program areas Digital Consumer

September 25, 2018 Contact: Jeff Chester-202-494-7100 David Monahan 617-896-9397 For Immediate Release Child Advocacy and Consumer Groups Tell FCC to Keep Key TV Safeguards for Children Overturning Children’s TV Act rules will harm kids and be a huge giveaway of public airwaves to broadcast and cable companies Three leading nonprofit groups working to advance the interests of children in the digital era told the Federal Communications Commission (FCC) that its plan to dismantle long-standing safeguards designed to ensure all children have access to quality TV programing will harm American kids. The proposal to jettison guidelines which require broadcast TV stations air a minimum of three hours a week of educational programming on their primary channel and additional programming on multicast channels would significantly reduce the availability of higher quality shows, they explained in a filing (link is external) today. “The FCC seeks to strip away one of the only federal rules that helps both children and parents,” explained Jeff Chester, executive director of the Center for Digital Democracy. Chester helped lead the campaign back in the 1990’s that led to the current CTA rules. “It is also one of the only concrete public-interest requirements that Congress mandated in exchange for free use of the public airwaves, which allow television stations to earn vast revenues from both advertising and fees paid by cable companies. Just as the GOP FCC majority did when it killed network neutrality, the commission only seems interested in protecting the interests of the big broadcast and cable companies,” Chester said. “The Commission’s proposal would effectively eliminate children’s programming on broadcast television, where at least there are some limits on commercialism,” said Campaign for a Commercial-Free Childhood executive director Josh Golin. "Internet and mobile platforms for children are rife with many types of unfair and deceptive marketing that aren’t allow on kids’ TV. Rather than facilitating a race to the bottom, the FCC should work with lawmakers and the FTC to develop cross-platform rules to ensure all children access to quality, commercial-free media regardless of the platforms and devices their families own.” Without citing any evidence about the quality, cost and availability of children’s educational programs delivered by other means, the FCC claims that because children can watch children’s educational programs on cable, YouTube, Netflix, Amazon and Hulu, commercial television stations should not be required to air children’s educational programming. But in comments drafted by the Georgetown Law Communications and Technology Clinic, the advocates note, “To use non-broadcast services, households must have access to cable or broadband service, and be able to afford subscription fees and equipment. Children who live in rural areas, or whose families are low-income, and cannot access or afford alternative program options, will be hurt the most” if the FCC proposal is adopted. The three groups—Center for Digital Democracy, Campaign for a Commercial-Free Childhood, and the Benton Foundation—pledged to educate the public, including parents, educators and concerned citizens, so they can raise concerns with the FCC and other policy makers. --30--

Leading consumer privacy organizations in the United States write to express surprise and concern that not a single consumer representative was invited to testify at the September 26 Senate Commerce Committee hearing “Examining Safeguards for Consumer Data Privacy.”

Consumer advocates, digital rights, and civil rights groups are calling on U.S. companies to adopt the requirements of the General Data Protection Regulation (GDPR) as a baseline in the U.S. and worldwide. Companies processing personal data* in the U.S. and/or worldwide and which are subject to the GDPR in the European Union, ought to: - extend the same individual privacy rights to their customers in the U.S. and around the world; - implement the obligations placed on them under the GDPR; - demonstrate that they meet these obligations; - accept public and regulatory scrutiny and oversight of their personal data practices; - adhere to the evolving GDPR jurisprudence and regulatory guidance (*Under the GDPR processing includes collecting, storing, using, altering, generating, disclosing, and destroying personal data.) Specifically, at a minimum, companies ought to: 1. Treat the right to data privacy as a fundamental human right. - This right includes the right to: + Information/notice + access + rectification + erasure + restriction + portability + object + avoid certain automated decision-making and profiling, as well as direct marketing - For these rights to be meaningful, give individuals effective control over the processing of their data so that they can realize their rights, including + set system defaults to protect data + be transparent and fair in the way you use people’s data 2. Apply these rights and obligations to all personal data including to data that can identify an individual directly and indirectly. 3. Process data only if you have a legal basis to do so, including - On the basis of freely given, specific, informed and unambiguous consent - If necessary for the performance of a contract 4. In addition, process data only in accordance to the principles of fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality/security. 5. Add extra safeguards, including explicit consent, when processing sensitive personal data (such as data about ethnic or racial origin, political opinions/union membership, data concerning health, sex life or sexual orientation, genetic data, or biometric data) or data that reveals sensitive personal data, especially when using this data for profiling. 6. Apply extra safeguards when processing data relating to children and teens, particularly with regard to marketing and profiling. 7. Be transparent and accountable, and adopt technical and organizational measures to meet these obligations, including - Provide for algorithmic transparency - Conduct impact assessments for high risk processing - Implement Privacy by Design and by Default - Assign resources and staff, including a Data Protection Officer - Implement appropriate oversight over third party service providers/data processors - Conduct regular audits - Document the processing 8. Notify consumers and regulatory authorities in case of a breach without undue delay. 9. Support the adoption of similar requirements in a data protection law that will ensure appropriate and effective regulatory oversight and enforcement for data processing that does not fall under EU jurisdiction. 10. Adopt these GDPR requirements as a baseline regardless of industry sector, in addition to any other national/federal, provincial/state or local privacy requirements that are stricter than the requirements advanced by the GDPR.

The European Union's updated data protection legislation comes into effect in Europe on May 25, 2018. It gives individuals new rights to better control their personal information and strengthens some of the rights that already exist. Enforcement and redress mechanisms have also been strengthened to ensure that these rights are respected. And – importantly – the definition of personal data is wider in the GDPR than in the current EU legislation, and now includes online identifiers, such as an IP address. Read the summary of the eight rights here. The right to information to access to rectify to delete (or “to be forgotten”) to restrict processing to data portability to object to avoid automated decision making and profiling.

The European General Data Protection Regulation (GDPR) will take effect May 25, 2018. The Trans Atlantic Consumer Dialogue (link is external) (TACD), of which CDD is a member, published a document detailing 10 things that US citizens and companies need-to-know about the forthcoming General Data Protection Regulation (GDPR).

In an open letter to Facebook's CEO Mark Zuckkerberg, members of the Transatlantic Consumer Dialogue urge the company "to confirm your company’s commitment to global compliance with the GDPR".

Internet service provider (ISP) giants, which dominant how Americans gain access to broadband Internet, cable TV, streaming video, and other telecommunications services, are aggressively expanding their capabilities to gather and use personal data. Leading ISPs AT&T, Comcast and Verizon are taking full advantage of all information flowing from PC’s, mobile phones, set-top boxes, and other devices. ISP giants are using “Big Data” analytics, artificial intelligence, and an array of cutting-edge technologies to identify who we are, what we do and how best to target us with marketing and advertising. They are also working closely with data brokers to gain access to even more personal information. AT&T, Comcast and Verizon, for example, work with Acxiom’s LiveRamp (link is external) subsidiary to build robust profiles that help them identify us regardless of what devices we may be using at the moment. ISPs envision a future in which we are continuously connected to their vast digital media networks for nearly everything we do. Through their monopolistic control over key broadband, cable TV, and satellite networks, ISPs are able to closely monitor what we do online—including both in and out of home, school or work. Marketers are told by ISPs that they can use their data and networks to “micro-target” an individual on all their “screens,” including for financial, health, retail and even political advertising. They are also positioning themselves to play an important role as our society is further transformed by digital technology, such as with so-called “smart homes,” (link is external) “connected cars,” the Internet of Things (link is external), and high-speed “5G (link is external)” networks. Last year, the Republican majority in Congress and the Trump administration eliminated (link is external) what have been the only federal consumer privacy protections afforded to all Americans—safeguards enacted in October 2016 by the Federal Communications Commission (FCC) that required ISPs to engage in responsible data practices. ISPs saw that important FCC data-protection safeguard as a formidable obstacle to their plans to “monetize” consumer data. With Network Neutrality—a critical requirement to ensure an open and democratic Internet—also ended by the same FCC, phone and cable ISPs have vanquished federal protections for fair treatment of consumers online—including with their data. Unless states weigh in with safeguards, AT&T, Comcast, Verizon and other major ISPs will pose—despite their denials—a major threat to consumer privacy. With ISPs especially touting their prowess to capitalize on a consumer’s location, states have an especially important role to play protecting the public from “hyper-local targeting” and other geo-marketing practices. Here are just some recent developments on ISP consumer data and digital marketing practices. AT&T, according to the Trump administration’s Department of Justice filing (link is external) opposing its acquisition of Time Warner, is “the country’s largest distributor of traditional subscription television; the second largest wireless telephone company, third largest home internet provider; one of the largest providers of landline telephone service; and also the country’s largest Multichannel Video Programming Distributor (MVPD), with more than 25 million subscribers.” Its control over broadband, satellite, and mobile telecommunications services is a key reason why AT&T tells marketers that it has “More Scale, More Targeted, More Screens…advanced TV and multi-screen solutions for your brand.” Last February, trade publication DigiDay leaked AT&T’s “pitch deck (link is external)—highlighting what it called its “digital video advantage.” That advantage includes “the ability to access the hottest content on TV and across platforms; the ability to reach the multi-platform viewing audience in a single buy; premium and non-skippable inventory” (ads a consumer can’t avoid). AT&T’s DirecTV is positioned by the pitch deck as an effective competitor to streaming video services offered by Amazon, Netflix and YouTube. Through several data advertising platform partners, AT&T offers real-time ad targeting of individuals who view streaming video and other online content. The pitch deck breaks down AT&T’s DirecTV audience, in order to help advertisers more effectively reach Hispanics, African Americans and households with children. Its 2017 “Media kit” explained how the company helps advertisers reach individuals on all their devices, giving marketers the ability to “serve ads to the same target audience on TV and digital devices across tens of billions of impressions.” AT&T especially highlights its deep relationship (link is external) with consumer data providers, including Equifax, Experian, Crossix, Neustar, and Nielsen Catalina. These allies help AT&T target its subscribers with ads promoting loans and other financial services. AT&T Adworks has recently opened (link is external) a “new state-of-the-art-media lab”—an “interactive space designed to inspire marketers…[that] shows the future of media consumption and how marketers can most efficiently reach their targets across any platform.” Designed to reflect how digital media reflects “the consumer’s life,” the lab enables advertisers to “interact” by using “data visualization tools” to see how individuals can be targeted through streaming video, Internet of Things devices, on mobile phones and even via data-enriched outdoor advertising. Comcast: The cable TV colossus, which also operates Universal Studios, NBC, and several digital advertising and technology firms, is committed to better leveraging “Big Data.” Comcast sees itself at the “center (link is external) of the household building connections between users, devices, products, and services.” Comcast is developing capabilities to take better advantage of the insights generated (link is external) by its “systems capable of processing billions of events per day.” This includes identifying actionable data, including in “real time,” generated from its video and Internet platforms. Through its “identity strategy,” (link is external) Comcast plans to deliver a “transformative customer experience” that will market to us online “throughout the customer lifecycle.” To help accomplish this, Comcast is building out its “Big Data” capabilities at the “enterprise level,” including for “event processing, analytics,” storing our information in the cloud, and various forms of digital “testing and optimization.” Comcast’s “Applied Artificial Intelligence (AI)” group (link is external) is working to create “intelligent applications that [can] impact millions of people on a daily basis.” Among its projects involving “machine learning” are ways to “build (link is external) virtual assistants that interact with millions of customers in natural language and automatically find solutions to their needs.” It’s part of a much larger “Technology and Product” research infrastructure at Comcast that has offices in Silicon Valley, Philadelphia, Denver, Chicago and Washington, DC. Comcast is also deploying “blockchain” insights platform technology, which it calls BlockGraph (link is external), to help develop more detailed digital dossiers on consumers so they can be targeted for advertising and other services. Comcast’s “FreeWheel” (link is external) subsidiary, with offices in Paris and other global locations, is an advertising, data management and digital rights management technology company. FreeWheel helps video and digital media companies deploy what it calls a “unified ad management platform.” That system allows clients to engage in “intelligent ad decisioning (link is external) across all devices, environments, and data sets….” FreeWheel’s customers, which for the U.S. market include AT&T’s DirectTV, Fox, Time Warner and Viacom, can use its technologies to “unify audiences across desktop, mobile, OTT (so-called Over-the-Top streaming video), and [cable TV] set-top boxes [to] profitably monetize their content.” Comcast’s growing expansion (link is external) in data-driven marketing—operated by both its Advanced Advertising Group and Spotlight service—involves FreeWheel and other acquisitions, including Visible World and Strata. Strata (link is external), for example, is now partnering with “Choozle,” a Big Data-oriented advertising system that helps marketers target a consumer on social, mobile, video and other platforms. The Comcast’s Strata and Choozle (link is external) alliance “will allow thousands of advertising agencies to access detailed consumer data to execute digital advertising campaigns as conveniently as they would buy local TV advertising.” Comcast’s NBCUniversal division has also deepened its use of data-driven techniques to target its viewers. NBCU has its own “advanced advertising” platform (link is external)—Audience Studio—and is promising marketers that its “Total Audience Delivery” will help target (link is external) a consumer on “digital, linear, mobile and out-of-home viewing.” Its “data-based” profiling of its viewers includes information provided by “set top data from Comcast” and other sources. NBCU’s “Audience Studio Targeted Digital,” for example, enables advertisers to reach “digital (link is external) audiences” who view its portfolio of “entertainment, lifestyle, news, sports and Hispanic” content. Comcast’s NBCU urges advertisers to provide them their own (first-party) information on consumers so it can be merged with the TV network’s data. The result, claims NBCU, is that marketers will reach their “objectives through precision targeting at unequaled scale.” What NBCU means is that the same kinds of sophisticated capabilities that Comcast relies on to reach its broadband consumers are also available through its TV subsidiary. Verizon: To further its plans to harvest consumer information to bolster its “differentiated data” ad-targeting capabilities, Verizon has created a new division called “Oath.” (link is external) Incorporating “50 media and technology brands that engage more than a billion people around the world, the Oath portfolio includes HuffPost, Yahoo Sports, AOL, Tumblr, Yahoo Finance, Yahoo Mail” and other properties. Oath operates a real-time data targeting apparatus called One (link is external). It also owns a leading digital video ad company called BrightRoll (link is external) that delivers targeted marketing in real time to streaming video. The result of Verizon’s investments, it explains, is the “most advanced and open advertising technology” system (link is external) that “spans across mobile, video, search, native and programmatic ads.” Verizon’s Oath promises its clients it delivers “people based marketing (link is external).” People-based marketing is a marketing industry euphemism for using our personal data to identify us online. In the case of Verizon’s Oath, that includes our “location, passions and interest from social (media), purchase intent from search and advertising engagement, cross device identity from users mapped across devices, favorite content from web, app and Smart TV data, on and offline purchases and recent store visits from mobile geolocation data.” Oath explains that its “suite (link is external) of advertising technology lets you activate this data to find and message consumers all along their journey.” Verizon acquired AOL after that company had made its own considerable acquisitions of data targeting companies, including those that access mobile (link is external) data from apps. Consequently, Verizon can claim that “Oath has the industry’s largest mobile demand portfolio to help you monetize across every device…,” including in real-time. This is just a brief snapshot of leading ISP data and digital marketing practices today. ISPs’ unfettered control over broadband communications enable them to eavesdrop on the communications and behaviors of millions of individuals and households. Without consumer safeguards, they will further mushroom into even more formidable—and unaccountable—gatekeepers over our information and privacy.