Leading Health, Privacy, and Consumer Groups Call on FTC to Protect Adolescent Privacy online

For Immediate Release:  Feb. 18, 2011
Child, Health and Consumer Advocates Ask FTC for Teen Privacy Protections, including Do-Not-Track and No Behavioral Targeting

Today a Coalition of Child, Health and Consumer Advocates filed comments on the Federal Trade Commission’s proposed privacy framework asking for increased privacy protections for adolescents.   The coalition includes leading advocates such as the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Children Now, and the Consumer Federation of America.

Privacy protections are needed as teens are increasingly subjected to privacy invasions online. Teens are using new media technologies for key social interactions and to explore their identities. This increased use of digital media subjects them to wholesale data collection and profiling of even their most intimate interactions with friends, family, and schools. Meanwhile, recent research in psychology and neuroscience reveals that teens are more prone to risky behavior when their anxieties and peer relations are exploited. Privacy protections are needed to keep the online world social and safe.

Companies should not use data to behaviorally profile teens. The framework should also provide enhanced choice for adolescents, including a Do Not Track feature. In implementing “privacy by design,” companies should consider the needs and vulnerabilities of teens.  They should address those vulnerabilities by, for example, minimizing the amount of data collected from teens.  Data that is collected should be retained for only short periods and should be afforded greater security.

“Teens live online today,” said Guilherme Roschke, attorney for CDD. “This time of development and maturation requires privacy protections. Teens cannot go it alone against the vast data collection and profiling infrastructure of new media technologies that not even adults can understand.”

“Because of their avid use of new media, adolescents are primary targets for digital marketing,” explained co-signer Kathryn C. Montgomery, Ph.D. “The unprecedented ability of digital technologies to track and profile individuals across the media landscape, and to engage in sophisticated forms of targeting, puts these young people at special risk of compromising their privacy.”

The full coalition includes:

Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Berkeley Media Studies Group, a project of the Public Health Institute, Children Now, Consumer Federation of America, Consumer Watchdog, David VB Britt, Retired CEO, Sesame Workshop, Ellen Wartella, Kathryn Montgomery, National Policy & Legal Analysis Network to Prevent Childhood Obesity, a project of Public Health Law & Policy, The Praxis Project, Privacy Rights Clearinghouse, Public Good, Public Health Institute, Tamara R. Piety, and World Privacy Forum

Guilherme Roschke
Staff Attorney / Fellow
Institute for Public Representation
First Amendment and Media Center
Georgetown University Law Center
T:(202) 662-9543
F:(202) 662-9634
gcr22@law.georgetown.edu
http://www.law.georgetown.edu/clinics/ipr/
**********

Statement of Jeff Chester on the Department of Commerce’s Internet Policy Task Force Privacy and E-Commerce: a Bill of Behavioral Targeting “Rights” for Online Marketers?

The Obama Administration asks some important questions about protecting the privacy of U.S. consumers.  But given the growth of online data collection that threatens our privacy, including when consumers are engaged in financial, health, and other personal transactions (including involving their families), this new report offers us a digital déjà vu.   The time for questions has long passed.

Instead of real laws protecting consumers, we are offered a vague “multi-stakeholder” process to help develop “enforceable codes of conduct.”  If the Commerce Department really placed the interests of consumers first, it would have been able to better articulate in the report how the current system threatens privacy.    They should have been able to clearly say what practices are right and wrong—such as the extensive system of online behavioral tracking that stealthily shadows consumers—whether on their personal computer or a mobile phone.   The paper should have firmly articulated what the safeguards should be for financial, health and other sensitive data.  The report should have rejected outright any role for self-regulation, given its failures in the online data collection marketplace.  While the report supports a FIPPS framework, these principles can be written in a way that ultimately endorses existing business practices for online data collection and targeting.

This illustrates one of the basic problems with the Administration’s approach to protecting consumer privacy online.  The Commerce Department is focused on promoting the interests of industry and business—not consumers.  It cannot play the role of an independent, honest broker; consequently it should not be empowered to create a new Privacy Policy Office.   Having the Commerce Department play a role in protecting privacy will enable the data collection foxes to run the consumer privacy henhouse.  We call on the Administration and Congress to address this issue.  A new Privacy Policy Office should be independent and operate under the Administrative Procedures Act—ensuring there are safeguards for meaningful public participation and transparency.

The Commerce paper’s real goal is to help U.S. Internet data collection companies operate in the EU, Asia/Pacific and other markets as “privacy-free” zones.  Under the cover of promoting “innovation” and trade, I fear the U.S. will craft a crazy-quilt code of conduct regimes that they will claim should pass muster in the EU (which has a more comprehensive framework to protect privacy).  The Obama Administration appears to be promoting a kind of “separate, but equal” framework, where it will argue that no matter how weak U.S. privacy rules are, other countries should accept them as the equivalent of a stronger approach.  The new paper should have acknowledged the U.S. has to play catch-up with the EU when it comes to protecting consumer privacy.

We have been promised meetings with the new White House subcommittee on privacy, where consumer and privacy groups will raise these and other concerns.

Microsoft’s “Advertising Exchange” for mobile and online: How will it be addressed by its own Do Not Track approach?

Microsoft has received praise for offering in Internet Explorer 9 a “tracking protection” capability that will enable users to import lists of third party sites that would be blocked.  That’s useful, but not enough.  Microsoft engages in extensive behavioral targeting (inc. for mobile) and other interactive ad strategies designed to capture data throughout its global digital advertising service (as does almost everyone else in the online ad business; that’s one reason why so-called “first-party” websites and services require consumer privacy rules). To beome a true leader in the privacy arena, Microsoft should do more.  Take its Microsoft Advertising Exchange, which sells instant access to users in real-time (such as what Google and also many others do).  We want to learn from Microsoft what privacy and consumer protection safeguards it’s developing for the Exchange, which “now supports approximately 8 billion impressions, or transactions, per month.”   Microsoft has been using and has just invested additional funding in AppNexus, which describes itself as “the industry’s most advanced real-time ad platform.”

ClickZ noted that: “In addition to using AppNexus to support real-time bidding on its sites, its ad network, and its exchange, Microsoft has begun supplementing regular ad buys on the Microsoft Media Network with exchange-traded inventory. That extra inventory carries a lot of potential reach, since AppNexus claims to support 4 billion transactions or impressions a day…Additionally, Microsoft has put the pieces in place to create a mobile ad exchange, called Microsoft Advertising Exchange for Mobile.. It will work by allowing Windows Phone 7 app developers to plug into demand from mobile ad networks like Millenial Media, InMobi and MobClix.”

Microsoft should tell the FTC, the EU, Congress and others how it plans to address the privacy issues raised by its Exchange expansion plans.  Last July, Microsoft noted that: “Microsoft is moving aggressively to provide our customers with access to our owned and operated inventory, as well as partner inventory, via our exchange. This move is in addition to our expansion of the Microsoft Media Network, which combined with the exchange, provides a holistic solution for our customers.  In recent weeks we have on-boarded US Windows Live inventory – including Hotmail and Messenger – into our exchange, providing a highly liquid pool of high quality inventory to demand partners on an RTB basis. We have integrated with each of the major DSP’s to ensure that our customers can work with the partner of their choice in accessing inventory.  Moving forward we will make available the rest of our US owned and operated inventory and partner supply. We’re excited about the efficiencies offered by an exchange-enabled ecosystem, and are committed to providing a foundation that enables innovation by allowing third parties to add value in a transparent, trustworthy ecosystem…over the next six months we will be integrating DSP’s into the Atlas Technology Partner Alliance. This will enable Atlas advertisers to seamlessly partner with the DSP of their choice to extend their buys onto RTB exchanges while enjoying all the benefits of campaign tracking and optimization…”  

We will be turning to the online ad exchange system and privacy issues, in the weeks ahead.

IAB Gets a new Chance to Play Constructive Role as Randall Rothenberg Goes to Time Inc.

The departure of Randall Rothenberg, the head of the Interactive Advertising Bureau, provides a critical opportunity for the IAB to revisit its position on protecting consumer online privacy (including Do Not Track).  Under Mr. Rothenberg, the IAB lobbied Congress to restrict the FTC’s ability to protect consumers, including on privacy.  With new leadership, the IAB could begin playing a more constructive role by working with consumer groups to build a consensus on federal privacy rules.  Instead of confrontation and denial, we hope the online ad lobby pursues serious engagement with privacy advocates.   The IAB has become just another inside the Beltway lobbying group–and has lost credibility among many policymakers.  A new IAB leader should be someone who can really help the mission of the industry by engaging in the kind of diplomacy and debate that supports the higher purposes of online advertising, digital publishing, and the public interest.
At Time, Mr. Rothenberg will now be in charge of its online ad network, which uses behavioral targeting and other interactive data techniques.  How Time responds to the growing call for better consumer privacy will be one of Mr. Rothenberg’s new challenges.

Consumers Union Supports our call for FTC action on digital pharma & health marketing

My CDD is very pleased to have received a copy of this letter sent to the FTC and FDA by Consumers Union.  It underscores how the issues around sensitive data and sensitive users are a critical part of consumer protection online.  We are also pleased about the positive coverage our complaint has received from the press, including the New York Times, CBS/Moneywatch, and other publications.

December 1, 2010

Chairman Jon Leibowitz

Federal Trade Commission

600 Pennsylvania Avenue NW

Washington, DC  20580

Dear Mr. Chairman:

Consumers Union, the independent, non-profit publisher of Consumer Reports, urges the Federal Trade Commission to accept the request of November 23, 2010 from several petitioners “to investigate unfair and deceptive advertising practices that consumers face as they seek health information and services online.”

The very detailed 144-page filing is by the Center for Digital Democracy, U.S. PIRG, Consumer Watchdog, and the World Privacy Forum. Among the companies named in the complaint are Google, Yahoo, Microsoft, AOL, WebMD, Quality Health, Everyday Health, and Health Central. The complaint explains how non-traditional pharmaceutical advertising on the internet and elsewhere uses a wide range of tools and disguises to convince consumers to use various drug products. These advertisements frequently hide the fact that they are funded by the drug manufacturer and they often fail to give any hint of side effects or possible adverse events from use of the drugs.

We have not independently examined each of the documents cited in the complaint or the context in which they were used. But the documents are overwhelmingly explicit in their description of how to take information consumers would consider very private (the decision to type in a health-related word or phrase on a website) and consciously and unconsciously manipulate those consumers into the use of specific prescription drug products.

The mass of documents in the complaint are shocking in their totality and their implication for privacy and the use of pharmaceuticals with potentially dangerous side effects or questionable efficacies.

We urge the Commission to begin an immediate investigation pursuant to the requests in the complaint. Thank you for your consideration.

Sincerely,

William Vaughan

Health Policy Analyst

Online Ad Biz to Reps. Markey/Barton: We Really Don’t Have to Tell You the Facts! The case of Yahoo!




If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes for the online ad industry.  None of the replies provided to Reps. Markey and Barton answered the basic charge posed by the WSJ in its series and previously raised by privacy advocates:  that “[O]ne of the fastest-growing businesses on the Internet is the business of spying on Internet users.”   All the companies hide behind `it’s a business as we created it and good for everyone’ facade.  Many use a scare tactic claiming that the data collection model they developed is responsible for funding online content/publishing and without it much/if not all of the Internet would vanish (as if you can’t have both robust e-commerce and privacy!).  Many of the answers to Congress also say that their privacy policies and membership in self-regulatory groups (such as the NAI) reflect best practices (as if they automatically vanish the problems!).  The companies don’t take responsibility for the problem or acknowledge that there are privacy concerns outstanding. 

The responses reflect the Orwellian recasting of industry terms on the data collection practices it created and operates.  Behavioral targeting (with $1.13 billion this year in spending for this type of ad) has been transformed into “preference,” “relevant,” or “interest” targeting.  Online profiling and targeting is now called “customization.”  The industry is running away from the precise definitions they created and use because they are honest terms showing consumers are being tracked, profiled and targeted based on our behaviors and actions.  Finally, several of the companies submitted their privacy policies.   In order to full understand them, a consumer (in between taking their children to school or a soccer game, working, shopping, cooking) would simultaneously also have to be a technologist, lawyer, and investigator, to understand and control all the cookies, etc.

Also, the companies resort to a now out-of-date definition of what’s considered so-called personally identifiable information (PII).  Cookies, IP addresses, pixels and web bugs, they claim, are “non-PII” and hence fail to raise privacy concerns.  Yet both the EU and FTC have said that in today’s online data collection world, the old definition of what’s identifiable no longer really works.  The FTC explained last year that “[S]taff believes that, in the context of online behavioral advertising, the traditional notion of what constitutes PII versus non-PII is becoming less and less meaningful and should not, by itself, determine the protections provided for consumer data.  Indeed, in this context, the Commission and other stakeholders have long recognized that both PII and non-PII raise privacy issues…

Companies such as Yahoo, AOL, About.com (NYTimes Co), News Corp/MySpace and others are disingenuous in their responses—failing to inform the Congress what they tell their clients and prospective advertisers.  Among the most cynically self-serving is Yahoo. First, Yahoo did not describe all the ways it collects data on users when it answered question 1.  For example, examine Yahoo’s Advertising Blog, where you can find a discussion of far-ranging techniques used in the data collection process.  Most of which are not spelled out or really explained in the privacy policy;  See also, Yahoo’s “smart ad” technology that changes the copy in real time based on the data it collects.  Its privacy policy really doesn’t explain it in the same way it pitches itself to clients.  Yahoo says in its Hill letter that it “may” acquire data from external sources and gives the link to that section of its privacy policy.  Not even a multi-tasking genius could opt-out all of that.  Nor does Yahoo tell you about the tons of data on consumers their partners collect.  Also, they say in question 3 how they collect data, but tell potential clients a more informed story:  “Yahoo! gets to know its visitors to give them what they’re looking for, even when they’re not actively looking. In part, Yahoo! does this by using an industry practice called behavioral targeting (BT)… Yahoo! BT goes beyond common rules-based segmentation or grouping of consumers by the sites they’ve visited. The tool is powered by sophisticated modeling technology based on extensive online interactions that include searches, page views, and ad interactions. With these models, Yahoo! identifies what consumers are interested in and predicts where they are in the buying process, thereby determining which consumers may respond best to your ad placements.”  In question 4-5, Yahoo claims its users have all the information they require via the privacy policy.  But Yahoo’s information for perspective clients tells a more complete and different story:  “With rich media, you benefit from deep reporting that goes way beyond the click. Track time spent watching video, mouse-over interactions, poll results, average number of panels interacted with and much more.  If you design it, we can track it… Partner with Yahoo! to produce unique, immersive consumer experiences that integrate your brand…”Question 9, again, they call it “customized experience” to Congress—and “smart ads” that track and learn about you when they explain it to advertisers.   Question 10.  Health and finance.  Yahoo failed to tell Congress they track and target consumers health and financial info.  And they target teens.  For health; finance.


The new “Digital Advertising Alliance” self-reg plan. See if it tells consumers what its sponsor ad groups really say to each other. That they track and target your “digital footprint”

On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled.  A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require.  The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.

As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level.  Here’s excerpts of what they say.  See if that little icon is being honest when you click it.  Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process.  Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you!  From the new “Targeting Local Markets” guide:

Explicit profile data Targeting. definition–
Explicit data is “registration quality data” collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…

Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing” experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.

Yahoo’s Targets Millions of Users for its Largest Advertisers, via a “Magic Formula” Powering its Ad Auction System

Preston McAfee Magic FormulaThat’s the formula Yahoo is using to please its largest advertisers, explains an article in The Register.  The report explains that Yahoo’s economist Preston McAfee has created a “magical formula” for its ad targeting service:  “a formula designed to keep Yahoo!’s largest advertisers as happy as possible. It lets each of those guaranteed-contract advertisers pick and choose — in remarkably precise fashion — how their ads are targeted, even though there are more than three trillion possible targets…Yes, Yahoo! has advertisers who only want to reach women between the ages of twenty and thirty. But it also has advertisers who only want to advertise in cities where the sun is shining. There are brokerage houses who only want to advertise when the stock market is up…What is really ‘magic’ about this is that it gave us a backdoor way to price three trillion different pieces of advertiser demand,” McAfee says…The setup also gives Yahoo! fine-grain control over each advertiser’s campaign. “It gives us a dial to favor an advertiser,” he continues. “If one of our advertisers is not getting enough impressions, we turn the dial and increase their bids, to make sure we fulfill the contract.”

But what’s needed is a policy formula–that creates privacy and other consumer protection safeguards.  Online marketing’s use of advanced computing systems and real-time ad auctions of data on individual users underscores the problem–the industry is running amok.   Consumers shouldn’t be subject to powerful invisible technologies that track, profile, target and sell them to the highest bidder.

Teens and Online Privacy: Empowering Adolescents to Control How Online Marketers Can Stealithily Target Them and Collect Data

Some commentators–and groups funded by online marketers that target teens–are worried that proposals to the FTC and Congress that adolescent privacy be protected will somehow create a system that requires forms of age verification online.  The coalition of leading consumer, child advocacy, health and privacy organizations filing comments at the FTC last week aren’t calling for the parental permission paradigm used by the Children’s Online Privacy Protection Act [COPPA] be extended to teens.  But there are many online commercial services specifically targeting adolescents–that’s their target market.  It’s those sites and services specifically focused on adolescents that we want to have better privacy safeguards.   We want those sites to be governed by an opt-in regime that gives teen users meaningful control of how their information is collected and utilized.  Those sites should be required to engage in the Fair Information Principles known as  “data use minimization.”  Commercial sites targeting adolescents should make its data collection practices fully transparent and under the control by the teen (including a truly accessible privacy policy).  In another words, a privacy safeguard regime that really should be available for everyone.  Teens are ‘ground zero’ for much of digital marketing–for examples see our site: www.digitalads.org [especially the update section].  If you look at the reports on that site, you will see that the most recent scholarly thinking is that brain development in adolescents occurs much later than what was once thought.  They don’t have the ability to effectively understand the intent of highly sophisticated interactive marketing and the corresponding data collection which underlies contemporary digital advertising. That’s why empowering them so they can protect their privacy strengthens their rights.

Online Ad Lobby and Chamber Celebrate Victory over Consumer Protection & FTC

Yesterday, the online ad lobby [IAB, ANA, DMA]–working with Chamber of Commerce–scored a major political victory by forcing the Financial reform bill conference committee to drop proposed provisions that would have strengthened the FTC.  Under the House bill, the FTC would have been given the same kind of regulatory authority most federal agencies have [APA rulemaking].  Marketers and advertisers are celebrating their win, because it keeps the FTC on a weakened and short political leash.  While consumer protection is significantly expanded because of the CFPB and new financial rules, the FTC is to remain largely hamstrung.  The online marketing and advertising lobby [including ANA, DMA–see below] were afraid that the newly invigorated FTC under Pres. Obama would require the industry to protect privacy online and also become more accountable to consumers engaged in e-commerce.   I heard IAB and Chamber are dancing in the streets! Congressmen Barney Frank, Henry Waxman and Sen. Rockefeller deserve praise for working hard to protect consumers, including their proposal on the FTC.

Here’s what two of the ad groups placed on their sites about the FTC issue:

Progress on FTC Enforcement Provisions in Wall Street Reform Conference

June 23, 2010

The marketing and media community has made substantial progress on defeating the broad expansion of FTC powers that is included in the House version of the Wall Street reform bill.  But we still need your assistance to keep these provisions out of the final bill.

Yesterday the Senate conferees presented an offer on the bill that rejected the new FTC powers that are in the House version.  Chairman Dodd indicated that while he may support changes in the Magnuson Moss rulemaking process, there is no Senate provision and these issues are too complex and important to be resolved in the context of the Wall Street reform bill.  Conferees hope to finish the conference this week so the final bill can be cleared for the President’s signature next month.

The House conferees may still continue to push for these provisions, so it is very important that marketers contact the Senate conferees to express our appreciation for their support and to urge them to remain strongly opposed to these new powers for the FTC in this bill.  Contact information for the Senate conferees is located here and our letter to Senate conferees is available here.  Please let the Senators know if you have plants or operations in their states.

ANA took part in a very important meeting yesterday with Senate Commerce Committee Chairman Jay Rockefeller on these issues.  We argued that these issues are very important to the entire marketing community and deserve careful consideration outside of the context of the Wall Street reform bill.  The Chairman strongly indicated that he will continue to push for changes in the Magnuson Moss rulemaking procedures this year.

If you have any questions about this matter, please contact Dan Jaffe (djaffe@ana.net) or Keith Scarborough (kscarborough@ana.net) in ANA’s Washington, DC office at (202) 296-1883.

http://www.ana.net/advocacy/content/2418

DMA Asks Financial Reform Conferees to Keep FTC Expansion Out of ‘Restoring American Financial Stability Act’

June 10, 2010 — The Direct Marketing Association (DMA) today was joined by 47 other trade associations and business coalitions in sending a letter to each of the conferees on H.R. 4173, the “Restoring American Financial Stability Act” (RAFSA), urging them to keep language that would dramatically expand the powers of the Federal Trade Commission (FTC) out of the final bill.

As the House and Senate conferees work to reconcile their versions of the financial regulatory legislation, the associations — which represent hundreds of thousands of US companies from a wide array of industry segments — expressed strong opposition to provisions in the House version of the bill that would expand the FTC’s rulemaking and enforcement authority over virtually every sector of the American economy.

“The balance struck in the Senate bill is the right one,” said Linda Woolley, DMA’s executive vice president, government affairs.  “That bill makes the most sense in the context of financial reform legislation, maintaining the FTC’s existing jurisdiction without expanding its rulemaking and enforcement authority over industries and sectors that had nothing to do with the financial crisis.  Issues of FTC expansion deserve their own due consideration and debate in the more appropriate context of an FTC reauthorization, as has been done in the past.”

DMA and the other associations strongly believe that granting the FTC broad new authority is not a necessary or relevant response to the causes of the recent recession and, therefore, asked the conferees to oppose the inclusion of any provisions that would expand FTC authority, rather than making changes to the Commission that would have a fundamental impact on the entire business community and the broader American economy.

For more information please visit www.dmaaction.org.
http://www.the-dma.org/cgi/dispannouncements?article=1449