Publishings Digital Consumer

The Center for Digital Democracy (CDD), a leading US NGO specializing in consumer data protection issues in the digital marketplace, is pleased to respond to the request that we provide information applicable to first annual review of the EUUS Privacy Shield. CDD has been assessing the Privacy Shield since it came into force in 2016, in part as a result of its work coordinating the activities from the US side of the Transatlantic Consumer Dialogue (TACD) working group on the Information Society. EU citizens and consumers who deal with companies enrolled in the Privacy Shield program confront a serious erosion of their data protection and privacy rights. The rights of EU citizens under the Privacy Shield program are not equivalent to how they would be protected by EU law. We urge the Commission and EU Data Protection Authorities to suspend the Privacy Shield in light of its lack of any policies, rules, or enforcement that would provide meaningful adequacy or equivalency. The Commission should insist that U.S. companies targeting EU citizens or consumers must operate under the forthcoming General Data Protection Regulation (GDPR) framework. For this submission, we reviewed the activities of several major U.S. companies enrolled in the Privacy Shield program, examining their submissions on the U.S. Commerce Department website (including descriptions of their activities, the link to and content of their privacy policy statements). We compared these statements to the actual data collection and use-related activities conducted by the companies, including their own descriptions of how they operationalize their business goals. We supplemented this analysis with the information that CDD extensively gathers on the commercial digital marketplace, such as automated “programmatic” decision making and other contemporary consumer-directed applications. --- For the full PDF of the letter, see attachment in link below.

Public Knowledge joined by the Consumer Federation of America, the Center For Digital Democracy, Consumer Action, Consumer Federation of California, and the Privacy Rights Clearinghouse writes a letter urging the Federal Trade Commission Acting Chairman, Maureen Ohlhausen, to protect consumer privacy. The letter is asking the FTC Chairwoman to publicly and expeditiously resolve a pending complaint concerning cable TV and satellite TV privacy. --- June 12, 2017 Maureen Ohlhausen Acting Chairman Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Dear Acting Chairman Ohlhausen: The Federal Trade Commission (FTC) has long protected consumer privacy, in tandem with other agencies, and you recently reiterated your dedication to protecting consumer privacy in the digital age through FTC enforcement. We therefore urge the FTC to quickly resolve the complaint filed one year ago by a coalition of consumer advocates. The complaint provides evidence that the nation’s cable and satellite providers have and continue to deceive consumers about their privacy practices by failing to provide adequate notice, in violation of Section 5 of the FTC Act. Since the complaint was filed, leading Internet Service Providers, cable and telephone companies have significantly expanded their ability to gather, analyze and make actionable data that is used to target subscribers, their families, and other consumers. --- See the link below for the full PDF of the complaint.

Chart: Here’s How 5 Tech Giants Make Their Billions Courtesy of: Visual Capitalist (link is external) For the full article visit, http://www.visualcapitalist.com/chart-5-tech-giants-make-billions/ (link is external)

Facebook should immediately release all documents describing how it collected and analyzed psychological information it recently (link is external) collected about its youngest users, some as young as 14, and college students, Public Citizen and a coalition of 25 groups said in a letter (link is external) to the corporation today. The groups are concerned about how this information might have been used or may be used in the future by marketers and others to take advantage of young people’s emotions, all without users’ knowledge. Marketing companies and Facebook have secretly moved to tap into teens’ emotions and developmental vulnerabilities strictly for profit, the letter says. The groups want to know how the data was used, when it was used, how many users were impacted and the names of the companies that received the data. “What began as a way for college students to keep in touch has morphed into a platform for brand-saturated marketing and psychological manipulation,” said Kristen Strader, campaign coordinator for Public Citizen’s Commercial Alert campaign. “It is incumbent upon Facebook as a cultural leader to protect, not exploit, the privacy of young people, especially when their vulnerable emotions are involved.” According to The Australian (link is external) newspaper, Facebook presented research to one of its advertisers that shows it collects sensitive data regarding young users’ emotions and “mood shifts.” The research detailed how Facebook can analyze sensitive user data in real time to determine how young users are communicating emotion, and at which points during the week they are doing so, the letter continued. Facebook’s research was conducted without users’ knowledge, which raises ethical concerns. “Because Facebook plays such a powerful role in the lives of teens, it must adopt a policy that respects and protects them,” said Dr. Kathryn Montgomery, professor of communication at American University and a consultant to the Center for Digital Democracy. “This should include not only strong safeguards for its advertising and data practices, but also clear limits on the kinds of research it conducts for marketing purposes. Under no circumstances should marketers be using emotional states, stress levels, biometric information or other highly sensitive data to target users. And this should apply to both young people and adults.” “Facebook needs to come clean and publicly release the full internal document, reported in The Australian, describing how Facebook collected and analyzed psychological information on high school students, college students and young users, said Finn Lützow-Holm Myrstad, European Union co-chair of the Transatlantic Consumer Dialogue. “The burden of proof is on Facebook to document publicly that they don’t collect and use such information. We are concerned that companies don’t overreach and abuse their users’ fundamental right to privacy and data protection.” The public, its users and elected officials have a right to know how pervasive this research was, who was affected and how the company will ensure it does not occur again, the groups said. The only way to fully address those concerns is to publicly release the internal document and related materials, accompanied by a more detailed explanation from Facebook of what was intended, what happened and the company’s actual practices, the letter says. —30— --- See full PDF of letter to Facebook below.

President Trump has killed the first real protections for commercial privacy that Americans have online. Phone and cable giants, allied with the GOP Congressional majority, have just voted to overturn the historic consumer-data safeguards adopted last year by the Federal Communications Commission (FCC). AT&T, Comcast, Verizon—the country’s dominant providers of high speed broadband—along with industry and Congressional GOP allies, intensely opposed the new FCC rule. Why? Merely because it gives Americans some say in whether their sensitive information, such as web browsing activity and geo-location, can be used for digital marketing purposes. That’s right. The new FCC safeguard that was tossed into the legislative waste bin merely says that ISPs must first ask for permission before they can take this personal data in order to target us. Such an “opt-in” approach, requiring prior informed consent, is heretical to digital marketers, whose profits depend on using all of our information without ever really having to ask to do so. Until the FCC stepped in, it was the Federal Trade Commission (FTC) that served as the primary federal agency handling Internet privacy. But unlike the FCC, which can readily issue regulations to protect the public, the FTC is constrained from doing so. More than three decades ago, the advertising industry successfully lobbied Congress to curb that agency’s rulemaking authority (during a fight over another media issue—whether there should be limits on children’s advertising). Primarily, the FTC can only punish companies that engage in “unfair” or “deceptive” acts—such as lying to customers about how they use or protect our information. But if a company writes a privacy policy that basically provides them with unlimited access to all our data—which is what they do—the FTC is basically powerless to do anything at all. Which is why the phone and cable giants—along with Google and Facebook—prefer the FTC. It provides the illusion of having actual oversight and limits, when really nothing much is possible. Under the FTC’s watch, Americans have just experienced an unprecedented loss of their privacy. In the last few years, for example, digital marketers have aggressively pushed the boundaries of what information they gather from us and how it can be used. Our offline and online data is now routinely merged, generating “profiles” that connect our street address to the “cookies” and other online identifiers provided by our digital devices. Our precise geo-location is also regularly captured by mobile phones and “apps” that stealthily send our whereabouts to online companies and retail stores. Massive one-stop data broker “clouds” have emerged that provide reams of information, including about our finances, health, political interests, ethnicity—sold to marketers large and small. Our data “profiles”—digital dossiers—have become invaluable corporate assets that are bought and sold in milliseconds by powerful computers scattered across the globe, our identities traded for profit, as if they are just another commodity. Ongoing advances in how data are analyzed and used—so called “Big Data”—is ushering in even more ways companies can more precisely determine who we are, what we do, where we go, and how we should be treated. The leading phone and cable broadband ISPs have made major investments in tapping into the latest “Big Data” techniques. For example, Verizon recently introduced “Smartplay,” which helps deliver “smarter advertising” by creating what it calls “individual viewer personas that capture viewing history, account profile details and other valuable data….” Comcast Labs employs “Big Data research teams” that have expertise in “machine learning algorithms, forecasting models, intelligent image and video search, automated scene analysis, voice biometrics, recommender systems, personalization, and deep metadata.” AT&T is relying on its “Consumer Insights Platform” team to turn “big data into big insights….” ISPs also partner with leading data providers, such as Acxiom and Oracle, to enhance the robust details they already have about their broadband and video service subscribers. The big ISPs have also been on a shopping spree, acquiring companies that further their digital data advertising clout. Verizon acquired AOL and is now in the process of buying Yahoo; AT&T bought the leading satellite TV company, DirecTV, in part because of its digital ad capabilities; it now wants to fold Time Warner into its empire. Comcast has swallowed up ad-tech companies such as Visible World, FreeWheel, and StickyAds (and its NBC subsidiary has also embarked on its own formidable data-driven ad initiative). It is precisely because ISPs provide us access to residential broadband or wireless networks that they have a unique window into our lives. While Google and Facebook have their own far-reaching capabilities, they are primarily ad-supported marketing companies. When we pay a (hefty) monthly subscriber fee for Internet access, we should not also be exposed to having our Internet provider capture every bit of information it can, let alone tie that data together with what we do when we use our mobile and gaming devices or watch TV. The FCC’s new privacy rule builds on the agency’s network neutrality policy requiring that companies providing access to the Internet must operate in a fair and nondiscriminatory manner. Long-standing safeguards for protecting the privacy of our voice conversations over the telephone network have been brought into the 21st century—and now it’s also our broadband communications that must be respected. (Network neutrality is also under threat of elimination by the Trump FCC.) The ISPs and ad industry lobbyists disingenuously claim that having the FTC protect consumer privacy for all Internet companies, including ISPs and data giants like Google, is the most effective approach. It would be so, perhaps, if the FTC had any real clout. Many of the companies and trade groups urging that the FTC replace the FCC as a privacy regulator have lobbied against giving the trade commission actual authority to do so. They cynically know that turning over our broadband privacy to the FTC will mean business as usual—more of our offline and online data endlessly flowing into sophisticated databases that provide advertisers and other commercial entities (and perhaps government) detailed actionable blueprints of our lives. It will also mean that the only real potential privacy protection Americans have had to make their own mind up about whom to share data with and for what purpose will be lost. The ISPs, data-marketing companies, and their supporters are also fighting against the privacy rule because they know we are also on the eve of a new era—the Internet of Things—that will generate even more personal information about us. In today’s digital era, data is power. And that power should be in the hands of the people—not those that wish to financially and politically benefit by harvesting our information. --30-- President Trump has killed any hope that Americans would enjoy basic privacy protections online. By signing the bill, Mr. Trump has allied himself with the telecommunications and digital media giants who seek to profit from every detail of our lives. This is a betrayal of the American people and an insult to our democracy. All that the FCC safeguard did was to require cable and phone companies to ask for permission before they could profit from a person’s most sensitive information—including that individual’s web browsing, geo-location, financial details and data on children. President Trump helped the special interests and abandoned American families. Mr. Trump directly benefited from the absence of any federal privacy law or rule that protects having our information easily made available to commercial interests. His senior counselor Steve Bannon has been paid by and has investments in data-marketing firm Cambridge Analytica, which helped the Trump campaign. Mr. Bannon would have understood that the new federal privacy protections would enable the public to restrict the flow of commercial data going to political campaigns. We find this potential conflict of interest troubling, and it requires further scrutiny. (Kellyanne Conway was also a Cambridge Analytica consultant.) While today’s action by the president ends the FCC broadband privacy rule approved last October, we believe the public has also won something significant. For the first time, millions of Americans have been informed that they have little or no privacy on the Internet and when they use their mobile devices. Moreover, we have assembled one of the largest public-interest coalitions ever to advance consumer privacy protections. Many policymakers—on both sides of the aisle—have declared themselves as advocates for stronger protections. We will be back. But today, President Trump has given America a digital black eye before the world—a world in which most advanced nations understand that personal privacy is a fundamental democratic right. - Jeff Chester is executive director of the Center for Digital Democracy, a Washington-DC-based consumer digital rights group.

The following can be attributed to Katharina Kopp, Policy Director, Center for Digital Democracy. --- Today’s House vote to overturn the first major Internet privacy protection for Americans, may be a win for ISP monopolies, but it’s a tragic loss for our democracy. Broadband providers, such as AT&T, Comcast and Verizon, will now be able to sell our sensitive information to the highest bidder without first receiving our permission. We believe today’s misguided vote will unleash even more “Big Data” profiling and tracking of Americans, and spur an array of discriminatory practices. Without any restraints, ISPs will dramatically erode what should be an important American fundamental right—that of privacy. If President Trump allows this bill to become law, his Administration will place new burdens on hard-working Americans and their families—who will be at the mercy of a handful of digital giants. CDD and our allies, here and in the EU, pledge to continue our fight against the special interests that have gained new ways to control how we use the Internet and other digital media. Contact: Jeff Chester Executive Director Center for Digital Democracy Washington, DC. www. democraticmedia.org jeff@democraticmedia.org (link sends e-mail) 202-494-7100

Edith Ramirez brought the FTC into the 21st century. Under her leadership, the agency made it clear that new technologies had to treat consumers fairly, including when it came to protecting their privacy. Through enforcement, litigation, and publicly exposing new threats, Edith Ramirez’s commission has created a unique consumer protection legacy that will have a long-lasting and positive impact. Ramirez’s tenure has also been marked by a strong commitment to protecting economically vulnerable and other at-risk consumers, including those who reflect the country’s diversity. More than any other federal agency, Ramirez’s FTC understood how the emerging “Internet of Things”—where we are always connected online—provided both a promise and a threat. Through a series of cutting-edge cases—Snapchat, (link is external) D-Link (link is external), inMobi (link is external) and Turn (link is external), for example—the commission made it clear that tech companies that deceived consumers or failed to protect their security would be punished and publicly shamed. Companies, including Amazon (link is external), Google (link is external) and Apple (link is external), that failed to ensure that consumers who purchased apps had been treated fairly had to change their practices. New and deceptive ways in how companies advertise to the public also came under her scrutiny, including the role of “influencers.” Cases included Machinima (link is external) and Warner Brothers (link is external), for example. Ramirez assembled a highly effective and strategic consumer protection team, led by bureau director Jessica Rich. The commission played a major role in the $10 billion settlement with Volkswagen (link is external), and also pursued cases where vulnerable consumers had been financially harmed (such as DeVry (link is external) University and Cancer Fund of America (link is external)). It also took on challenging cases to make it clear that the agency had the authority and responsibility to proactively act in the best interests of consumers (e.g., Wyndham, (link is external) Herbalife, (link is external) and Lifelock (link is external)). Ramirez cast a spotlight on emerging privacy issues involving “smart TV’s,” cross-device tracking, and other technologies. The agency also created a new Office of Technology Research and Investigations, within the Bureau of Consumer Protection, to stay on top of digital media and data developments. Finally, Edith Ramirez understood that all Americans require effective consumer protection. Under her leadership, the FTC expressly reached out to Hispanics, African Americans, and others in order to involve them in the work of the commission. Jeff Chester, CDD

Statement of Jeff Chester, executive director, Center for Digital Democracy October 27, 2016: The Federal Communications Commission, led by Chairman Tom Wheeler, delivered a very early Christmas present to Americans today. For the first time, the public will be guaranteed that when they use broadband to connect to the Internet, whether on a mobile device or personal computer, they will have the ability to decide whether and how much of their information can be gathered and used by Internet Service Providers (ISPs) without first getting their consent. This is a tremendous public interest breakthrough for privacy rights in the U.S., which lags behind nearly every other democracy when it comes to protecting online privacy. Today’s decision (link is external) provides a new crucial consumer protection safeguard. When consumers use a mobile app or engage in search, that information cannot be stealthily monitored and used by their ISP without a person first agreeing it can do so (known as opt-in). Such information is classified by the commission as “sensitive” data and triggers a set of rights for the consumer. The new rule is a critical building block for better protecting our privacy in this period of growing commercial surveillance, and should significantly curtail the ability of ISPs to stealthily monitor our activities. The handful of phone and cable giants that dominate the broadband telecommunications market are increasingly using sophisticated data-mining techniques to track and analyze their customers, whether at home or—via a mobile phone—on the go. This new rule will help ensure that a consumer’s most personal information—about their finances, health, geo-location, children—will not be swept into this far-reaching apparatus. Safeguards to prevent unfair “pay-for-privacy” schemes are also part of this new FCC order—and we expect the commission to be vigilant to make sure consumers aren’t forced, because of financial circumstances, to give up their privacy. The 3-2 vote is also a rejection of the intense lobbying conducted by the phone and cable lobby, as well as by other Internet giants, to effectively kill the plan. They aggressively lobbied to weaken the FCC’s proposal, disingenuously arguing that the commission should merely adopt the Federal Trade Commission’s privacy regime. They preferred the FTC’s approach because it doesn’t have any real legal teeth, and has allowed Internet giants to freely gather and use our data without any regard to our privacy. One reason that Americans face a crisis today in terms of their loss of privacy is because the FTC has been prevented from having the regulatory authority to actually protect the public. The very same companies calling for its approach have tirelessly worked to undermine its authority, in Congress and the courts.CDD would have preferred an earlier version of the commission’s privacy proposal that didn’t make distinctions between sensitive and non-sensitive data. This is a concept that is increasingly irrelevant today, because of technological advances in “Big Data” analytics and the massive growth of consumer data across all devices, where innocuous data can be used to generate highly personal and sensitive details. But today’s FCC decision is a critical advance in protecting our information. This decision sets the stage for a long-overdue debate on the need also to protect the privacy of Americans who use other online services, including Google and Facebook. It sets a critically new privacy baseline, which should lead to action by Congress that provides strong privacy protections for all of us, regardless of the devices or online services we use. These rules also need to be applied to any plans by AT&T and Time Warner to expand their commercial data activities under their proposed merger. Finally, this victory would not have been possible without the FCC’s Open Internet decision (network neutrality). That triggered this privacy review, so that long-standing privacy safeguards when we use our telephones was brought up to date. A truly open and democratic Internet requires one that incorporates robust privacy safeguards. Today’s decision is step one in helping achieve that important goal.