy/surveillance protections, given the pervasive data gathering on users; and consumer protection, such as the methods that Microsoft and Activision (and other gaming services) implement to monetize players (including youth) through in-stream advertising and other marketing efforts. It also has implications for the ways we protect privacy in streaming media as well as in the evolving “metaverse.”The FTC must review this proposed deal, with the agency’s privacy and consumer-protection roles at the fore. This proposed Microsoft/Activision combination is emblematic of the ongoing transformation of how Big Tech companies track and target people across all their devices and applications. In order to continue its surveillance-advertising-based model, the online industry is undergoing a massive shift in tactics. It is pivoting to what’s called a “First-Party” data use strategy, claiming that it is obtaining our permission to continue to follow us online and deliver personalized ads and marketing. Getting our consent is the Big Tech plan to undermine any privacy legislation in the U.S. and elsewhere. For example, if this merger goes through, users of Activision games will likely be asked to consent to data collection and tracking on all of Microsoft’s services—such as Bing and LinkedIn. Given that Microsoft and Activision have already baked into its ad services relationships with Google and Meta/Facebook, this acquisition also illustrates the numerous deals that are aligned in all of these digital giants. Owning Xandr will bring a host of additional surveillance advertising resources to Microsoft’s already robust consumer-profiling and marketing infrastructure (including information contributed by AT&T’s own data practices). As explained in the data marketing newsletter AdExchanger, the Xandr and Activision acquisitions, if approved, will enable the leveraging of Microsoft’s already “strong first-party data set and monetize inventory across its wide portfolio of platforms, including its video game business, LinkedIn, Bing, Edge, Office 365, Skype and more.” Microsoft was already working with AT&T’s Xandr surveillance ad targeting apparatus, including for its gaming division. For example Xandr explains that its enables marketers to “Access real users in immersive and engaging environments” via its current ability to target people thru the Microsoft Advertising Exchange.Microsoft’s data targeting currently involves its “Microsoft Search Network,” which “sees 14.6 billion monthly searches globally across nearly 700 million users. Its Audience Network engages in an array of targeting tactics, including via leveraging a person’s identity, location, use of LinkedIn or other sites and a variety of “custom” approaches. Advertisers are able to “target audiences…across more than 1 billion Window devices.” Microsoft also offers its “Dynamics 365 Customer Insights” data platform to help marketers package their own data to use on its ad platform. Activision engages in an array of ad practices that raise concerns about unfairness and privacy, from in-stream ads to “rewarded videos” to product placement. As it explains, “Activision Blizzard Media connects brands and players with fan-first integrated advertising experiences across gaming and esports…. We create user-initiated in-game advertising experiences that allow brands to reward 245M+ players at key moments of gameplay to drive reach, frequency and engagement…. In-game User-initiated video ads allow brands to reward players at key moments of gameplay.”In this context, the FTC needs to review all the third-party tracking YouTube-related companies serving ads to Activision Blizzard Esports, including Google Campaign Manager 360, Flashtalking, Adform, Innovid and Extreme Reach. For example, Flashtalking explains that it helps gaming services “drive customer lifetime value…, understand who bought your games, how they interact with your brand, and which touch points drove engagement.” Innovid helps marketers create “accurate, persistent identity across devices.” For measurement, which is also a privacy issue long overlooked by previous FTC commissions, we have Activision partners that include Oracle’s MOAT, Kantor, Google Campaign Manager, and others. Everything from potato chips, candy and toilet paper is pushed via its gaming services. Activision uses neuromarketing and other research-related online ad industry tactics to figure out how best to deliver marketing to its users (including teens)—all of which have privacy and consumer protection implications. For decades, the Federal Trade Commission has approved Big Tech mergers without examining their impact on consumer protection and privacy (and also on competition—think of all the Google and Facebook takeovers the commission has okayed). This is unacceptable. Gaming is a hugely important market, with a set of data-gathering tactics that impact both consumers and competition. We expect this FTC to do much better than what we have witnessed for the past several decades. 
    Jeff Chester
  • Microsoft's further expansion into gaming, data gathering, digital marketing must trigger close scrutiny, inc. impacts on gamers, youth Microsoft’s proposed purchase of Activision-Blizzard raises serious red flags, Public Citizen, the Center for Digital Democracy, the Repair Association, the Communications Workers of America, and 11 additional groups said today in a letter to the Federal Trade Commission (FTC). The merger could give Microsoft an unfair amount of market power, threaten data privacy and security, limit consumers’ and independent business’ right to repair game consoles, and lead to union busting and wage suppression, the groups said.“If the FTC clears this merger, Microsoft will become the third largest gaming company in the world,” the letter reads. “The proposed merger fits an alarming pattern of concentration in the gaming industry over the past several years. Microsoft’s expanding role in the gaming market may result in the company using its leverage to raise subscription prices and limit options, among other possible consumer harms.”In January, Microsoft announced its deal to buy game publisher and developer Activision-Blizzard, subject to FTC approval. Activision is a titan of the gaming world, boasting 400 million monthly active users and incredibly popular titles like Call of Duty. Microsoft already is a major player in gaming as a hardware producer, platform provider, and game distributor. Combining the two companies could lessen competition in a market that’s seen a rash of consolidation in recent years.Workers at Activision have mobilized over the past year to shine a light on an abusive workplace culture. Now, as these workers seek to form a union to address their collective interests, the potential takeover by Microsoft threatens to further undermine workers’ rights and suppress wages.Microsoft’s move also has negative implications for data privacy and surveillance advertising. Adding Activision’s roster of game titles opens opportunities for advanced data collection, including the use of AI, influencers, neuromarketing, and other practices now used for its gaming operations.Additionally, the merger could strengthen Microsoft’s power to impinge on consumers’ right to repair their own video game equipment or to have it repaired by a service provider of their choice. Microsoft’s Xbox platform is already notoriously difficult to independently repair.
    Jeff Chester
  • The European Union’s efforts to legislate digital markets, specifically with its Digital Markets Act (DMA), make them fairer and more open, and benefit consumers. See PDF of full letter below. 20220203-letter-digital_markets_act-president-joe-r-biden.pdf
  • Documents 25 years of failures by agency to rein in practices that have eviscerated privacy and consumer protection in the U.S. and globallyThe Center for Digital Democracy (CDD) urges the Federal Trade Commission to develop a comprehensive set of rules to address a problem largely of its own making—the unfettered growth of commercial “surveillance marketing.” We submit this comment based on the nearly 25-year record of CDD and its key consumer-protection and privacy colleagues, providing detailed documentation and analysis of the need for the commission to regulate what is known as behavioral, programmatic and surveillance-based advertising.[1]The systemic and multiple failures of the FTC over the decades to respond meaningfully to the role and nature of online marketing—which has eviscerated the privacy rights of Americans (and consumers worldwide)—have enabled data-driven surveillance to thrive ubiquitously. Nearly every platform, application, device and experience in which Americans engage has been shaped by the commercial spying and manipulation apparatus that the commission has allowed to evolve and expand without constraint. In addition, by long ignoring the impact that the approval of countless mergers and acquisitions involving leading digital marketing companies had on commercial surveillance operations, the commission and Department of Justice have helped foster an online marketplace that is dominated by a few giants. There is no real competition in terms of how Americans are treated in the online surveillance marketing economy. Google, Meta/Facebook, Amazon and their partners set the global standards for how everyone else has to conduct data and digital marketing operations. FTC inaction on commercial surveillance practices has perversely promoted the widespread adoption of these practices. Today, nearly every major company is a big-data-driven information broker, surveillance advertiser, and real-time targeter of consumers.[2]At each critical moment—the expansion of behavioral advertising; the emergence of mobile marketing; the widespread adoption of programmatic, real-time, algorithmic-driven buying and selling of people for targeting ads; the deployment of omnichannel (cross-device) tracking and targeting; and the widespread integration of artificial intelligence and machine learning to deliver enhanced predictive targeting—the failure of the FTC to challenge the online data-driven model sent a message to the commercial surveillance industry, that it faced no serious regulatory or political consequences for its actions. This included regulatory immunity for the host of manipulative elements that are within the foundation of commercial surveillance, such as the deep analysis of a person’s emotions, interests, relationships, location, income, race, and ethnicity. By acting as an “enabler” to the forces that have shaped our online platform and experiences, the commission has done more than harm consumer protection, privacy and competition. It is also responsible for allowing the online platform marketplace to grow in ways that have undermined democracy, at once diminishing civic discourse, enabling efforts to promote voter suppression, and facilitating the communication and spread of hate speech and uncivil acts, among other major harms. FTC—“Eyes Wide Shut”: The commission has been engaged in risk-averse behaviors since the early 1980s, as a reaction to the successful attacks on it by the advertising lobby, which was able to convince Congress that the agency had engaged in regulatory excess when it tried to protect children from the harmful impact of marketing. The legacy of what is known as the “kidvid” episode, which resulted in a significant loss of its rulemaking authority, has permeated the agency’s operations for decades. It unleashed a “don’t ask, don’t tell” approach at the commission when it came to seriously confronting the impact of the digital marketplace on the public. Even when it came to children’s privacy—the one area where advocates had successfully convinced Congress to give the agency rulemaking authority—the agency repeatedly failed to enforce the law (allowing Google’s YouTube, for example, to openly violate COPPA for years, despite hearing repeatedly from advocates that it was doing so). The failure of the FTC to seriously implement its only congressionally mandated data-privacy law also sent a loud message to the data surveillance business that the commission wasn’t to be taken seriously.The commission has never condemned the online surveillance model developed by the digital marketing industry. It had countless opportunities to challenge behavioral ads, mobile and geo-location surveillance, social media profiling, and real-time buying and selling of individual profiles for the purposes of micro-targeted advertising.[3] In this comment, we will briefly highlight how the FTC has been an “enabler” of the unfettered operations of surveillance advertising, despite the many calls by CDD and its allies for the agency to act. The FTC and the Information Superhighway: At the earliest stages of what was then called the “Information Superhighway,” cyberspace, or the “National Information Infrastructure,” the FTC convened multiple “workshops” focused on privacy and related ecommerce issues. Reflecting the priorities of the then-Clinton administration, the commission spent several years imploring marketers to implement a set of “fair information practice” principles.[4]During this time, a number of consumer and privacy advocates urged the commission to call on Congress to regulate online data marketing practices. It was evident even then—especially to those who had tracked the online marketing business during the “dial-up” era, that privacy was not a priority at all for the marketing industry. The self-regulatory system was a total sham.[5]The lone exception to self-regulation was a data privacy law covering children 12 and under, an issue that this NGO’s predecessor group, the Center for Media Education (along with the Consumer Federation of America and the Institute for Public Representation, Georgetown University Law Center) championed—which led to the enactment of the Children’s Online Privacy Protection Act in 1998.[6]By the time the commission finally recommended (in 2000) that Congress enact privacy legislation “to supplement self-regulatory efforts and guarantee basic consumer protections,” the political winds had changed. There would be no further progress from Congress on privacy, given the clout of the big data marketing lobby.[7]Enabling behavioral advertising: In 2006, CDD and U.S. PIRG filed a complaint with the commission calling on it to use its Section 5 power to protect consumer privacy online. Specifically, we asked the commission to conduct an investigation of online advertising practices, focusing on five areas of concern: User Tracking/Web Analytics, Behavioral Targeting, Audience Segmentation, Data Gathering/Mining, and Industry Consolidation. As we explained in our petition, “Collectively, these five areas represented the foundations of an entirely new online environment, one in which engagement gives way to entrapment, in which personalization impinges on privacy.” The complaint discussed in detail all the methods used to track and target consumers, via their personal data, mobile phone use, and much more. It also urged action on the growing consolidation of what is now called the platform or ad-tech industry, explaining thatThe past few years have witnessed an alarming degree of consolidation in the Web analysis, advertising, and Internet data collection industries. The result of these transactions is not only the concentration of power in fewer hands, but also an increased ability, as our complaint has shown, for these companies to use their massive compilations of user data to violate consumer privacy in the U.S. Such consolidation within the core of the online marketing infrastructure also requires the FTC to conduct an anti-trust analysis to determine whether there is undue market power in this sector.[8]Ignoring the structure and consequences of behavioral advertising: In part due to the opposition to the proposed Google acquisition of DoubleClick that CDD, EPIC, U.S. PIRG and its allies in the U.S. and in the EU generated (discussed below), the commission convened several workshops, town halls and other forums focused on privacy and online data marketing. As CDD’s executive director, at the FTC’s 2007 “Ehavioral Advertising: Tracking, Targeting & Technology” event, warned, I just want to underscore that the future of online advertising has profound consequences for the future of our democracy and democracies everywhere. The kind of society we are creating right now for ourselves, and particularly our children, in many ways, is being shaped by the forces of advertising and marketing.... [W]e’ve watched since 2000 the ever-growing sophisticated array of techniques that had been deployed to track our every move, not just on individual websites, but through the development of new approaches called re-targeting where we were becoming digitally shadowed wherever we went, site to site…. [T]he time for fact-finding is over. The Commission is the designated Federal agency which is supposed to safeguard consumer privacy. It must act now to protect Americans from the unfair and deceptive practices that have evolved as part of what the industry calls the digital interactive marketing system.[9]Endorsing the monopolistic “Surveillance Marketplace”: In 2007, EPIC, U.S. PIRG, and CDD filed a complaint opposing plans by Google to acquire DoubleClick. As our initial filing explained, the acquisition, if approved, “will give one company access to more information about the Internet activities of consumers than any other company in the world.” In a supplemental petition, we explained that “the massive quantity of user information collected by Google coupled with DoubleClick’s business model of consumer profiling will enable the merged company to construct extremely intimate portraits of its users’ behavior.” We also identified a major conflict of interest at the commission regarding this deal. Needless to say, it was approved anyway, paving the way for the unprecedented role that Google now plays in our lives, with its domination of the commercial surveillance marketplace.[10] (CDD also raised objections to the Google/AdMob, Facebook/Instagram/WhatsApp, and other big-data-driven mergers that the FTC failed to address, again paving the way for the contemporary commercial surveillance apparatus).[11]Mobile surveillance: In 2009, CDD and U.S. PIRG urged the commission to “to protect consumers from a growing number of deceptive and unfair marketing practices and the resultant threats to consumer privacy that are a part of the rapidly growing U.S. mobile advertising landscape…. [M]obile devices, which know our location and other intimate details of our lives, are being turned into portable behavioral tracking and targeting tools….” The group’s FTC filing cited a Google official who called the mobile phone “the ultimate ad vehicle. It’s the first one ever in the history of the planet that people go to bed with. It’s ubiquitous across the world, across demographics, across age groups. People are giving these things to ever-younger children for safety and communication…. [I]t can know where you’ve been, where you’ve lingered, what store you stopped in, what car dealership you visited. It goes beyond any traditional advertising....” The complaint also discussed the myriad techniques, tactics, mergers and other critical issues to support the commission’s investigation and action.[12]Yet the FTC did nothing, and geolocation-based surveillance marketing has thrived, including via the leading platforms. Nor has the commission challenged cross-device tracking, a component of the surveillance marketing industry that financially benefited from the agency’s inability to protect consumer privacy, as unique identifiers are used to track and target the public.[13]Real-time programmatic, behavioral and algorithmic-based targeting: Also in 2009, CDD and U.S. PIRG submitted to the commission a comment as part of the agency’s “Privacy Roundtable” process, which noted thatToday, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990’s. So-called “one-to-one marketing,” where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach. …Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling. Behavioral targeting is just one tool in the interactive advertisers’ arsenal.... We are being intensively tracked on many individual websites and across the Internet.[14]The filing called for action to address the buying and selling of individuals via online ad exchanges and giants such as Google; identified many other leading companies and practices; and explained how all of this was affecting mobile-device and social media users. It documented how self-regulation had been a failure, and how the “self-learning of contemporary interactive ad systems” threaten privacy and consumer welfare. Again, the FTC ignored these issues, enabling today’s programmatic (surveillance marketing) system to evolve unchallenged. Surveillance marketing of health behaviors, including through social media: In 2010, CDD and allied consumer and privacy groups filed a petition on the role that behavioral advertising, as well as manipulative ad tactics such as “neuromarketing,” play in the promotion of health and medical products. Google, Microsoft, and others were the subjects of this complaint. As we explained,A far-reaching complex of health marketers has unleashed an arsenal of techniques to track and profile consumers, including so-called medical “condition targeting,” to eavesdrop on their online discussions via social media data mining; to collect data on their actions through behavioral targeting; to use viral and so-called “word-of-mouth” techniques online to drive interest in prescriptions, over-the counter drugs, and health remedies; and to influence their subconscious perceptions via pharma-focused “neuromarketing…. Digital marketing raises many distinct consumer protection and privacy issues, including an overall lack of transparency, accountability and personal control, which consumers should have over data collection and the various interactive applications used to track, target, and influence them online (including on mobile devices). The use of these technologies by pharmaceutical, health product, and medical information providers that directly affect the public health and welfare of consumers requires immediate action.[15]As before, the FTC did nothing. Failures with Google and Facebook consent-decree enforcement: EPIC, CDD and allied consumer and privacy organizations, which helped bring cases against Google and Facebook, repeatedly told high-level commission staff and commissioners that these entities were routinely violating their respective consent decrees.[16] The failure of the commission to enforce its own decrees—reflecting the inability of the agency to analyze contemporary digital data and online marketing practices—permitted these companies, and the industry as a whole, to expand their surveillance capabilities still further.Neglecting communities of color: CDD also has repeatedly urged the commission to investigate and address how racial and ethnic data are used to target individuals and groups. For years, such data have been used to subject these communities to unfair treatment through predatory online marketing and other harmful practices. At best, the agency has given lip-service to these issues in the past, but has yet to take any meaningful action.[17]Failing our children, COPPA enforcement, and teens: CDD (along with Fair Play and Common Sense Media) is also filing comments in this docket on these issues. But we want to underscore that despite our repeated calls for action, the commission has never done anything to protect adolescents. Consequently, when someone turns 13 in the U.S., they are swept into the commercial surveillance marketing system that negatively affects every adult in the U.S.[18]Where we are today: Every day brings advances in the capabilities of commercial surveillance, led by the giant entities that dominate the marketplace, along with their affiliates. As we noted earlier, AI and machine-learning-based data analytic and targeting operations are routine for the commercial surveillance apparatus. And now the industry is poised to add what is known as “emotional intelligence,” a sophisticated new enhancement to ascertain and “understand how people feel in order to make AI more emotionally aware. There will be a shift from passive and grey interaction with AI, to an understanding of not only the cognitive, but also the emotive, channels of human interaction.”[19] Surveillance applications are also shaping the Internet of Things, the metaverse, and “over-the-top” streaming video as well.[20]We urge the commission to act on this petition, as well as calls by civil rights, consumer and privacy groups that it engage in a comprehensive rulemaking that will help promote competition, data protection, fairness and civil rights online. [1] We especially want to single out two individuals whose leadership role in all these years has been so critical, including with the FTC. Marc Rotenberg, who created and led the Electronic Privacy Information Center for decades, has been at the forefront of these and other key digital democracy issues since the earliest days of the internet. Ed Mierzwinski, now senior director, Federal Consumer Program, U.S. PIRG, understood that the same commercial forces that had undermined consumer rights in the “analog” world was doing so online as well. [2] So-called consumer data platforms and similar technologies permeate the corporate environment. See, for example, Mariah Cooper, “PepsiCo Launches Data Practice to Help Food and Beverage Retailers Grow,” Campaign, 9 Sept. 2021, /article/pepsico-launches-data-practice-to-help-food-and-beverage-retailers-grow/472436; Josh Wolf, “Where Does a Customer Data Platform Fit in With My AWS Data Lake?” AWS Blog, 13 May 2021, /blogs/apn/where-does-a-customer-data-platform-fit-in-with-my-aws-data-lake/; Wavicle Data Solutions, “Global QSR Uses Micro-segmentation to Improve Customer Engagement and Sales,” Dec. 2020, /wp-content/uploads/2020/12/Quick_Service_Restaurant_Customer_360_032421.pdf. [3] Federal Trade Commission, “Privacy in the Electronic Age,” The Privacy & American Business Conference, Washington, D.C., 1 Nov. 1995, /public-statements/1995/11/privacy-electronic-age.[4] Federal Trade Commission, “Staff Report: Public Workshop on Consumer Privacy on the Global Information Infrastructure” Dec. 1996, /reports/staff-report-public-workshop-consumer-privacy-global-information-infrastructure; Federal Trade Commission, About Privacy: Protecting the Consumer on the Global Information Infrastructure,” 8 Dec. 1998, /public-statements/1998/12/about-privacy-protecting-consumer-global-information-infrastructure; “Privacy in the Electronic Age.” See also Jeff Chester’s comments in U.S. Department of Commerce and Federal Trade Commission, “Public Workshop on Online Profiling, Washington, D C, 8 Nov. 1999, /sites/default/files/documents/public_events/online-profiling-public-workshop/online.pdf. [5] See especially the digital marketing industry fundamental paradigm laid out in Don Peppers and Martha Rogers, The One to One Future (New York: Crown Business, 1993); see also, Jeff Chester, Digital Destiny: New Media and the Future of Democracy (New York: The New Press, 2008). [6] See, for example, Federal Trade Commission, “Privacy Online: A Report to Congress,” June 1998. /sites/default/files/documents/reports/privacy-online-report-congress/priv-23a.pdf; Federal Trade Commission, “FTC Staff Sets Forth Principles For Online Information Collection From Children” 16 July 1997, /news-events/press-releases/1997/07/ftc-staff-sets-forth-principles-online-information-collection. To better understand the campaign developed to enact COPPA, including the industry pushback on teens, see Kathryn C. Montgomery, Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet (Cambridge, MA: 2007). CDD pressed to have “cookies” and other identifiers included as personal information under COPPA. Jeff Chester, “Leading Consumer, Privacy, Child Advocacy & Public Health Groups Call on FTC for Stronger Children's Privacy Safeguards Under COPPA,” Center for Digital Democracy, 25 Sept. 2012, /content/leading-consumer-privacy-child-advocacy-public-health-groups-call-ftc-stronger-childrens. [7] See, for example, Marc Rotenberg, letter to Sen. Jay Rockefeller, Chairman of the Senate Committee of Commerce, Science and Transportation, et al, 5 May 2010, /wp-content/uploads/privacy/facebook/EPIC_FB_FTC_Complaint_Letter.pdf.[8] Jeff Chester and Ed Mierzwinski, “Complaint and Request for Inquiry and Injunctive Relief Concerning Unfair and Deceptive Online Marketing Practices,” Federal Trade Commission, 1 Nov.2006, /sites/default/files/FTCadprivacy_0_0.pdf. CDD and U.S. PIRG filed a supplemental petition a year letter, which included an analysis of advances in behavioral marketing, including through the DoubleClick Advertising Exchange, among others. While the commission staff and commissioners made various proposals, there was no real attempt to address the surveillance ad system. See, for example, , “A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” Dec. 2010, /reports/preliminary-ftc-staff-report-protecting-consumer-privacy-era-rapid-change-proposed-framework.[9] Federal Trade Commission, “Ehavaorial Advertising: Tracking, Targeting & Technology,” meeting transcript, 1 Nov. 2007, pp. 35-36, /sites/default/files/documents/public_events/ehavioral-advertising-tracking-targeting-and-technology/71101wor.pdf. See also, Chester’s comment that “A very sophisticated commercial surveillance system has been put in place,” in Louise Story, “F.T.C. to Review Online Ads and Privacy,” New York Times, 1 Nov. 2007, /2007/11/01/technology/01Privacy.html. [10] Jeff Chester, “CDD, EPIC, USPIRG Opposition to Google/Doubleclick ‘Big Data’ Merger,” Center for Digital Democracy, 11 Sept. 2019, /article/cdd-epic-uspirg-opposition-googledoubleclick-big-data-merger; Roy Mark, “FTC Chair’s Impartiality Questioned,” eWeek, 13 Dec. 2007, /news/ftc-chair-s-impartiality-questioned/; “Conflict of Interest in Google-Doubleclick Merger Review,” EPIC.org, /documents/epic-v-federal-trade-commission/. [11] Tom Krazit, “Consumer Groups Urge Block of Google-AdMob Deal,” CNET, 28 Dec. 2009, /news/consumer-groups-urge-block-of-google-admob-deal/; Jeff Chester, “EPIC and CDD file ‘Unfair and Deceptive’ Practices Complaint at FTC on Facebook/WhatsApp Deal: WhatsApp Users Were Promised Privacy/Now They Will Have Facebook,” Center for Digital Democracy, 6 Mar. 2014, /content/epic-and-cdd-file-unfair-and-deceptive-practices-complaint-ftc-facebookwhatsapp-deal; Jeff Chester, “Big Data Gets Bigger: Consumer and Privacy Groups Call on FTC to Play Greater Role in Data Mergers/Investigation and Public Workshop Needed,” Center for Digital Democracy, 6 Feb. 2015, /content/big-data-gets-bigger-consumer-and-privacy-groups-call-ftc-play-greater-role-data-mergers.[12] “Consumer Groups Petition Federal Trade Commission to Protect Consumers from Mobile Marketing Practices Harmful to Privacy: Complaint Documents the Migration of Data Tracking, Profiling and Targeting to Mobile Phone Devices,” Center for Digital Democracy, 13 Jan. 2009, /mobile-marketing-harmful.[13] Center for Digital Democracy, “Ten Questions that the Federal Trade Commission Should Answer on Cross­ Device Online Tracking of Individuals,” /system/files/documents/public_comments/2015/11/00061-99851.pdf. For a current example of such tracking, see, for example, LiveRamp, “Measurement: Omnichannel Identity Linking,” /our-platform/cross-channel-measurement/omnichannel-identity-linking/. [14] Center for Digital Democracy and U.S. PIRG, “Cookie Wars, Real-Time Targeting, and Proprietary Self Learning Algorithms: Why the FTC Must Act Swiftly to Protect Consumer Privacy,” FTC Privacy Roundtables – Comment, Project No. P095416, 4 Nov. 2009, /sites/default/files/documents/public_comments/privacy-roundtables-comment-project-no.p095416-544506-00013/544506-00013.pdf. [15] Center for Digital Democracy, U.S. PIRG, Consumer Watchdog, and the World Privacy Forum, “Complaint, Request for Investigation, Public Disclosure, Injunction, and Other Relief: Google, Microsoft, QualityHealth, WebMD, Yahoo, AOL, HealthCentral, Healthline, Everyday Health, and Others Named Below,” FTC filing, 23 Nov. 2010, /sites/default/files/public/2015/101123publiccmptdigitaldemocracy.pdf. This complaint was one of several where CDD also placed a spotlight on social media marketing—another area in which the commission has repeatedly failed. For example, the complaint noted that “new surveillance tools have been developed to monitor conversations among social network users to identify what is being said about a particular issue or product. Marketers then work to insert brand-related messages into the social dialogue, often by identifying and targeting individuals considered brand ‘loyalists’ or ‘influencers….’ Increasingly, advertisers are using Facebook’s marketing apparatus—which is largely invisible to its users—…to … connect to the social communications of a very large pool of consumers.” [16] See, for example, Center for Digital Democracy, “Facebook’s Misleading Data and Marketing Policies and Practices,” Oct. 2013, /sites/default/files/field/public-files/2019/ftcfacebookdatapracticesfinal1013.pdf.[17] See for example, Jeff Chester, “Digital Target Marketing to African Americans, Hispanics and Asian Americans: A New Report,” Center for Digital Democracy,18 Feb. 2013, /content/digital-target-marketing-african-americans-hispanics-and-asian-americans-new-report; Center for Digital Democracy, “In the Matter of ‘Privacy and Security Implications of the Internet of Things,” FTC public workshop filing, 1 June 2013, /sites/default/files/documents/public_comments/2013/07/00006-86145.pdf; Jeff Chester, Kathryn Montgomery, and Lori Dorfman, “Alcohol Marketing in the Digital Age,” May 2010, /sites/default/files/documents/public_comments/alcohol-reports-project-no.p114503-00014%C2%A0/00014-58260.pdf.[18] “Children's Online Privacy.” C-Span, 17 Oct. 2018, /video/?453170-1/childrens-online-privacy; Center for Digital Democracy, “Digital Youth,” /projects/focus/digital-youth.[19] Yasmin Borain, “Marketing Trends for 2022: Technology, Artificial Intelligence and Internet of Things,” WARC, Nov. 2021, /content/article/warc-exclusive/marketing-trends-for-2022-technology-artificial-intelligence-and-internet-of-things/141212 (subscription required).[20] Hannah Murphy, “Facebook Patents Reveal How It Intends to Cash in on Metaverse: Meta Hopes to Use Tiny Human Expressions to Create Virtual World of Personalised Ads,” Financial Times, 17 Jan. 2022, /content/76d40aac-034e-4e0b-95eb-c5d34146f647 (subscription required).surveillanceadvertisingftccdd012622b.pdf
    Jeff Chester
  • Congresswomen Anna G. Eshoo (D-CA) and Jan Schakowsky (D-IL) and Senator Cory Booker (D-NJ) Introduce Bill to Ban Surveillance AdvertisingWashington, DC 1-18-2022“Identifying, tracking, discriminating, sorting, targeting, and manipulating online users lies at the heart of all that is toxic about today’s digital world. Surveillance advertising drives discrimination and compounds inequities, it destroys democratic institutions and rights, strengthens monopoly power of Big Tech platforms, and is harmful to children, teens, families, and communities. If enacted, the Banning Surveillance Advertising Act would put a stop to surveillance advertising and would be an important first step in building a digital world that is less toxic to our democracy, economy, and collective well-being,” said Katharina Kopp, Ph.D., Director of Policy for the Center for Digital Democracy.Click here for statements of support.Click here for bill text.Click here for a section-by-section summary.Click here for additional background.