CDD Tells FTC It's Time to Regulate Commercial Surveillance Marketing
Documents 25 years of failures by agency to rein in practices that have eviscerated privacy and consumer protection in the U.S. and globally
The Center for Digital Democracy (CDD) urges the Federal Trade Commission to develop a comprehensive set of rules to address a problem largely of its own makingâthe unfettered growth of commercial âsurveillance marketing.â We submit this comment based on the nearly 25-year record of CDD and its key consumer-protection and privacy colleagues, providing detailed documentation and analysis of the need for the commission to regulate what is known as behavioral, programmatic and surveillance-based advertising.[1]
The systemic and multiple failures of the FTC over the decades to respond meaningfully to the role and nature of online marketingâwhich has eviscerated the privacy rights of Americans (and consumers worldwide)âhave enabled data-driven surveillance to thrive ubiquitously. Nearly every platform, application, device and experience in which Americans engage has been shaped by the commercial spying and manipulation apparatus that the commission has allowed to evolve and expand without constraint.Â
In addition, by long ignoring the impact that the approval of countless mergers and acquisitions involving leading digital marketing companies had on commercial surveillance operations, the commission and Department of Justice have helped foster an online marketplace that is dominated by a few giants. There is no real competition in terms of how Americans are treated in the online surveillance marketing economy. Google, Meta/Facebook, Amazon and their partners set the global standards for how everyone else has to conduct data and digital marketing operations. FTC inaction on commercial surveillance practices has perversely promoted the widespread adoption of these practices. Today, nearly every major company is a big-data-driven information broker, surveillance advertiser, and real-time targeter of consumers.[2]
At each critical momentâthe expansion of behavioral advertising; the emergence of mobile marketing; the widespread adoption of programmatic, real-time, algorithmic-driven buying and selling of people for targeting ads; the deployment of omnichannel (cross-device) tracking and targeting; and the widespread integration of artificial intelligence and machine learning to deliver enhanced predictive targetingâthe failure of the FTC to challenge the online data-driven model sent a message to the commercial surveillance industry, that it faced no serious regulatory or political consequences for its actions. This included regulatory immunity for the host of manipulative elements that are within the foundation of commercial surveillance, such as the deep analysis of a personâs emotions, interests, relationships, location, income, race, and ethnicity.Â
By acting as an âenablerâ to the forces that have shaped our online platform and experiences, the commission has done more than harm consumer protection, privacy and competition. It is also responsible for allowing the online platform marketplace to grow in ways that have undermined democracy, at once diminishing civic discourse, enabling efforts to promote voter suppression, and facilitating the communication and spread of hate speech and uncivil acts, among other major harms.Â
FTCââEyes Wide Shutâ: The commission has been engaged in risk-averse behaviors since the early 1980s, as a reaction to the successful attacks on it by the advertising lobby, which was able to convince Congress that the agency had engaged in regulatory excess when it tried to protect children from the harmful impact of marketing. The legacy of what is known as the âkidvidâ episode, which resulted in a significant loss of its rulemaking authority, has permeated the agencyâs operations for decades. It unleashed a âdonât ask, donât tellâ approach at the commission when it came to seriously confronting the impact of the digital marketplace on the public. Even when it came to childrenâs privacyâthe one area where advocates had successfully convinced Congress to give the agency rulemaking authorityâthe agency repeatedly failed to enforce the law (allowing Googleâs YouTube, for example, to openly violate COPPA for years, despite hearing repeatedly from advocates that it was doing so). The failure of the FTC to seriously implement its only congressionally mandated data-privacy law also sent a loud message to the data surveillance business that the commission wasnât to be taken seriously.
The commission has never condemned the online surveillance model developed by the digital marketing industry. It had countless opportunities to challenge behavioral ads, mobile and geo-location surveillance, social media profiling, and real-time buying and selling of individual profiles for the purposes of micro-targeted advertising.[3]Â In this comment, we will briefly highlight how the FTC has been an âenablerâ of the unfettered operations of surveillance advertising, despite the many calls by CDD and its allies for the agency to act.Â
The FTC and the Information Superhighway:Â At the earliest stages of what was then called the âInformation Superhighway,â cyberspace, or the âNational Information Infrastructure,â the FTC convened multiple âworkshopsâ focused on privacy and related ecommerce issues. Reflecting the priorities of the then-Clinton administration, the commission spent several years imploring marketers to implement a set of âfair information practiceâ principles.[4]During this time, a number of consumer and privacy advocates urged the commission to call on Congress to regulate online data marketing practices. It was evident even thenâespecially to those who had tracked the online marketing business during the âdial-upâ era, that privacy was not a priority at all for the marketing industry. The self-regulatory system was a total sham.[5]
The lone exception to self-regulation was a data privacy law covering children 12 and under, an issue that this NGOâs predecessor group, the Center for Media Education (along with the Consumer Federation of America and the Institute for Public Representation, Georgetown University Law Center) championedâwhich led to the enactment of the Childrenâs Online Privacy Protection Act in 1998.[6]
By the time the commission finally recommended (in 2000) that Congress enact privacy legislation âto supplement self-regulatory efforts and guarantee basic consumer protections,â the political winds had changed. There would be no further progress from Congress on privacy, given the clout of the big data marketing lobby.[7]
Enabling behavioral advertising:Â In 2006, CDD and U.S. PIRG filed a complaint with the commission calling on it to use its Section 5 power to protect consumer privacy online. Specifically, we asked the commission to conduct an investigation of online advertising practices, focusing on five areas of concern: User Tracking/Web Analytics, Behavioral Targeting, Audience Segmentation, Data Gathering/Mining, and Industry Consolidation. As we explained in our petition, âCollectively, these five areas represented the foundations of an entirely new online environment, one in which engagement gives way to entrapment, in which personalization impinges on privacy.â The complaint discussed in detail all the methods used to track and target consumers, via their personal data, mobile phone use, and much more. It also urged action on the growing consolidation of what is now called the platform or ad-tech industry, explaining that
The past few years have witnessed an alarming degree of consolidation in the Web analysis, advertising, and Internet data collection industries. The result of these transactions is not only the concentration of power in fewer hands, but also an increased ability, as our complaint has shown, for these companies to use their massive compilations of user data to violate consumer privacy in the U.S. Such consolidation within the core of the online marketing infrastructure also requires the FTC to conduct an anti-trust analysis to determine whether there is undue market power in this sector.[8]
Ignoring the structure and consequences of behavioral advertising: In part due to the opposition to the proposed Google acquisition of DoubleClick that CDD, EPIC, U.S. PIRG and its allies in the U.S. and in the EU generated (discussed below), the commission convened several workshops, town halls and other forums focused on privacy and online data marketing. As CDDâs executive director, at the FTCâs 2007 âEhavioral Advertising: Tracking, Targeting & Technologyâ event, warned,Â
I just want to underscore that the future of online advertising has profound consequences for the future of our democracy and democracies everywhere. The kind of society we are creating right now for ourselves, and particularly our children, in many ways, is being shaped by the forces of advertising and marketing…. [W]eâve watched since 2000 the ever-growing sophisticated array of techniques that had been deployed to track our every move, not just on individual websites, but through the development of new approaches called re-targeting where we were becoming digitally shadowed wherever we went, site to siteâŚ. [T]he time for fact-finding is over. The Commission is the designated Federal agency which is supposed to safeguard consumer privacy. It must act now to protect Americans from the unfair and deceptive practices that have evolved as part of what the industry calls the digital interactive marketing system.[9]
Endorsing the monopolistic âSurveillance Marketplaceâ: In 2007, EPIC, U.S. PIRG, and CDD filed a complaint opposing plans by Google to acquire DoubleClick. As our initial filing explained, the acquisition, if approved, âwill give one company access to more information about the Internet activities of consumers than any other company in the world.â In a supplemental petition, we explained that âthe massive quantity of user information collected by Google coupled with DoubleClickâs business model of consumer profiling will enable the merged company to construct extremely intimate portraits of its usersâ behavior.â We also identified a major conflict of interest at the commission regarding this deal. Needless to say, it was approved anyway, paving the way for the unprecedented role that Google now plays in our lives, with its domination of the commercial surveillance marketplace.[10]Â (CDD also raised objections to the Google/AdMob, Facebook/Instagram/WhatsApp, and other big-data-driven mergers that the FTC failed to address, again paving the way for the contemporary commercial surveillance apparatus).[11]
Mobile surveillance: In 2009, CDD and U.S. PIRG urged the commission to âto protect consumers from a growing number of deceptive and unfair marketing practices and the resultant threats to consumer privacy that are a part of the rapidly growing U.S. mobile advertising landscapeâŚ. [M]obile devices, which know our location and other intimate details of our lives, are being turned into portable behavioral tracking and targeting toolsâŚ.â The groupâs FTC filing cited a Google official who called the mobile phone âthe ultimate ad vehicle. Itâs the first one ever in the history of the planet that people go to bed with. Itâs ubiquitous across the world, across demographics, across age groups. People are giving these things to ever-younger children for safety and communicationâŚ. [I]t can know where youâve been, where youâve lingered, what store you stopped in, what car dealership you visited. It goes beyond any traditional advertising….â The complaint also discussed the myriad techniques, tactics, mergers and other critical issues to support the commissionâs investigation and action.[12]
Yet the FTC did nothing, and geolocation-based surveillance marketing has thrived, including via the leading platforms. Nor has the commission challenged cross-device tracking, a component of the surveillance marketing industry that financially benefited from the agencyâs inability to protect consumer privacy, as unique identifiers are used to track and target the public.[13]
Real-time programmatic, behavioral and algorithmic-based targeting: Also in 2009, CDD and U.S. PIRG submitted to the commission a comment as part of the agencyâs âPrivacy Roundtableâ process, which noted that
Today, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990âs. So-called âone-to-one marketing,â where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach. âŚAdvertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling. Behavioral targeting is just one tool in the interactive advertisersâ arsenal…. We are being intensively tracked on many individual websites and across the Internet.[14]
The filing called for action to address the buying and selling of individuals via online ad exchanges and giants such as Google; identified many other leading companies and practices; and explained how all of this was affecting mobile-device and social media users. It documented how self-regulation had been a failure, and how the âself-learning of contemporary interactive ad systemsâ threaten privacy and consumer welfare.Â
Again, the FTC ignored these issues, enabling todayâs programmatic (surveillance marketing) system to evolve unchallenged.Â
Surveillance marketing of health behaviors, including through social media: In 2010, CDD and allied consumer and privacy groups filed a petition on the role that behavioral advertising, as well as manipulative ad tactics such as âneuromarketing,â play in the promotion of health and medical products. Google, Microsoft, and others were the subjects of this complaint. As we explained,
A far-reaching complex of health marketers has unleashed an arsenal of techniques to track and profile consumers, including so-called medical âcondition targeting,â to eavesdrop on their online discussions via social media data mining; to collect data on their actions through behavioral targeting; to use viral and so-called âword-of-mouthâ techniques online to drive interest in prescriptions, over-the counter drugs, and health remedies; and to influence their subconscious perceptions via pharma-focused âneuromarketingâŚ. Digital marketing raises many distinct consumer protection and privacy issues, including an overall lack of transparency, accountability and personal control, which consumers should have over data collection and the various interactive applications used to track, target, and influence them online (including on mobile devices). The use of these technologies by pharmaceutical, health product, and medical information providers that directly affect the public health and welfare of consumers requires immediate action.[15]
As before, the FTC did nothing.Â
Failures with Google and Facebook consent-decree enforcement:Â EPIC, CDD and allied consumer and privacy organizations, which helped bring cases against Google and Facebook, repeatedly told high-level commission staff and commissioners that these entities were routinely violating their respective consent decrees.[16]Â The failure of the commission to enforce its own decreesâreflecting the inability of the agency to analyze contemporary digital data and online marketing practicesâpermitted these companies, and the industry as a whole, to expand their surveillance capabilities still further.
Neglecting communities of color: CDD also has repeatedly urged the commission to investigate and address how racial and ethnic data are used to target individuals and groups. For years, such data have been used to subject these communities to unfair treatment through predatory online marketing and other harmful practices. At best, the agency has given lip-service to these issues in the past, but has yet to take any meaningful action.[17]
Failing our children, COPPA enforcement, and teens: CDD (along with Fair Play and Common Sense Media) is also filing comments in this docket on these issues. But we want to underscore that despite our repeated calls for action, the commission has never done anything to protect adolescents. Consequently, when someone turns 13 in the U.S., they are swept into the commercial surveillance marketing system that negatively affects every adult in the U.S.[18]
Where we are today:Â Every day brings advances in the capabilities of commercial surveillance, led by the giant entities that dominate the marketplace, along with their affiliates. As we noted earlier, AI and machine-learning-based data analytic and targeting operations are routine for the commercial surveillance apparatus. And now the industry is poised to add what is known as âemotional intelligence,â a sophisticated new enhancement to ascertain and âunderstand how people feel in order to make AI more emotionally aware. There will be a shift from passive and grey interaction with AI, to an understanding of not only the cognitive, but also the emotive, channels of human interaction.â[19]Â Surveillance applications are also shaping the Internet of Things, the metaverse, and âover-the-topâ streaming video as well.[20]
We urge the commission to act on this petition, as well as calls by civil rights, consumer and privacy groups that it engage in a comprehensive rulemaking that will help promote competition, data protection, fairness and civil rights online.
Â
[1]Â We especially want to single out two individuals whose leadership role in all these years has been so critical, including with the FTC. Marc Rotenberg, who created and led the Electronic Privacy Information Center for decades, has been at the forefront of these and other key digital democracy issues since the earliest days of the internet. Ed Mierzwinski, now senior director, Federal Consumer Program, U.S. PIRG, understood that the same commercial forces that had undermined consumer rights in the âanalogâ world was doing so online as well.Â
[2] So-called consumer data platforms and similar technologies permeate the corporate environment. See, for example, Mariah Cooper, âPepsiCo Launches Data Practice to Help Food and Beverage Retailers Grow,â Campaign, 9 Sept. 2021, /article/pepsico-launches-data-practice-to-help-food-and-beverage-retailers-grow/472436; Josh Wolf, âWhere Does a Customer Data Platform Fit in With My AWS Data Lake?â AWS Blog, 13 May 2021, /blogs/apn/where-does-a-customer-data-platform-fit-in-with-my-aws-data-lake/; Wavicle Data Solutions, âGlobal QSR Uses Micro-segmentation to Improve Customer Engagement and Sales,â Dec. 2020, /wp-content/uploads/2020/12/Quick_Service_Restaurant_Customer_360_032421.pdf.Â
[3] Federal Trade Commission, âPrivacy in the Electronic Age,â The Privacy & American Business Conference, Washington, D.C., 1 Nov. 1995, /public-statements/1995/11/privacy-electronic-age.
[4] Federal Trade Commission, âStaff Report: Public Workshop on Consumer Privacy on the Global Information Infrastructureâ Dec. 1996, /reports/staff-report-public-workshop-consumer-privacy-global-information-infrastructure; Federal Trade Commission, About Privacy: Protecting the Consumer on the Global Information Infrastructure,â 8 Dec. 1998, /public-statements/1998/12/about-privacy-protecting-consumer-global-information-infrastructure; âPrivacy in the Electronic Age.â See also Jeff Chesterâs comments in U.S. Department of Commerce and Federal Trade Commission, âPublic Workshop on Online Profiling, Washington, D C, 8 Nov. 1999, /sites/default/files/documents/public_events/online-profiling-public-workshop/online.pdf.Â
[5] See especially the digital marketing industry fundamental paradigm laid out in Don Peppers and Martha Rogers, The One to One Future (New York: Crown Business, 1993); see also, Jeff Chester, Digital Destiny: New Media and the Future of Democracy (New York: The New Press, 2008).Â
[6] See, for example, Federal Trade Commission, âPrivacy Online: A Report to Congress,â June 1998. /sites/default/files/documents/reports/privacy-online-report-congress/priv-23a.pdf; Federal Trade Commission, âFTC Staff Sets Forth Principles For Online Information Collection From Childrenâ 16 July 1997, /news-events/press-releases/1997/07/ftc-staff-sets-forth-principles-online-information-collection. To better understand the campaign developed to enact COPPA, including the industry pushback on teens, see Kathryn C. Montgomery, Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet (Cambridge, MA: 2007). CDD pressed to have âcookiesâ and other identifiers included as personal information under COPPA. Jeff Chester, âLeading Consumer, Privacy, Child Advocacy & Public Health Groups Call on FTC for Stronger Children's Privacy Safeguards Under COPPA,â Center for Digital Democracy, 25 Sept. 2012, /content/leading-consumer-privacy-child-advocacy-public-health-groups-call-ftc-stronger-childrens.Â
[7] See, for example, Marc Rotenberg, letter to Sen. Jay Rockefeller, Chairman of the Senate Committee of Commerce, Science and Transportation, et al, 5 May 2010, /wp-content/uploads/privacy/facebook/EPIC_FB_FTC_Complaint_Letter.pdf.
[8] Jeff Chester and Ed Mierzwinski, âComplaint and Request for Inquiry and Injunctive Relief Concerning Unfair and Deceptive Online Marketing Practices,â Federal Trade Commission, 1 Nov.2006, /sites/default/files/FTCadprivacy_0_0.pdf. CDD and U.S. PIRG filed a supplemental petition a year letter, which included an analysis of advances in behavioral marketing, including through the DoubleClick Advertising Exchange, among others. While the commission staff and commissioners made various proposals, there was no real attempt to address the surveillance ad system. See, for example, , âA Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,â Dec. 2010, /reports/preliminary-ftc-staff-report-protecting-consumer-privacy-era-rapid-change-proposed-framework.
[9] Federal Trade Commission, âEhavaorial Advertising: Tracking, Targeting & Technology,â meeting transcript, 1 Nov. 2007, pp. 35-36, /sites/default/files/documents/public_events/ehavioral-advertising-tracking-targeting-and-technology/71101wor.pdf. See also, Chesterâs comment that âA very sophisticated commercial surveillance system has been put in place,â in Louise Story, âF.T.C. to Review Online Ads and Privacy,â New York Times, 1 Nov. 2007, /2007/11/01/technology/01Privacy.html.Â
[10] Jeff Chester, âCDD, EPIC, USPIRG Opposition to Google/Doubleclick âBig Dataâ Merger,â Center for Digital Democracy, 11 Sept. 2019, /article/cdd-epic-uspirg-opposition-googledoubleclick-big-data-merger; Roy Mark, âFTC Chairâs Impartiality Questioned,â eWeek, 13 Dec. 2007, /news/ftc-chair-s-impartiality-questioned/; âConflict of Interest in Google-Doubleclick Merger Review,â EPIC.org, /documents/epic-v-federal-trade-commission/.Â
[11] Tom Krazit, âConsumer Groups Urge Block of Google-AdMob Deal,â CNET, 28 Dec. 2009, /news/consumer-groups-urge-block-of-google-admob-deal/; Jeff Chester, âEPIC and CDD file âUnfair and Deceptiveâ Practices Complaint at FTC on Facebook/WhatsApp Deal: WhatsApp Users Were Promised Privacy/Now They Will Have Facebook,â Center for Digital Democracy, 6 Mar. 2014, /content/epic-and-cdd-file-unfair-and-deceptive-practices-complaint-ftc-facebookwhatsapp-deal; Jeff Chester, âBig Data Gets Bigger: Consumer and Privacy Groups Call on FTC to Play Greater Role in Data Mergers/Investigation and Public Workshop Needed,â Center for Digital Democracy, 6 Feb. 2015, /content/big-data-gets-bigger-consumer-and-privacy-groups-call-ftc-play-greater-role-data-mergers.
[12] âConsumer Groups Petition Federal Trade Commission to Protect Consumers from Mobile Marketing Practices Harmful to Privacy: Complaint Documents the Migration of Data Tracking, Profiling and Targeting to Mobile Phone Devices,â Center for Digital Democracy, 13 Jan. 2009, /mobile-marketing-harmful.
[13] Center for Digital Democracy, âTen Questions that the Federal Trade Commission Should Answer on Cross Device Online Tracking of Individuals,â /system/files/documents/public_comments/2015/11/00061-99851.pdf. For a current example of such tracking, see, for example, LiveRamp, âMeasurement: Omnichannel Identity Linking,â /our-platform/cross-channel-measurement/omnichannel-identity-linking/.Â
[14] Center for Digital Democracy and U.S. PIRG, âCookie Wars, Real-Time Targeting, and Proprietary Self Learning Algorithms: Why the FTC Must Act Swiftly to Protect Consumer Privacy,â FTC Privacy Roundtables â Comment, Project No. P095416, 4 Nov. 2009, /sites/default/files/documents/public_comments/privacy-roundtables-comment-project-no.p095416-544506-00013/544506-00013.pdf.Â
[15] Center for Digital Democracy, U.S. PIRG, Consumer Watchdog, and the World Privacy Forum, âComplaint, Request for Investigation, Public Disclosure, Injunction, and Other Relief: Google, Microsoft, QualityHealth, WebMD, Yahoo, AOL, HealthCentral, Healthline, Everyday Health, and Others Named Below,â FTC filing, 23 Nov. 2010, /sites/default/files/public/2015/101123publiccmptdigitaldemocracy.pdf. This complaint was one of several where CDD also placed a spotlight on social media marketingâanother area in which the commission has repeatedly failed. For example, the complaint noted that ânew surveillance tools have been developed to monitor conversations among social network users to identify what is being said about a particular issue or product. Marketers then work to insert brand-related messages into the social dialogue, often by identifying and targeting individuals considered brand âloyalistsâ or âinfluencersâŚ.â Increasingly, advertisers are using Facebookâs marketing apparatusâwhich is largely invisible to its usersââŚto ⌠connect to the social communications of a very large pool of consumers.âÂ
[16] See, for example, Center for Digital Democracy, âFacebookâs Misleading Data and Marketing Policies and Practices,â Oct. 2013, /sites/default/files/field/public-files/2019/ftcfacebookdatapracticesfinal1013.pdf.
[17] See for example, Jeff Chester, âDigital Target Marketing to African Americans, Hispanics and Asian Americans: A New Report,â Center for Digital Democracy,18 Feb. 2013, /content/digital-target-marketing-african-americans-hispanics-and-asian-americans-new-report; Center for Digital Democracy, âIn the Matter of âPrivacy and Security Implications of the Internet of Things,â FTC public workshop filing, 1 June 2013, /sites/default/files/documents/public_comments/2013/07/00006-86145.pdf; Jeff Chester, Kathryn Montgomery, and Lori Dorfman, âAlcohol Marketing in the Digital Age,â May 2010, /sites/default/files/documents/public_comments/alcohol-reports-project-no.p114503-00014%C2%A0/00014-58260.pdf.
[18] âChildren's Online Privacy.â C-Span, 17 Oct. 2018, /video/?453170-1/childrens-online-privacy; Center for Digital Democracy, âDigital Youth,â /projects/focus/digital-youth.
[19] Yasmin Borain, âMarketing Trends for 2022: Technology, Artificial Intelligence and Internet of Things,â WARC, Nov. 2021, /content/article/warc-exclusive/marketing-trends-for-2022-technology-artificial-intelligence-and-internet-of-things/141212 (subscription required).
[20] Hannah Murphy, âFacebook Patents Reveal How It Intends to Cash in on Metaverse: Meta Hopes to Use Tiny Human Expressions to Create Virtual World of Personalised Ads,â Financial Times, 17 Jan. 2022, /content/76d40aac-034e-4e0b-95eb-c5d34146f647 (subscription required).