• CDD statement on today's FTC COPPA (link is external) proposal. Today, the FTC took a giant step to protect children's privacy by proposing that the online data broker industry be required to comply with the Children's Online Privacy Protection Act (COPPA). Children--like adults--confront a pervasive data collection and targeting system made up of ad networks, data exchanges, and other digital marketing companies able to target anyone in real-time. The FTC's proposal ensures that parents will have control over how information can be collected from their children via mobile phones, online games and when they use computers. In addition, the commission will also rein in the data brokers targeting kids who use social media, so-called "plug-ins," to gather information on a child and their friends. Consumer, child advocacy, privacy and public health groups have called on the FTC to ensure that COPPA protects kids and empowers parents in today's data collection intensive, targeting 24/7 online environment. This proposal will help accomplish this. We are concerned, however, about the lobbying of the Walt Disney Company and others to secure an exemption for so-called family websites. We will be reviewing the commission's proposal and industry practices on such sites.
  • When CDD reviewed the proposed Facebook Sponsored Stories (link is external) settlement it was clear it failed to address how marketing and targeting on the social network really works. It also didn't do anything to ensure that parents and teens have the control they require over the Sponsored Story process (link is external) and its inter-related series (link is external)of premium ad products. Clearly, Facebook users require a settlement that protects their privacy and rights. As Sponsored Stories is deployed on the mobile p (link is external)latform, and Facebook users confront new privacy threats from the Facebook Exchange ad targeting (link is external) service, as well as new measurement (link is external) capabilities, policies need to be enacted to protect users (especially adolescents and other youth). We revised our letter of objection, now that a new Judge has been assigned to the case.
  • This letter was sent today to Lawrence Strickling, Ass't Sec of Commerce, as well as The White House. Despite our best efforts (link is external) to encourage the Commerce Department to ensure that people across the country can meaningfully participate in the first key stakeholder meeting scheduled for 12 July, the agency has failed to embrace an effective means to do so. Over the last few weeks we did get the Commerce people to change their plans to allow some outside of the Beltway involvement--but in a very limited way. The groups previously submitted a set of principles (link is external) last February to help govern the negotiations and ensure equitable representation and deliberation. Today's letter is attached. See too Consumer Federation of America press statement. (link is external)
  • Today, CDD, Consumers Union and a coalition of leading child advocacy, health, consumer and privacy groups sent a letter to Facebook CEO Mark Zuckerberg. The letter discusses the safeguards required to ensure Facebook `does no harm' to young people if it decides to open its platform to children (in order to comply with COPPA, etc).
  • Today we filed Comments on the Obama Administration's privacy plan via the Dep't of Commerce proceeding. Highlights below. Need for Legislation: We have said from the beginning of this process that the reliance on multi-stakeholder negotiations to effectively protect consumer welfare, including privacy, is a flawed approach....what is required is more courageous action by the Obama Administration: the submission to Congress of draft legislation that implements the CPBR principles. Multi-stakeholder Negotiations Must Address the Full Scope of the CPBR Principles at Each Stage: In order for any “code of conduct” to be developed, each issue (such as mobile applications, ethnic/racial digital profiling, youth online marketing, real-time targeting) must reflect all of the administration’s Privacy Bill of Rights. Stakeholders Should Decide the Topics, not the Administration: The administration should respect the independence of the multi-stakeholder process to identify issues for negotiation. Commit to the W3C’s Do-Not-Track Multi-stakeholder Process: The administration should clarify that it fully supports the multi-stakeholder process now underway by the World Web Consortium’s Tracking Protection Working Group. The support by the White House of the Digital Advertising Alliance’s closed-door, non-transparent, and non-representative work on Do-Not-Track suggests there is a lack of serious commitment to an independent and participatory multi-stakeholder process. The Department of Commerce should immediately recognize that the WC3’s work on Do-Not-Track is part of the development of meaningful new codes of conduct... All Issues Must Be on the Table, with No Exemptions for Self-regulatory Codes: Some digital data collection trade groups have suggested, in recent Congressional testimony, that the multi-stakeholder deliberations “should target only those issues that are not subject to existing statutory regimes or self-regulatory programs..." The administration should reject such a self-serving suggestion, which would deprive U.S. consumers of having fairly negotiated codes of conduct. Industry self-regulatory codes have been developed without public input, and already have drawn criticism from leading scholars. All issues must be addressed if this process is to have credibility Ensuring a Transparent and Open Process: these deliberations must be public...We urge that they be Webcast, and that there is a robust mechanism put in place for both the news media and the public to be informed of the proceedings... Issues related to both Children and Adolescents Should Be Addressed in Every Topic Identified for a Code of Conduct: Rather than addressing young people under a separate code of conduct, we support identifying the child and adolescent issues raised by each issue Concerns on the International Role for the Multi-stakeholder Negotiations and Codes of Conduct: We have grave reservations about the U.S. attempting to negotiate a “code of conduct” as the equivalent of formal law (such as in the EU) or where effective new consumer protection laws are required (such as in South America or the Asia Pacific markets). There isn’t a one-size-protects-all privacy regime that can be exported from the U.S Ensuring an Informed Discussion About the Digital Data Collection Landscape: One cannot easily choose a small piece of the puzzle (such as the “low-hanging fruit” of mobile privacy) to tackle, because all types of data collection and analysis are intrinsically connected to the fundamental forces shaping privacy in the commercial digital era. Ensuring Civil Society Participation, Especially Independent NGOs: We support the “Principles for Multi-Stakeholder Process” endorsed by leading NGOs on February 23, 2012 (with the leadership of the World Privacy Forum)... There must be robust civil society involvement in each deliberation, with sufficient levels of participation to ensure an effective—not marginal—contribution.
  • FTC Makes Advances Protecting the Privacy of Americans in Big Data Era, with Call for Congress to Rein-in Data Brokers But major concerns loom as report leaves consumers vulnerable to widespread data collection and tracking. Battles ahead as consumer group presses for action Statement of Jeff Chester, Executive Director, Center for Digital Democracy The Commission’s new privacy report zeros in on one of the most glaring threats to consumers today—the growth of the online-merged with-offline data collection complex. In its call for Congress to enact legislation to rein in the data broker industry, the FTC has opened up an important new ‘front’ in the battle to protect consumer privacy. Today, consumers face an ever growing and largely invisible data apparatus that collects and pools their information 24/7. The harvesting and sale--often in real-time--of our valuable data, including about our financial and health interests, poses a major threat to consumers. The FTC’s call for legislation is a digital wake-up call to Congress. The commission’s recommendation that Do-Not-Track means do not collect, potentially could help create a powerful new privacy tool for consumers. Overall, the FTC’s call for ensuring the public has greater control over how their data is collected and used online, should prompt industry leaders to rethink how they address protecting consumer privacy. The FTC's further clarification of what is considered personally identifiable information is also a step forward. However, we call on the FTC to specifically spell out how to ensure consumers have meaningful “choice” to control the collection and use of their information. The commission’s overall support for industry self-regulation (such as the largely invisible “icon” placed on ads) is disappointing, and reveals a FTC still too often constrained from effectively protecting the public. We see this report and the recent White House Consumer Privacy Bill of Rights endorsing what consumer groups have been warning about for years--that the Internet's growing focus on the tracking of individuals, along with the sale of their data by a largely out of view digital marketing industry, requires 21st Century consumer protection safeguards. Other key elements in the report: The commission’s proposal on affiliates and third-parties also helps rein-in a dizzying digital-consumer tracking daisy chain. Websites that share data with other parts of their company or ad networks require new safeguards. Requiring affirmative consent for the collection and use of sensitive information, including on first and third party sites. This is a positive step forward as consumers increasingly are targeted by financial and health marketers. But if consumers are to be protected, the FTC (and for financial, the CFPB) must engage in serious enforcement efforts. Called on the online ad industry (Digital Advertising Alliance, DAA) to work “within the W3C process” on Do-not-Track. The World Wide Web Consortium's (W3C) work on Do-not-Track is being potentially undermined by a separate effort organized by the DAA. Today, the FTC sent a message that it expects the online ad industry to work with the “multi-stakeholder” process established by W3C. [CDD is a member of the W3C Tracking Protection Group]. The commission resisted calls from the telephone and cable lobby to endorse the controversial Deep-Packet Inspection (DPI) surveillance system. The FTC plans to hold a workshop and conduct further study on this critical privacy and civil liberties issue, which is prudent. The report calls for greater protections for teens when they are targeted, something CDD has urged. The commission will expand its focus on mobile privacy, including applications and transactions.
  • This letter was sent today to US and EU policymakers.
  • This letter from the US/EU consumer group organization (link is external)Trans Atlantic Consumer Dialogue, which formally advises both the EU and US, calls on Google to suspend its planned privacy changes.
  • CDD has made a commitment to the White House that it will work on “multi-stake holder” negotiations to help develop new consumer online privacy safeguards. We recognize that in the absence of federal legislation, the inability of the FTC to issue regulations, and the ever-increasing digital data collection system, some progress must be made to protect consumers. Increasingly, consumers face a daily whirlwind of data collection, confronting a vast and largely uncontrollable apparatus that tracks their every move. Whether we are using a PC, a mobile device, playing a video game or even listening to music, our information is being stealthily packaged into personal data profiles. Our financial, health, political, and family data are sold to the highest online bidder, whether they are marketers, financial companies or even political parties. The White House’s new framework for protecting privacy, especially its Bill of Rights, is an important development to protect consumers in the digital age. Consumers require a “Bill of Rights” that ensure they are in control over their personal information—not the digital data companies. As the public increasingly relies on the Internet to make purchases and other financial decisions, they also should have 21st Century consumer protection safeguards. However, the new framework largely depends on the development of voluntary codes of conduct, to be negotiated between consumer groups and companies like Google, Facebook, Microsoft, Yahoo and others. Consumers groups, such as CDD, will engage in these negotiations in good faith. But we cannot accept any “deal” that doesn’t really protect consumers, and merely allows the data-profiling status quo to remain. Instead of negotiations, CDD would have preferred the White House to introduce new legislation that clearly protected consumers online. Two, we are very concerned that the Administration’s new privacy plan is designed to undermine the European Union’s rights-based approach protecting privacy. The U.S. online data companies are the global leaders in digital advertising, especially Google and Facebook. These companies increasingly feel threatened by a EU approach that protects its citizens from pervasive and unaccountable data collection. We will not support an effort by the U.S. to secure a trade agreement with the EU and the Asia Pacific region that permits digital marketers to collect user data unabated. A voluntary code of conduct should not be the basis of a global trade deal designed to bolster Google and Facebook profits. Finally, we are also concerned about today’s announcement by the Digital Advertising Alliance (DAA), including Google, that they will develop its own Do-Not-Track system. The plan by the DAA to add Do-Not-Track to its self-regulatory system could derail a promising privacy effort by the Worldwide Web Consortium standards group (W3C) that is being designed to give consumers greater control over data collection. The new DAA scheme will enable companies to continue to collect profiling data on users, and merely prevent the delivery of targeted ads. DAA members are terrified about the development of a DNT system with teeth, which would stop so much data collection, profiling and tracking. The White House and the FTC should ensure that consumers can receive the benefits of a robust, uniform and independent DNT service. We should not allow Do-Not-Track to be hijacked by the data collection industry
  • The attached complaint was sent today to the FTC, including the following to the Secretary, Commissioners, and staff: The Center for Digital Democracy submits this complaint regarding the failure of Google, Inc. to abide by the commission's Consent Decree in the Google "Buzz" case (Docket No. C-4366). We respectfully urge the FTC to find Google in violation of the Consent Decree for its failure to accurately and honestly inform users the real reasons it is changing its privacy policy. This petition provides data and analysis showing how Google's business practices, especially those announced or implemented in 2011, are the real reasons why it is now altering its consumer privacy practices. CDD also seeks to have the FTC request that Google postpone the launch of its new privacy policy on March 1, 2012, pending the outcome of its investigation. Here's an excerpt: We believe that an analysis of Google’s business operations over the last year will demonstrate the true rationale for the changes to its privacy policy—which has nothing to do with making it “easier” or “more convenient” for users. We fail to see where Google has provided to users—as it claims to have done in its “Compliance Report” submitted to the commission—“clear information in order to exercise meaningful choice regarding their continued use of Google services….” In particular, Google fails to inform its users that the new privacy regime is based on its own business imperatives: to address competition from Facebook; to grow its capacity to finely profile and target through audience buying; to collect, integrate, and utilize a user’s information in order to expand its social media, social search, and mobile marketing activities (through YouTube, Google+, and Admob, for example); to extend the length of time during which users are subject to targeting and real-time auctions via its DoubleClick Ad Exchange and Display Network; to provide additional data points for its Teracent, Invite Media, and Admeld operations; and generally to expand its DoubleClick operations. Finally, Google should have explained to consumers what it told a private industry meeting—that to help fulfill its February 2011 prediction that display advertising will be a $200 billion dollar global industry, it would need to better integrate user data across platforms and application using digital ad marketing automation.
  • Blog

    CDD Presentation at World Health Org on Digital Alcohol Marketing

    We will present this Wed. at the WHO's Global Alcohol Policy conference. Our presentation is: The Digital Marketing of Alcoholic Beverages to Youth: How Social Media, Mobile Devices, Personalized Data Collection and Neuromarketing have transformed the global advertising landscape.

    Here's the abstract.Powerful new digital marketing techniques permit beer and alcohol companies to deeply penetrate into the hearts and minds of consumers, and their social networks of friends. The growing sophistication and capabilities of online marketing, increasingly integrated into the lifestyles of youthful and Internet connected consumers throughout the world, pose potential public health concerns—as well as opportunities. Marketing today has been transformed from the viewing of a single advert on television or in print, into experiencing interactive and highly personalized content that influences what we consume and purchase. Alcoholic beverage companies are winning global awards for their campaigns, including those launched in the Asia Pacific, EU, North and South America markets.Today, a single user can be stealthily tracked and profiled throughout their “online journey”—including their visits to many websites and they actions they take--as their information is collected and analyzed. Then so-called online “behavioral” advertising takes this profile data to target an individual user more precisely.. Mobile phone and location marketing permit marketers to “geo-target” users in specific geographic areas and at defined times. Digital advertising can operate across so-called multiple platforms—following a single consumer whether they are in front of the personal computer, using a mobile device, or even soon while watching television. Super-fast computers are able to identify a single individual who might be a suitable target for an online alcohol ad—and sell them in real-time to the highest bidder.Facebook and other social media enable marketers to go beyond the targeting of individuals to also influence and “activate” ones network of friends. The goal for much of social media marketing is to encourage consumers to do the marketing for the brand, through new forms of viral and other “peer-to-peer” endorsements. Millions of Facebook members are now regularly reached by alcoholic beverage companies.Online marketers are increasingly relying on the use of “neuromarketing” to create ads and other content expressly designed to penetrate the subconscious minds of users. Through the use of “immersive” online content, including entertainment, digital marketers are creating new forms of story-telling designed to increase brand loyalty and sales.
  • Facial recognition technologies are now a part of the commercial digital marketing "complex," providing additional data and "activation" techniques designed to trigger engagement and commercial behavior. The Federal Trade Commission requested comments on the issue. Although CDD is concerned about the use of Facial Recognition on all consumers/citizens, inc. adults, we focused on the need for child and adolescent safeguards. Facial Recognition tactics have already become a part of youth marketing, inc, for food (link is external)and beverage (link is external) products. Here's an excerpt with filing attached: The growth of real-time targeting, with the routine merging of offline and online data for profiling-based user ad sales, is the context for the FTC to develop safeguards related to FR. Physical data will be added to the plethora of information layered to target users (which now also includes increasingly neuromarketing-derived data. The commission must also address how FR is designed to identify and target multicultural youth. Today, digital marketers engage in a range of ethnic and racial targeting, including children of color. African-American, Hispanic/Latino and Asian-American children and adolescents are the focus of wide-ranging data collection, profiling, and targeting applications. The use of FR to identify race/ethnicity without COPPA or new adolescent digital marketing rules requires proactive policy action by the commission... The commission must take into consideration, in its work to address FR, the current state of behavioral advertising and related digital direct marketing applications—including cross-platform. FR cannot be viewed in isolation, and an effective and comprehensive set of safeguards are required in the youth digital marketplace... CDD urges the FTC to issue appropriate rules, under its current COPPA proceeding, that place decisions about the use of FR under the control of a parent or appropriate adult guardian. It also must recommend new safeguards for adolescents, giving them greater information and control over how interactive marketing applications and data collection, including FR, are used in targeting. Specifically, we ask that: 1. The commission issue a regulation, under the COPPA rule, stipulating that the results of facial recognition applications are inherently personally identifiable information, and thus cannot be collected or used without parental consent. 2. For teens, companies must have a clear opt-in structure in order to undertake FR. 3. The commission oversee the development of a set of Fair Marketing Practices for all digital marketing targeting both children and teens, which should address how the overall use of facial recognition will be governed.
  • This draft document represents the current consensus views of the following organizations: ACLU, Center for Digital Democracy, Center for Media and Democracy, Consumer Federation of America, Consumers International, Consumers Union, Consumer Watchdog, Electronic Frontier Foundation, Fundacja Panoptykon, Privacy Rights Clearinghouse, and World Privacy Forum. The full document is attached.
  • Statement of Jeff Chester: Washington, November 29, 2011: "Since 2007, the social media giant has purposefully worked to erode the concept of privacy by disingenuously claiming users want to share all their personal information. But very few of Facebook’s more than 850 million users understand—let alone can control—the vast amounts of data mining used to propel its advertising business (in 2011, Facebook is predicted to top $4 billion in ad revenues). Facebook’s drive to reap the rewards of a potentially ground-breaking IPO next Spring has also helped unleash a range of data practices that stealthily monetizes the actions and interests of users and their networks of friends. For example, there are now a complex of Facebook tools designed to help marketing campaigns trigger a range of “experiences” and actions tied to measureable events. Facebook has also increasingly focused on a “social by design” concept in an effort to help its advertisers utilize “profile data.” Once the FTC consent decree (link is external)is finalized, Facebook users will have new tools at their disposal to help ensure their privacy is better protected. If Facebook makes any claim that is found to be untrue, they can press the FTC to conduct a review, order a correction and require the imposition of financial penalties. We applaud the FTC for conducting a much-needed investigation of Facebook and diligently pursuing this settlement. CDD joined with the Electronic Privacy Information Center and other groups petitioning the FTC to investigate Facebook’s privacy practices. We will work to ensure that Facebook’s further expansion into mobile marketing, social commerce and online gaming doesn’t come at the expense of user privacy. However, this proposed settlement also requires leadership changes at Facebook. They misled consumers and should pay a price beyond a 20 year agreement to conduct their business practices in a more above-board fashion. We call on Mark Zuckerberg and the Facebook board of directors to accept responsibility for this breech of conduct. They should resign and be replaced by officials that have strong pro-privacy credentials."
  • Children’s Privacy Advocates Praise Federal Trade Commission on Proposed New Safeguards to Protect Children’s Privacy Online Leaders of the Effort that Helped Pass COPPA in 1998 Say Parents Will Now Have Better Ways to Ensure Their Children’s Information is Safe in the Smart Phone and Social Networking Era Washington, DC: Today, the FTC released a Notice of Proposed Rulemaking on its rules implementing the Children’s Online Privacy Protection Act (COPPA), the 1998 law designed to protect the privacy of children under 13. The Commission’s plan would help safeguard children’s data when they are on a mobile phone, playing an interactive game on the Internet, or participating in a virtual world. Under the proposed new rules, children could not be tracked and profiled when online through the use of behavioral targeting and other techniques now regularly used to stealthily collect information on Internet and mobile phone users. Parents and children’s security and safety would be better protected, since the proposed COPPA rules would cover a child’s geo-location data, as well as photos they post online, and would impose new requirements to ensure against data breaches. “Since its passage in 1998, COPPA has served as an important safeguard for young consumers under the age of 13 in the online marketing environment,” commented Kathryn Montgomery, PhD, Professor of Communication at American University, and one of the leaders of the campaign that led to passage of the law. “It established a level playing field by creating a law that applied to every commercial player—from the largest children’s media companies to the smallest start-ups. And it sent a strong signal to the online marketing industry: If you are going to do business with our nation’s children, you will have to follow some basic rules. COPPA was purposely designed to adapt to changes in both technology and business practices. The proposed rules announced by the FTC today reflect careful research and analysis, as well as widespread consultation with major stakeholders. We believe they will help address a number of concerns raised by consumer groups, privacy experts, and child advocates, while at the same time, balancing children’s ability to be active participants in digital culture with the need to protect them from unfair data collection and marketing practices.” Montgomery concurred with the Commission’s recognition that teens also need some privacy protections online. “While some of the mechanisms for protecting younger children are not appropriate for older youth,” she noted, “adolescents are entitled to fair information practices in the digital marketplace. We urge the FTC to address this issue in its forthcoming new comprehensive privacy framework report.” “The Center for Digital for Democracy is pleased that the FTC has finally brought protecting a child’s privacy into the 21st Century,” explained CDD’s executive director, Jeff Chester. “This proposal balances the need to protect the privacy of children, ensure parental involvement, and promotes the growth of kid-oriented online media. At a time when our children spend much of their daily lives online and are always connected to the Internet via games, cell phones and other devices, parents should thank the FTC for acting responsibly on behalf of children.” Among the provisions highlighted by the advocates are: § Extension of privacy protections to the expanding array of digital platforms and marketing venues used to reach and engage young people, including mobile phones and internet-enabled gaming. § The rules’ acknowledgement of increasingly sophisticated technologies for identifying individuals, including IP addresses and geo-location. § Closing of loopholes that made it possible for companies to engage in behavioral targeting and one-to-one marketing aimed at children. § More user-friendly privacy notices to enable parents to make better decisions about their children’s use of online services. “The Institute for Public Representation, which has served as counsel to children’s advocacy groups in efforts to protect children’s online privacy for over sixteen years, is pleased that the FTC is proposing to update its rules to cover new technologies and practices,” said IPR Co-Director and Georgetown University Law Professor, Angela Campbell. The Institute for Public Representation, at Georgetown University Law Center, represented a broad coalition of groups in this FTC proceeding. They included the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, the American Academy of Pediatrics, the Benton Foundation, Berkeley Media Studies Group, the Campaign for a Commercial-Free Childhood, the Center for Science in the Public Interest, Children Now, Consumer Action, Consumer Federation of America, Consumers Union, Consumer Watchdog, National Consumers League, Public Health Institute, U.S. PIRG, and World Privacy Forum. The Children’s Online Privacy Protection Act was passed in 1998 as bi-partisan legislation that had the support of children’s advocates, public health, education, consumer, and privacy groups, as well as leading online marketing companies.
  • CDD, U.S. PIRG, Consumer Watchdog, and World Privacy Forum call on the Federal Trade Commission to investigate interactive marketing of pharmaceutical and health products and services to consumers and health professionals. Action is required to protect consumers, including their privacy, in the online health and medical marketplace. The FTC has a role to play to help the Food and Drug Administration address new threats. Read the press release below for details…
  • For the past 25 years, pharmaceutical companies have been permitted to market their products directly to consumers. More recently, in the years following the Food and Drug Administration’s relaxation of direct-to-consumer (DTC) advertising guidelines in 1997, spending on such promotion grew more than six-fold, reaching $5 billion by 2008. In the traditional media of print and broadcast, those DTC ads come with lots of fine print, including warnings of possible side effects that most consumers. But now that ever-increasing amounts of pharmaceutical marketing have moved online, there is another kind of fine print—the truth about invasive and potentially misleading pharmaceutical advertising—that consumers may never see at all. The Center for Digital Democracy recently shared these concerns in a formal filing to the FDA, the highlights of which follow: 1. Personal Data Collection and Privacy Online pharmaceutical and health marketing companies have developed an extensive data collection and interactive targeting apparatus. Few U.S. health consumers are aware that they are being identified, labeled, profiled, and tracked on the Internet while they search or access information on specific conditions or concerns. 2. “Condition” and Behavioral Targeted Advertising Behavioral targeting enables health marketers to stealthily follow consumers online—sometimes across many different websites—gathering details on their interests and activities, and then offering them marketing messages precisely honed to their behaviors related to an illness or condition. Digital marketers employ online “ad networks” to help track and then target individual consumers seeking health-related information. There are also a number of specialized health portals and networks specifically created to target consumers based on particular conditions or concerns. 3. Neuromarketing It should perhaps come as no surprise that many of the companies whose products are rooted in scientific research have turned to neuroscientific techniques in an effort to influence health consumers’ subconscious decision-making processes. Called “neuromarketing,” such techniques are increasingly employed to research, design, and implement online advertising campaigns—including those for health and medical products. NeuroFocus, for example, a firm that specializes in the application of brainwave research to advertising, programming, and messaging, uses “neurological testing [that] delves down to the subconscious mind,” far below such “corrupting factors” as education, language, and cultural variances. Measuring as many as 64-128 sectors of the brain at 2,000 times per second, NeuroFocus promises results that are “unambiguous, accurate, and actionable”—results, we should add, that are achieved without the consumer’s knowledge or consent. 4. Social Media Monitoring and Marketing Perhaps most alarmingly, marketers have developed applications that allow companies to eavesdrop and analyze conversations by and among health consumers, taking advantage of users’ networks of friends to orchestrate peer-to-peer brand promotion. These new surveillance tools monitor conversations among social network users to identify what is being said about a particular issue or product. Marketers then work to insert brand-related messages into the social dialogue, often by identifying and targeting individuals considered brand “loyalists” or “influencers,” and encouraging them to generate buzz through their networks of friends. Increasingly, advertisers are using Facebook’s marketing apparatus—which is largely invisible to its users—to develop a brand presence on its pages so companies can strongly connect to the social communications of a very large pool of consumers. Heartbeat Digital’s BuzzScape, for example “allows clients to monitor discussions that flow in and out of the tens of thousands of message boards, forums, blogs and social networks that increasingly dominate the online environment.” As Heartbeat CEO Bill Drummy admits, “In a sense, we eavesdrop on public conversations among people with a shared interest, then use what we learn to create interactive marketing campaigns that address the identified needs, wants and gaps in knowledge of target audiences.” Perhaps the biggest gap in audience knowledge, of course, is awareness of the fact that online conversations concerning the most sensitive health concerns have become just so much grist for the pharmaceutical marketing mills. 5. Unbranded Sites Another common practice among pharmaceutical companies is the use of online video and websites to raise the awareness of a particular disease or condition—often without clear disclosure of sponsor relationships. Ostensibly designed as educational sites, where individuals can share their experiences with various treatments for certain maladies, sites such as or are also useful to pharmaceutical companies as a “soft sell” opportunity, free of FDA-mandated risk-disclosure and other advertising requirements. 6. Ad Exchanges These commercial arrangements allow companies to auction off individual users to specific advertisers in real time for ad targeting. Increasingly, the targeting is accompanied by so-called “data optimization,” which draws on various information resources to compile more complete profiles of individual users. For example, Google/DoubleClick’s Ad Exchange Health focus has 36 categories, from Arthritis and Diabetes to Respiratory Conditions and Sleep Disorders. Another advertising network, ADSDAQ, offers 50 health-related categories, from A.D.D. and Alzheimer’s Disease to Weight Loss and Women’s Health. Again, consumers are never apprised of the way their personal data—including intimate health-related information—is being sold to the highest bidder. 7. Audience Segmentation The division of consumers into much smaller affinity groups (e.g., Business Travelers, Sports Fans, Technophiles) for the purpose of targeted marketing is a longstanding advertising practice. Its use by pharmaceutical marketers, however, especially in the digital context, raises a number of critical issues. The segments into which pharmaceutical companies divide their audiences go far beyond demographic and lifestyle categories to include highly personal and sensitive information relating to one’s health. For example, as Mark Miller, senior vice president for healthcare marketer Epsilon, explains, “Segment profiling dimensions include (but are not limited to): market size, geo-demographic characteristics, medication usage, self-care behaviors, bio-metrics, insurance coverage/ usage, needs/attitudes/behaviors and media consumption.” The goal of these data collection and analysis efforts, moreover, is to influence consumer behavior in some of the most personal and profound decisions they will ever have to make, concerning their own and their family’s health. 8. Mobile Campaigns Many of the same consumer data collection, profiling, and behavioral targeting techniques that have raised concerns in the more “traditional” online world have now been brought into the mobile phone marketplace. As U.S. consumers increasingly rely on their mobile devices for a wide range of services, including sensitive transactions related to health, the expansion of behavioral targeting into the mobile world (where it will be combined with precise user and location data) is especially troubling. “Not only does Mobile have a ubiquitous presence—with us 24/7,” boasts Peter Nalen, CEO of Compass Healthcare Communications, “—it can also reach more people, more efficiently, and with greater targetability.” That’s not the kind of personalized service, however, that consumers may want or need in the healthcare arena. And that’s why CDD has called upon the FDA to remedy this situation, first by conducting a comprehensive investigation into the use and impact of digital-health marketing techniques and technologies, and then by working with the Federal Trade Commission and other appropriate agencies to develop a set of policies for regulating the use of behavioral targeting, data collection, and other digital techniques in the marketing of drugs and health-related products.