Publishings

In a 4-0 decision, the FTC agreed with CDD and a coalition of consumer, public health, and child advocay groups to reject calls from the online marketing lobby to delay the implementation of the new COPPA rules. The decision can be read here. (link is external)Our coalition's oppostion to the industry request played an important role in the commission's decision. It can be reviewed here. (link is external)The commission's action sent an important message that protecting the privacy of children and empowering parents/caregivers is a core value which must be respected.

This EU-commissioned report--"Assessment of Young people's exposure to alcohol marketing in audiovisual and online media" analyzes the role of Facebook and other social media. It was written by Rand Europe (and CDD is cited, among many others).

The leading U.S. consumer groups and many others filed this today at the Federal Trade Commission asking for the new children's safeguards to go into effect as planned this July. It's in response to requests made last week by the trade groups Interactive Advertising Bureau (see attached) and Application Developers Alliance (link is external). The filing well-documents why the new rules better protecting children online and empowering parents are needed now. It also serves as a counter-point to the Direct Marketing Association (link is external) and media business lobby FTC filing also seeking a delay of the rules.

Second in a series from leading U.S. privacy and consumer NGOs on the failure of U.S. law and regulation to protect privacy.

A series of the failure of U.S. privacy policies to protect consumers. The first paper was written by CDD on the failure of self-regulation. The second was written by the ACLU and Friends of Privacy, USA.

CDD and U.S. PIRG Education Fund filed comments yesterday with the FFIEC (link is external), the federal body which develops policies for the Consumer Financial Protection Bureau, Federal Reserve, FDIC, etc. We called for a set of strong safeguards to protect consumers from largely opaque and unfair social media marketing practices used in the financial marketplace. It especially called for regulation with the growing use of predictive "scoring (link is external)" products that evaluate how a financial service can view the creditworthiness of a consumer. The filing also called for an investigation into how Facebook's marketing appartus is used in the consumer financial marketplace, and the need to closely scrutinize the growing role of mobile devices.

This letter was sent today to new FTC Chairwoman Edith Ramirez by three-dozen NGOs--including the national leaders in the consumer and privacy fields.

As part of the comprehensive system of commercial surveillance tracking us 24/7 wherever we go and do, more companies are integrating offline and purchasing data with online information. But when the largest commercial database of individuals around the world marries (link is external)its user data with the ton of consumer records held by Acxiom, Epsilon, (link is external) Bluekai (link is external) and Datalogix, (link is external) major privacy and consumer protection issues are raised. Acxiom--whose President just told (link is external) the annual meeting of online marketing hotshots that “Data can make you rich,” offers new ways to track and target a user. It just unveiled what it calls its "AbiliTag" system (which will presumably be used by Facebook). Here's how Ad Age describes (link is external) what it can do: "The tag system extends the technology Acxiom uses internally to match its clients' direct mail, email, online cookies and other data sets, now enabling it for ad targeting online and in mobile. The system will eventually be used for digital TV ads also. The approach is not entirely different from offline-to-online database matching that connects an advertiser's data to large sites with registration data such as Yahoo or AOL. However, Acxiom argues that its system goes beyond that approach by allowing sites that don't have registration information to connect advertisers to their customers in digital channels. The idea is to use the Acxiom tag to identify a customer who visits an Acxiom client site, then a publisher partner site." Acxion describes (link is external) AbilTag's benefits to publishers (excerpt): "With AbiliTag publishers can access a growing range of benefits from Acxiom: Provide advertisers access to the richest possible audience information - their audience data along with advertisers’ CRM data (the best targeting data available) and Acxiom’s rich demographic and interest data. Assure the highest quality of integration through Acxiom’s patented real-time audience matching and recognition solution AbiliTag. ... Offer more precise online audience targeting, measurement and attribution to advertisers. Provide Fortune 500 advertisers audience targeting capabilities with data they are already know and understand. Offer secure, scalable and compliant access to 45M+ consumers per month on 60M+ devices. Offer audience portraits utilizing the combined audience data that demonstrate greater insight and added value to advertisers. ... Allow advertisers to leverage insights from offline multivariate consumer prediction models where propensity to purchase, shopper preferences, and LTV are already known." Meanwhile, Facebook is acquiring from its partner Microsoft the online ad analytics and attribution company Atlas (link is external). Here's what Atlas does with Facebook data: "Advertisers create and designate an ad to an engineered audience in Facebook, comprised of various parameters, including demographic and interest-based criteria. The resonance of the message within each audience can then be measured with precision and reported within Atlas. From this, a compelling story can be told. For example, advertisers can gain true insights into the traction their messaging holds in driving acquisition. In addition, by merit of supported impression and view through metrics, latent branding effects can be examined, identifying correlations with consumer behavior weeks to months following exposure to Facebook advertising. Audiences and creative messaging can be constantly refined until the advertiser sees the optimal results they are striving for. Additionally through statistical aggregation the overall performance of social display can be evaluated and pitted against other channels that are competing for credit. Viewing Facebook tracked data through Atlas’s Engagement Mapping (link is external), advertisers can ascertain where Facebook falls within the purchase funnel and make the most informed decisions as a result. The implications of Facebook tracking within Atlas, however, reach far beyond linear performance measurement and standard reporting. The FTC, Senate Commerce Committee, GAO and others examining the impact of Big Data Brokers on privacy and consumer protection should make Facebook's new set of data gethering and targeting alliances a key focus.

Statement on Appointment of Edith Ramirez at Chair of the FTC by Jeff Chester, CDD Edith Ramirez cares deeply about consumers and the issues that effect their everyday lives. She is always willing to listen and works hard to find out the facts before making a decision. We have found her to display unique insights on issues critical to consumer welfare and competition. Ms. Ramirez will be a thoughtful and effective leader of an agency that has been strengthened over the last several years to better meet the consumer protection challenges of the 21st Century. Under her leadership, we expect the FTC to blaze new ground on privacy—especially involving mobile devices, digital data brokers and Do Not Track.

CDD has obtained a Yahoo! (link is external)lobbying document being given to EU policymakers. Yahoo! is working to undermine pending legislative proposals that would significantly strengthen the rights EU citizens have regarding the collection and use of their information. Entiled "Yahoo! Rationale for Amendments to Draft Data Protection Regulation as Relate to Pseudonymous Data," the document attempts to persaude EU policymakers that the kind of information on users the company (and most others (link is external)) collect to fuel their extensive data profiling and targeting services should--guess--be exempt from the proposed new privacy safeguards. Yahoo! (link is external)is one of the US companies lobbying hard to weaken the EU proposal, which would set a new global standard for Internet privacy protection. Yahoo! (link is external) and others are trying to argue that the vast amounts of data (link is external)used to create targeting profiles on individuals--but which does not contain our name, address or other information that identified us in the pre-Internet era--should be exempt from the proposed safeguards on explicit consent and profiling, for example. Yahoo! (link is external) and other US companies should not be undermining the principled and civil liberties based privacy proposals of the EU. Short-term profits placed before building democratic safeguards for the 21st Century is a shamefully misplaced business model--especially from companies like Google, Facebook, etc. which try and cloak what they do as digital beacons of freedom.

This letter was sent today to top Obama Administration officials.

In the European Union, privacy is a fundamental Human Right. So it’s no surprise that leading EU officials are supporting (link is external) a proposal that place citizens and consumers in better control of their information (or, as its called in the EU, ensuring “data protection”). Many in the EU understand the stakes, as today’s digital tracking and profiling technologies enable far-reaching surveillance and influence on individuals. Online marketers, for example, have—in their own words—created a “360 degree” system to gather information on our actions, behaviors, location, relationships, etc. This information is placed in “profiles” which are built using a bevy of personal data and various mathematical algorithms that can be used to make predictions about us (whether, for example, we may be someone economically successful or not). Today, our privacy is further at risk, with marketers and others able to gather our geo-location data (where we are and where we go via our mobile devices); who are friends are and what they are doing (via Facebook and other social media); and where and what we spend (about to be made even more accessible with the growth of “digital wallets” and location-based payment services). The European Commission has proposed, and EU Member of Parliament Jan Philipp Albrecht (link is external)has amended, legislation that creates the global standard for privacy protection. (Albrecht is on the key Civil Liberties, Justice and Home Affairs –LIBE (link is external)--committee). The law would allow an individual to control “profiling” and surveillance done by others on them. This is the kind of safeguard that must threaten the US data collection industry (Google, Facebook, Yahoo and others). For example, the Commission’s draft explains that “…it should be ascertained whether individuals are tracked on the internet with data processing techniques which consist of applying a ‘profile’ to an individual, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.” Albrecht’s amended version ensures that individuals actually control whether information can be collected at all (“In order for processing to be lawful, personal data should be processed on the basis of the specific, informed and explicit consent of the person concerned.”). No wonder the US business lobby, with help from the Obama Administration, is engaged in a campaign to scuttle the EU proposal (Albrecht is quoted as saying the lobbying (link is external) campaign agains (link is external)t the EU privacy proposed law is very extensive). A delegation of leading US NGOs representing consumer, privacy and civil liberties went to Brussels this week to meet with Members of the European Parliament. The US group included the ACLU, Consumer Federation of America, Friends of Privacy USA, CDD and others. Here are the materials we distributed; a Obama Administration document given to EDRI (link is external), the EU digital rights group, as part of the campaign to undermine support for the proposed stronger EU data protection proposals; and the EU privacy proposal and amendments. US Administration and industry attempts to undermine the privacy rights of EU citizens also threaten online users throughout the world. What is needed is a meaningful standard for privacy protection that places people in charge of their information--not massive data brokers or governments. We plan to press the Obama Administration to stand up for privacy over the narrow interests of the digital data collection lobby.

The report (link is external)released today by the Federal Trade Commission analyzing expenditures by food and beverage marketers to target both children and teens shows a dramatic increase in the use of digital marketing. According to the report, "spending on new media, such as online, mobile, and viral marketing, increased by 50%." The report also underscored how young people are the target of "integrated" campaigns, pursued across the "4 Screens (link is external)" which marketers now regulary use. Kids are being prompted to "pester" their parents to buy these products, according to industry research uncovered by the Commission. Digital marketing is a powerful medium which utilizes far-reaching tactics designed to promote brands and sell products. The "360 degree" marketing apparatus ensures that even young consumers can be tracked and reached wherever they are--at home, in school, on the street and in stores. Online ads can be bought cheaply--and deliver bigger results than other forms of advertising (think social media viral campaigns where you get so-called friends to promote products to friends). The nation's youth obesity epidemic illustrates that more is needed than just a report. The FTC should convene stakeholders to develop a set of Fair Digital Marketing Practices for Children and Teens. Many of the techniques used by food and beverage marketers and media companies--such as neuromarketing (link is external), peer to peer viral campaigns, and location-based targeting--are not appropriate for youth. Industry will need to take more responsibility. Policymakers, especially the FTC, will need to dig further into how food marketers use digital techniques on America's young people. Regulation is required. Jeff Chester, CDD

Leaders of the Effort to Pass COPPA in 1998 Say Parents Should Now Have Greater Control of their Children’s Information Online Digital Media Companies Must Implement New Policies to Protect Children’s Privacy Online Washington, DC: The team of privacy advocates and lawyers responsible for passage of the Children’s Online Privacy Protection Act (COPPA) in the late 1990s expressed strong support for the Federal Trade Commission’s long-awaited release of its updated children’s privacy rules, announced today, while urging regulators to keep a watchful eye on continuing developments in the mobile app and social media industries. “We are at a critical moment in the growth of the children’s digital marketplace,” said Kathryn Montgomery, Professor of Communication at American University, “as social networks, mobile phones and gaming platforms become an increasingly powerful presence in the lives of young people. The new rules should help ensure that companies targeting children throughout the rapidly expanding digital media landscape will be required to engage in fair marketing and data collection practices. We applaud the FTC for its rigorous and comprehensive review of the COPPA rules and for bringing them up to date with industry changes. However, the Commission will need to engage in ongoing monitoring efforts, as well as strong enforcement actions, if the implementation of these rules is to be effective in the long run. The FTC’s recent report on the children’s app market indicates that, even in the midst of an intense public debate over privacy policy, too many companies in this industry have operated with little regard for their legal obligations to children.” “The Commission’s decision today is a major step forward,” said Jeff Chester, Executive Director of the Center for Digital Democracy. “We are especially gratified that this decision puts to rest the longstanding and disingenuous claims by the digital marketing industry that cookies and other persistent identifiers are not personally identifiable information. The revised rules also address the increasingly pervasive use of geolocation, behavioral targeting, and social media data collection. But we are concerned about possible loopholes that could undermine the intent of the rules. CDD plans to continue closely analyzing the emerging marketing and data practices targeted at children--with a sharp focus on app developers and social marketers like Facebook--and will file complaints against any company that violates the new rules.” “I am pleased that the FTC has updated its rules implementing the Children’s Online Privacy Protection Act, as Congress intended, to specifically account for new technologies and marketing practices,” observed Angela Campbell, Director of the Institute for Public Representation at Georgetown University Law Center. “While the revised rules provide significantly greater protections for children, we will monitor industry compliance with the new regulations. Where we find that companies fall short, as we did recently with the Mobbles and SpongeBob Diner Dash apps, we will file additional requests for investigation.” Kathryn Montgomery and Jeff Chester spearheaded the campaign to pass COPPA during the 1990s, leading a coalition of prominent education, health, and consumer groups in a two-year effort, and working closely with Angela Campbell and a team of law students at Georgetown Law’s Institute for Public Representation, which served as legal counsel to the coalition. Although the law took effect in the formative period of Internet marketing, it was purposely designed to adapt to changes in both technology and business practices, with periodic reviews by the FTC to ensure its continued effectiveness. With the expansion of digital media platforms and the growing sophistication of online data collection and profiling, the need for updating the rules became increasingly urgent. Since 2010, the Center for Digital Democracy and a coalition of other consumer and public health organizations have been urging the FTC to update its COPPA rules to encompass the expanding array of digital platforms and marketing services used to reach and target young people. In a letter submitted to the Commissioners last week, more than 50 organizations – including the American Academy of Child and Adolescent Psychiatry, CDD, Common Sense Media, Consumer Federation of America, Consumers Union, the American Academy of Pediatrics, the American Psychological Association, and the American Heart Association – strongly endorsed the agency’s proposed rules, calling for timely action to adopt them. --30--

The dramatic growth of the data broker industry, fueled by information on consumers culled from the Internet, social media, mobile phones, and in-store shopping, has created a multitude of all seeing eyes spying on Americans everyday. A digital gold mine of infinite details is harvested about each of us--what we buy, who are friends are, how much we earn, our ethnicity, health concerns, location, etc. For the most part, these records are off limits to consumers, who can't really discover what they say about us--including the likely errors they may contain. Today's action by the FTC (link is external) will unmask this largely stealth consumer surveillance industry. It will shine a powerful regulatory spotlight on such disturbing practices as the use of so-called "e-scores," which are used to signal to others information about our creditworthiness, potential revenues for marketers or even whether our calls for service should be answered first by telephone operators. Our data is sold to the highest commercial bidder in milliseconds, who can use the information for almost any purpose--yet it is unavailable so a consumer can review or challenge it. The data broker business, which now comprises far-reaching partnerships between numerous small and large companies, should not be permitted to operate without ensuring transparency and control to the individual consumer. That's especially important in this era of Big Data shaping our democracy. For a recent analysis of databroker tactics in the digital real-time consumer targeting era, see a paper (link is external)just published by Ed Mierzwinski of USPIRG and Jeff Chester of CDD An example of databroker techniques discussed by Acxiom is attached.

The dramatic growth of the data broker industry, fueled by information on consumers culled from the Internet, social media, mobile phones, and in-store shopping, has created a multitude of all seeing eyes spying on Americans everyday. A digital gold mine of infinite details is harvested about each of us--what we buy, who are friends are, how much we earn, our ethnicity, health concerns, location, etc. For the most part, these records are off limits to consumers, who can't really discover what they say about us--including the likely errors they may contain. Today's action by the FTC (link is external) will unmask this largely stealth consumer surveillance industry. It will shine a powerful regulatory spotlight on such disturbing practices as the use of so-called "e-scores," which are used to signal to others information about our creditworthiness, potential revenues for marketers or even whether our calls for service should be answered first by telephone operators. Our data is sold to the highest commercial bidder in milliseconds, who can use the information for almost any purpose--yet it is unavailable so a consumer can review or challenge it. The data broker business, which now comprises far-reaching partnerships between numerous small and large companies, should not be permitted to operate without ensuring transparency and control to the individual consumer. That's especially important in this era of Big Data shaping our democracy. We are also gratified that the FTC asked for databrokers to supply information related to both children and adolescents. For a just published report on digital databroker practices, the FCRA, and consumer protection written by Ed Mierzwinski of USPIRG and Jeff Chester of CDD, go to SSRN. (link is external) For an example of databroker techniques, see attached.

Center for Digital Democracy Charges that Nickelodeon’s Mobile SpongeBob Game Violates the Children’s Online Privacy Protection Act Urges Federal Trade Commission to Investigate and Bring Action Against the Leading Children’s Cable Channel Nickelodeon and PlayFirst Don’t Play Fair, Collecting Personal Information from Kids and Inducing In-Game Purchases Washington, DC: The Center for Digital Democracy (CDD) filed a complaint today asking the Federal Trade Commission (FTC) to investigate and bring action against cable network Nickelodeon and mobile game-maker PlayFirst for deceptive marketing of the SpongeBob Diner Dash game and for violating the Children’s Online Privacy Protection Act (COPPA). The mobile game, which is featured as a free iPhone and iPad app in the “Kids Games” section of Apple’s iTunes store, is based on characters from the popular “SpongeBob SquarePants” cable show (which for the past 12 years has been the most-watched television program for kids ages 2-11). The app store description assures consumers that the game complies with COPPA. However, as CDD’s filing documents, Nickelodeon and PlayFirst engage in several practices that are clear violations of the children’s privacy law. The objective of the game is for children to help SpongeBob “seat, serve, and satisfy all kinds of fishy customers in five colorful Bikini Bottom restaurants,” run by the greedy, selfish Mr. Krabs from the show. SpongeBob Diner Dash is a “freemium” game, which can be initially downloaded for free, but is designed to encourage users to buy virtual “coins” that can be spent on items such as shoes that make SpongeBob walk faster, or a frying pan that makes the food cook faster. Children are also prompted to spend more money to buy upgraded versions of the game. As the complaint documents, Nickelodeon and PlayFirst engage in deceptive acts by representing in the privacy disclosure on the Apple App Store that the app’s “data collection is in accordance with applicable law, such as COPPA,” when in fact it is not. The SpongeBob Diner Dash game asks children to provide a wide range of personal information, including full name, email address, and other online contact information, without providing notice to parents or obtaining prior parental consent, as required by the Children’s Online Privacy Protection Act. Nor does the app provide an adequate description of the personal information it collects or how it is used. The filing asks the FTC to investigate the apps’ data collection and privacy notice practices, including its use of mobile marketing technologies such as unique device identifiers (UDIDs) and “device tokens,” which enable companies to send custom messages to individual children in the form of “push notifications.” These forms of “online contact information” are considered personal information under current COPPA rules. “It is disturbing to learn that a well known children’s brand such as Nickelodeon is flouting basic privacy protections for children. Even more troubling, Nickelodeon tells parents that it complies with the law protecting children’s privacy when it does not” commented Laura Moy, an attorney at Georgetown Law’s Institute for Public Representation (IPR), which prepared the complaint on behalf of CDD. Moy urged that “the FTC take action to ensure that all companies targeting mobile apps to kids are complying with the law.” “It is clear that this is not an isolated incident,” said Jeff Chester, CDD’s Executive Director. “As the FTC report last week on children’s mobile apps revealed, this industry is not taking seriously its obligations under COPPA. The Commission needs to step up its enforcement actions and adopt new rules that will address the growing threats to children’s privacy in the expanding mobile marketplace.” A copy of CDD’s request is available at http://db.tt/oA1kEKSP (link is external) --30--

FOR IMMEDIATE RELEASE December 13, 2012 50+ ADVOCACY GROUPS CALL FOR UPDATES TO KIDS’ ONLINE PRIVACY PROTECTIONS WASHINGTON, DC and SAN FRANCISCO, CA -- A broad coalition of child advocacy, health, parents, privacy, and consumer organizations--including the American Academy of Pediatrics, the American Heart Association, the American Psychological Association , US Conference of Catholic Bishops, and Consumers Union -- has released a letter to the Federal Trade Commission (FTC) to express strong support for proposed updates to the Children’s Online Privacy Protection Act (COPPA). COPPA was passed by Congress in 1998, and is designed to enable parents to decide how and whether Internet companies and operators can collect and use personal information from their children under the age of 13. The FTC is considering the first updates to the COPPA rules, which were established in 2000. Since then, dramatic changes in the online and mobile world, and sophisticated new data collection and marketing practices, have undermined the ability of parents to make meaningful decisions for protecting their children’s privacy and safety. Recognizing those changes, the coalition letter describes the proposed updates to the COPPA rules as “not only essential, but also urgent.” The letter and list of co-signing organizations can be found at www.democraticmedia.org. In addition, in three separate petitions organized by Public Citizen (link is external), Campaign for a Commercial-Free Childhood (link is external), and Common Sense Media and the Center for Digital Democracy (link is external) over 10,000 petitioners have shown support for the FTC’s plans to update COPPA and keep parents--and not companies--in control of their children's online data.

Washington, DC: The Center for Digital Democracy (CDD) filed a complaint today with the Federal Trade Commission (FTC) calling for an investigation of and action against the Mobbles Corporation for operating the mobile application Mobbles in violation of the Children’s Online Privacy Protection Act (COPPA). Mobbles, a game involving virtual pets, is directed at children under age 13. It collects personal information from children without providing any notice to parents (nor even attempting to obtain verifiable parental consent), as required by law. Available since May 2012 on iTunes for the iPhone and from the Google Play store for Android devices, Mobbles has ranked among the top 100 grossing “Entertainment” iTunes apps in 24 countries, and among the top 10 in 10 countries. Between 10,000 and 50,000 users downloaded Mobbles over the last 30 days in the Google Play store alone. An elaborate, location-based game that involves capturing, collecting, trading, and caring for virtual pets, “Mobbles” raises a number of privacy and child-safety issues, CDD’s complaint explains. First, because Mobbles is a location-based game, it uses smart-phone technology both to determine and to share the precise physical location of children playing the game. Second, because users must be within 54 yards of a Mobble to “catch” it, the game encourages children to wander around at all hours to get close enough to capture a particular Mobble (some of which are only available at night). Third, through its newsletter sign-up and registration required for pet trading, Mobbles collects children’s email addresses and other contact information without parental notice or consent. And, finally, although many of the game’s items are available free (as is the game itself), Mobbles encourages the expenditure of actual funds (via credit-card accounts) to acquire virtual items that are only available for purchase. As CDD’s complaint makes clear, Mobbles violates COPPA’s requirement that any online service directed at children provide notice “of what information it collects from children, how it uses such information, and its disclosure practices for such information,” and obtain parental consent before collecting personal information from a child. Mobbles provides no privacy policies nor does it make any attempt to obtain parental consent before collecting a child’s physical address, online contact information, or the online contact information of a child’s friends. “This case underscores the urgent need to update the Federal Trade Commission’s rules on children’s online privacy,” said CDD Executive Director Jeff Chester. “The use of persistent identifiers on mobile devices and other platforms must be covered under the proposed new COPPA regulations.” “By its very design, the Mobbles app takes unfair advantage of children’s developmental vulnerabilities, and even potentially threatens their personal safety,” commented Dr. Kathryn Montgomery, Professor of Communication at American University, who spearheaded the campaign for COPPA in the 1990’s. “This complaint provides a glimpse into a much larger, rapidly growing children’s mobile market, in which companies are unleashing all of the available techniques for targeting kids, including geo-location, instant rewards, and in-phone purchases. In the process, these companies are capturing a wide range of personal information available on smart phones and other mobile devices. Such practices not only violate the law, but also fly in the face of industry promises to protect children’s privacy in the digital media marketplace.” CDD’s filing was prepared by the Institute for Public Representation at Georgetown University Law Center. Georgetown Law Student Jessica Wang, who researched and drafted the request, urged the FTC “to act promptly to stop mobile apps such as Mobbles from pinpointing children's physical location, sending them direct messages, and contacting kids' friends without their parents' knowledge and permission.” Noting that on Monday the FTC released a report documenting that a large percentage of the most popular mobile apps for kids are collecting information without parental notice and consent, Angela Campbell, Director of the Institute for Public Representation, urged the FTC to include Mobbles as one of the apps it planned to investigate.