Publishings Digital Citizen

Working closely with the Electronic Privacy Information Center (epic.org) and US PIRG, CDD led a campaign to oppose (link is external) the acquisition of Doubleclick by Google. CDD opposed (link is external) the deal on privacy, consumer protection and competiton grounds. We all foresaw what would happen if Google was allowed to swallow a leading digital marketing giant--more data collection, industry consolidation, weakening of consumer and privacy rights. It all happened of course, in part because the FTC hasn't ever been able to deal with the marketplace. Here are two of the filings done in this case.

I played a key role (link is external) helping get the Children’s Online Privacy Protection Act (COPPA) passed by Congress in 1998 (when I was executive director of the Center for Media Education). Since then, I have tried to ensure that the country’s only federal law addressing commercial privacy online was taken seriously. That’s why it has been especially egregious to have witnessed Google violating COPPA for many (link is external) years, as it deliberately developed YouTube as the leading site for children. Google disingenuously claimed in its terms of service that YouTube was only meant for those 13 (link is external) and older, while it simultaneously unleashed programming and marketing strategies designed to appeal directly to kids. Google’s behavior sent a message that any powerful and well-connected corporation could ignore U.S. privacy law, even when that law was specifically designed to protect young people. In collaborations with our colleagues at the Campaign for Commercial-Free Childhood (CCFC (link is external)), our attorneys at the Institute for Public Representation (IPR (link is external)) at Georgetown University Law Center, and a broad coalition of consumer, privacy, public health and child rights groups, we began filing complaints at the FTC in 2015 concerning Google’s child-directed practices (on YouTube, its YouTube Kids app, and elsewhere). We also told top officials at the commission that Google was not abiding by COPPA, and repeatedly provided them documentation (link is external) of Google’s child-directed business operations. CCFC, CDD and IPR kept up the pressure on the FTC, in Congress and with the news media (see attached, for example). For a variety of reasons, the FTC, under the leadership of Chairman Joe Simons, finally decided to take action. The result was last week’s decision (link is external)—which in many ways is both historic and highly positive. Google was fined $170 million for its violations of children’s privacy, a record amount in terms of previous COPPA-connected financial sanctions. The FTC’s action also implemented important new policies (link is external) protecting children: Children will no longer be targeted with data-driven marketing and advertising on YouTube programming targeted to kids: This is the most important safeguard. Google announced that starting around January 2020, there would no longer be any form of personalized “behavioral” marketing permitted on YouTube’s programming that targets children. The “Official” YouTube blog post explained that Google “will limit data collection and use on videos made for kids only to what is needed to support the operation of the service. We will also stop serving personalized ads on this content entirely….” Google will require video producers and distributers to self-identify that their content is aimed at kids; it also committed to “use machine learning to find videos that clearly target young audiences, for example those that have an emphasis on kids characters, themes, toys, or games.” Google also explained that child-directed programming on YouTube will receive an additional safeguard—it won’t permit any personalized targeting on its child-directed content. Google committed to make substantial investments in its YouTube Kids (link is external) service: Google launched the YouTube Kids “app” in 2015, claiming it was “the first Google product (link is external) built from the ground up with little ones in mind.” But the app never rivaled the main YouTube platform’s hold on children, and was plagued with a number of problems (such as harmful content). Now, as a result of the FTC investigation, Google announced that it will bring “the YouTube Kids experience to the desktop,” increase its promotion of the service to parents, and more effectively curate different programming that will appeal to more young people—with new tiers of content suitable for “Preschool (ages 4 & under); Younger (ages 5-7); and Older (ages 8-12).” Google created a $100 million fund for “quality kids, family and educational content.” This is another proposal CCFC and CDD made and we are gratified Google acknowledged it bears responsibility to support programing that enriches the lives of children. This is to be a three-year program that is designed for “the creation of thoughtful, original children’s content on YouTube and YouTube globally.” Google has made changes to make YouTube a “safer platform for children:” The company is proactively promoting “quality” children’s programming by revising the algorithm used to make recommendations. It is also not permitting comments and notifications on its YouTube child-directed content. There are questions that still need to be answered about how Google will implement these new policies. For example, will the company prohibit the data targeting of children on YouTube worldwide? (It should.) How will it treat programming classified as “family viewing”—exempt it from the new data targeting safeguards? (It should not be permitted to do so.) Will the new $100 million production fund commit to supporting child-directed non-commercial content (instead of serving as a venture investment strategy for Google to expand its marketing to kids plans). Will Google ensure that its other child-directed commercial activities—such as its Play Store—also reflect the new safeguards the company have adopted for YouTube? Google also targets young people via so-called “influencers,” including videos where toys and other products are “unboxed.” Google needs to declare such content as child-directed (and should refrain from these practices as well). CCFC, CDD and our allies intend to play a proactive role holding Google, its programmers, advertisers and the FTC accountable to make sure that these new policies are implemented effectively. These new FTC-forced changes to how Google serves children are part of our commitment to ensuring that young people around the world grow up in a media environment that respects and promotes their health, privacy, and well-being.

Contact: Jeff Chester, CDD (jeff@democraticmedia.org (link sends e-mail); 202-494-7100) David Monahan, CCFC (david@commercialfreechildhood.org (link sends e-mail); 617-896-9397) Advocates Who Filed the Privacy Complaint Against Google/YouTube Laud Improvements, But Say FTC Settlement Falls Far Short BOSTON, MA & WASHINGTON, DC—September 4, 2019—The advocates who triggered the Federal Trade Commission’s (FTC) investigation into YouTube’s violations of the Children’s Online Privacy Protection Act (COPPA) say the FTC’s settlement with Google will likely significantly reduce behavioral marketing to children on YouTube, but doesn’t do nearly enough to ensure children will be protected or to hold Google accountable. In April, 2018, Campaign for a Commercial-Free Childhood (CCFC) and the Center for Digital Democracy (CDD), through their attorneys at Georgetown Law’s Institute for Public Representation (IPR), filed an FTC complaint (link is external) detailing YouTube’s COPPA violations. Twenty-one other privacy and consumer groups signed on to CCFC and CDD’s complaint, which detailed how Google profits by collecting personal information from kids on YouTube, without first providing direct notice to parents and obtaining their consent as required by law. Google uses this information to target advertisements to children across the internet and across devices, in clear violation of COPPA. Today, the FTC and the New York Attorney General announced a settlement with Google, fining the company $170 million. The settlement also “requires Google and YouTube to develop, implement, and maintain a system that permits channel owners to identify their child-directed content on the YouTube platform so that YouTube can ensure it is complying with COPPA.” Content creators will be asked to disclose if they consider their videos to be child-directed; if they do, no behavioral advertising will be served to viewers of those videos. “We are pleased that our advocacy has compelled the FTC to finally address YouTube’s longstanding COPPA violations and that there will be considerably less behavioral advertising targeted to children on the number one kids’ site in the world,” said CCFC’s Executive Director Josh Golin. “But it’s extremely disappointing that the FTC isn’t requiring more substantive changes or doing more to hold Google accountable for harming children through years of illegal data collection. A plethora of parental concerns about YouTube – from inappropriate content and recommendations to excessive screen time – can all be traced to Google’s business model of using data to maximize watch time and ad revenue.” In a July 3, 2019 (link is external) letter to the FTC, the advocates specifically warned that shifting the burden of COPPA compliance from Google and YouTube to content creators would be ineffective. The letter noted many children’s channels were unlikely to become COPPA compliant by turning off behavioral advertising, since Google warns that turning off these ads “may significantly reduce your channel’s revenue.” The letter also detailed Google’s terrible track record of ensuring COPPA compliance on its platforms; a 2018 study found that 57% of apps in the Google Play Store’s Designed for Families program were violating COPPA despite Google’s policy that apps in the program must be COPPA compliant. And as Commissioner Rebecca Slaughter wrote in her dissent, many children’s content creators are not U.S.-based and therefore are unlikely to be concerned about FTC enforcement. “We are gratified that the FTC has finally forced Google to confront its longstanding lie that it wasn’t targeting children on YouTube,” said CDD’s executive director Jeff Chester, who helped spearhead the campaign that led to the 1998 passage of COPPA “However, we are very disappointed that the Commission failed to penalize Google sufficiently for its ongoing violations of COPPA and failed to hold Google executives personally responsible for the roles they played. A paltry financial penalty of $170 million—from a company that earned nearly $137 billion in 2018 alone -- sends a signal that if you are a politically powerful corporation, you do not have to fear any serious financial consequences when you break the law. Google made billions off the backs of children, developing a host of intrusive and manipulative marketing practices that take advantage of their developmental vulnerabilities. More fundamental changes will be required to ensure that YouTube is a safe and fair platform for young people.” Echoing Commissioner Rohit Copra’s dissent, the advocates noted that unlike smaller companies sanctioned by the FTC, Google was not forced to pay a penalty larger than its “ill-gotten gains.” In fact, with YouTube earning a reported $750 million annually from children’s content alone, the $170 million fine amounts to less than three months of advertising revenue from kids’ videos. With a maximum fine of $41,484 per violation, the FTC easily could have sought a fine in the tens of billions of dollars. "I am pleased that the FTC has made clear that companies may no longer avoid complying with COPPA by claiming their online services are not intended for use by children when they know that many children in fact use their services,” said Angela Campbell, Director Emeritus of IPR’s Communications and Technology Clinic at Georgetown Law, which researched and drafted the complaint. Campbell, currently chair of CCFC’s Board, served as lead counsel to CCFC and CDD on the YouTube and other complaints alleging COPPA violations. She, along with Chester, was responsible for filing an FTC complaint in 1996 against a child-directed website that led to Congress’s passage of COPPA in 1998 (link is external). COPPA gave the FTC expanded authority to implement and enforce the law, for example, by including civil penalties. About the proposed settlement, Campbell noted: “It’s disappointing that the FTC has not fully used its existing authority to hold Google and YouTube executives personally liable for adopting and continuing to utilize a business model premised on ignoring children’s privacy protection, to adopt a civil penalty substantial enough to deter future wrongdoing, or to require Google to take responsibility for ensuring that children’s content on YouTube platforms complies with COPPA.” On the heels of a sweetheart settlement with Facebook, the advocates said the deal with Google was further proof the FTC wasn’t up to the task of protecting consumers’ privacy. Said Campbell, “I support Commissioner Slaughter’s call to state attorney generals to step up and hold Google accountable. Added Chester, “The commission’s inability to stop Google’s cynically calculated defiance of COPPA underscores why Congress must create a new consumer watchdog that will truly protect Americans’ privacy.” Organizations which signed on to the CCFC/CDD 2018 FTC complaint were Berkeley Media Studies Group; Center for Media Justice; Common Sense; Consumer Action; Consumer Federation of America; Consumer Federation of California; Consumers Union, the advocacy division of Consumer Reports; Consumer Watchdog; Corporate Accountability; Defending the Early Years; Electronic Privacy Information Center (“EPIC”); New Dream; Obligation, Inc.; Parent Coalition for Student Privacy; Parents Across America; Parents Television Council; Privacy Rights Clearinghouse; Public Citizen; The Story of Stuff Project; TRUCE (Teachers Resisting Unhealthy Childhood Entertainment); and USPIRG. ###

Statement of Jeff Chester, executive director, Center for Digital Democracy--CDD helped bring the 2009 FTC complaint that is the subject of today's decision on the Consent Order Once again, the Federal Trade Commission has shown itself incapable of protecting the privacy of the public and also preventing ongoing consumer harms. Today's announcement of a fine and--yet again! --improved system of internal compliance and other auditing controls doesn't address the fundamental problems. First, the FTC should have required Facebook to divest both its Instagram and Whatsapp platforms. By doing so, the commission would have prevented what will be the tremendous expansion of Facebook's ability to continually expand its data gathering activities. By failing to require this corporate break-up, the FTC has set the stage for what will be "Groundhog Day" violations of privacy for years to come. The FTC should have insisted that an independent panel of experts--consumer groups, data scientists, civil rights groups, etc.--be empaneled to review all the company's data related products, to decide which ones are to be modified, eliminated, or allowed to continue (such as lookalike modeling, role of influencers, cross-device tracking, etc.). This group should have been given the authority to review all new products proposed by the company for a period of at least five years. What was needed here was a serious change in the corporate culture, along with serious structural remedies, if the FTC really wanted to ensure that Facebook would act more responsibly in the future. The dissents by Commissioners Chopra and Slaughter illustrate that the FTC majority could have taken another path, instead of supporting a decision that will ultimately enable the problems to continue. Today's decision also dismisses all other complaints and requests for investigation related to Facebook's consent decree failures--a huge giveway. The FTC should be replaced by a new data protection agency to protect privacy. The commission has repeatedly demonstrated that--regardless of who is in charge--it is incapable of confronting the most powerful forces that undermine our privacy--and digital rights.

For years, consumer and privacy advocates attempted to get the Federal Trade Commission to act responsibly when it came to ensuring that the digital giants treated the public fairly, including their privacy. Since the mid-1990's, when I first started working to press the commission to be more responsive to the threats to autonomy and fairness triggered by the unrelenting and stealth gathering of all of our personal information (often working with EPIC), I was confronted by an agency which was so cautious, it blinded itself to the problems. The agency has never been able to address the role that digital marketing plays, for example, in manipulating people, helping it collect even more data on individuals. It refused to stop or curtail "Big Data" connected mergers or acquisitions, even though these deals further eroded our privacy. Overall, regardless of political party, the FTC has too often been timid, fearful, weak-kneed to industry, uninformed. Indeed, I believe that the massive global erosion of privacy and the growth of universal commercial surveillance is due, in large part, to the failure of the FTC to stop Google, Facebook and others from constantly expanding how they are able to get control over our personal details and use it anyway they desire. The FTC is an un-indicted conspirator in any privacy case. Cambridge Analytica was merely emblematic of the way the digital data marketing industry operates daily throughout the world. It wasn't an aberration, and there were and are many more like it. During the nearly 25 years I worked to pressure the FTC to do "the right thing," I and my many colleagues attempted to be a voice of information, conscience, political pressure. It helped no doubt. But I don't think we can save the agency at this point. We need a new digital watchdog that is set up from the get go with a clear mission to protect and empower the public--including ensuring their civil rights. Here's a memo, btw, we sent to Jim Kohm and other FTC officials working on the Facebook consent decree in 2013. We also organized a briefing for them; sent them trade stories, documenting the many ways we believe Facebook was violating its 2011 agreement. We gave them similar information on Google and its own consent decree failings. The FTC staff didn't see the problem. We can discuss why at some point, but I gather it's because they don't really want to tackle the forces that shape contemporary digital marketing. This is a sad story of the consumer agency that has a "don't ask, don't tell me" attitude when it comes to the powerful companies shaping our digital lives.