Leading Health, Privacy, and Consumer Groups Call on FTC to Protect Adolescent Privacy online

For Immediate Release:  Feb. 18, 2011
Child, Health and Consumer Advocates Ask FTC for Teen Privacy Protections, including Do-Not-Track and No Behavioral Targeting

Today a Coalition of Child, Health and Consumer Advocates filed comments on the Federal Trade Commission’s proposed privacy framework asking for increased privacy protections for adolescents.   The coalition includes leading advocates such as the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Children Now, and the Consumer Federation of America.

Privacy protections are needed as teens are increasingly subjected to privacy invasions online. Teens are using new media technologies for key social interactions and to explore their identities. This increased use of digital media subjects them to wholesale data collection and profiling of even their most intimate interactions with friends, family, and schools. Meanwhile, recent research in psychology and neuroscience reveals that teens are more prone to risky behavior when their anxieties and peer relations are exploited. Privacy protections are needed to keep the online world social and safe.

Companies should not use data to behaviorally profile teens. The framework should also provide enhanced choice for adolescents, including a Do Not Track feature. In implementing “privacy by design,” companies should consider the needs and vulnerabilities of teens.  They should address those vulnerabilities by, for example, minimizing the amount of data collected from teens.  Data that is collected should be retained for only short periods and should be afforded greater security.

“Teens live online today,” said Guilherme Roschke, attorney for CDD. “This time of development and maturation requires privacy protections. Teens cannot go it alone against the vast data collection and profiling infrastructure of new media technologies that not even adults can understand.”

“Because of their avid use of new media, adolescents are primary targets for digital marketing,” explained co-signer Kathryn C. Montgomery, Ph.D. “The unprecedented ability of digital technologies to track and profile individuals across the media landscape, and to engage in sophisticated forms of targeting, puts these young people at special risk of compromising their privacy.”

The full coalition includes:

Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Berkeley Media Studies Group, a project of the Public Health Institute, Children Now, Consumer Federation of America, Consumer Watchdog, David VB Britt, Retired CEO, Sesame Workshop, Ellen Wartella, Kathryn Montgomery, National Policy & Legal Analysis Network to Prevent Childhood Obesity, a project of Public Health Law & Policy, The Praxis Project, Privacy Rights Clearinghouse, Public Good, Public Health Institute, Tamara R. Piety, and World Privacy Forum

Guilherme Roschke
Staff Attorney / Fellow
Institute for Public Representation
First Amendment and Media Center
Georgetown University Law Center
T:(202) 662-9543
F:(202) 662-9634
gcr22@law.georgetown.edu
http://www.law.georgetown.edu/clinics/ipr/
**********

The new “OpenRTB” online ad exchange platform–consumer protection and privacy concerns

Both Advertising Age and Adexchanger.com report on the new “real-time bidding” consortium.  Real-time bidding stands for a process where each of us are tracked and sold to the highest bidder, in real-time, so we can be targeted with ads (from financial products to pharmaceuticals to travel and more).  The OpenRTB effort provides “industry standards for communication between buyers of advertising and sellers of publisher inventory.”  Initial members include leading data targeting companies Data Xu, MediaMath, Turn, Ad Meld, Pubmatic and the Rubicon Project.

The further integration of data tracking and selling platforms raises consumer protection, privacy and competition issues.  Consumers need to be able to decide for themselves about whether they wish to be targeted through such exchanges.  The consortium offers its online ad partners tools to streamline the digital marketing process.  Where are the tools for a consumer–so they can determine how they are treated online through these anonymous and impersonal systems?  In its haste to advance online behavioral targeting, the new OpenRTB consortium appears to have left privacy and consumer choice and control aside. Regulators, privacy and consumer advocates and others will need to maintain a close watch on the new online targeting alliance.  Meanwhile, we hope that this new group will adopt new consumer protection safeguards–and not rely on the flimsy argument that groups such as the NAI and triangled icons somehow protect the public.

Five Ways to Protect Privacy

[a version we wrote of this ran in Multichannel News]
Five Ways for Digital Marketers to Protect Consumer Privacy

If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes.  That’s not what consumers and citizens need in the interactive marketing era.   All Americans should have their privacy respected and protected when they go online—including when they use mobile phones.

1.     Tell your users what you actually say to your advertisers—about how the profiling and targeting process really works.  There is a disconnect that is unfair and deceptive between what companies say in their privacy policies and pitch to their clients and potential partners.   Be honest about the “360 degree” ways you engage in online marketing.

2.     Don’t collect information and target consumers based on their interests in finance and health.  These two most “sensitive” categories should be opt-in only.   When consumers go online for loans, credit, mortgages, and health concerns they require the upmost privacy.  Although online financial, health and so-called lead-generation advertising is big business, consumers should not be forced to have their online financial and health behavior stealthfully-tracked and compiled.  The risks to consumers are great if we don’t develop special rules for this data.

3.     Racial and ethnic profiling data should also be opt-in. Hispanics, African-Americas, Asian-Americans and other minorities are increasingly the focus of a growing behavioral targeting and online marketing apparatus.  In the “offline” world, we have witnessed a disturbing use of racial profiling practices to discriminate against individuals.  In today’s online environment, users are being identified as being a member of a racial or ethnic group without either their awareness or consent.  While we all want to see the growth of diversely owned online publishing, it should not be done at the expense of civil liberties in the digital era.  We must prevent the growth of online racial profiling, that when tied to income, geography and other data can be used to create 21st Century forms of discrimination.

4.     Don’t use neuromarketing and other subliminal and subconscious-based advertising.   Fortune 1000 advertisers and online marketers such as Microsoft, Yahoo and Google are using new forms of ad testing and development involving the latest tools of neuroscience, such as fMRI’s and EEGs.  Neuromarketing’s goal is to directly influence a consumer’s subconscious, and when combined with the power of online data targeting,  offers powerful—and frightening—new forms of manipulation.

5.     Users need to consent to having their profiles be bought and sold on so-called online ad exchanges.  Selling off the right to target a consumer online, via real-time auctions that happen in milliseconds, is dehumanizing.  Nor should we permit the growing combination of offline and online databases to be used for targeting, including via these new digital auction houses.

Interactive marketing is now a fundamental operating principle for the cross-platform media economy throughout the world.   But right now, it’s a digital “wild west” that doesn’t serve the interests of consumers, citizens and most marketers.

Behavioral Targeting is About Tracking an “Individual,” Explains Online Marketer

The online ad industry and lobby better stop saying that cookies and other forms of data collection aren’t personally identifiable–so-called PII [personally identifiable information].  As we know, behavioral targeting (BT) identifies, profiles, tracks and targets an individual.  Here’s just one example of how online marketers discuss what BT really is when they are talking among themselves and to clients (our emphasis):

What is behavioral targeting?
Behavioral targeting is a technique used by online advertisers to improve the effectiveness of their campaigns by increasing the relevance of product offers and promotions on a visitor-by-visitor basis.

Behavioral targeting uses information collected on an individual’s web-browsing behavior, such as the pages they have visited or the searches they have made, to select and deliver online ads to the users who are most likely to be interested…As the effective mixing and mining of audience data has become increasingly important to online advertisers, the role of behavioral targeting and retargeting have grown more central…The typical approach to behavioral targeting starts by using web analytics to group visitors into discrete channels. Each channel is analyzed and a virtual profile is created to for each channel…
Most platforms identify visitors by assigning a unique id cookie to each and every visitor to the site, allowing them to be tracked throughout their web journey.  An example is a user who visits content about auto insurance, clicks on an insurance advertiser button or banner, and then searches for “auto insurance.” This user would be assigned to the insurance prospect channel and the next time that user goes to Yahoo they will see ad for insurance…

The new “Digital Advertising Alliance” self-reg plan. See if it tells consumers what its sponsor ad groups really say to each other. That they track and target your “digital footprint”

On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled.  A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require.  The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.

As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level.  Here’s excerpts of what they say.  See if that little icon is being honest when you click it.  Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process.  Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you!  From the new “Targeting Local Markets” guide:

Explicit profile data Targeting. definition–
Explicit data is “registration quality data” collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…

Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing” experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.

Teens and Online Privacy: Empowering Adolescents to Control How Online Marketers Can Stealithily Target Them and Collect Data

Some commentators–and groups funded by online marketers that target teens–are worried that proposals to the FTC and Congress that adolescent privacy be protected will somehow create a system that requires forms of age verification online.  The coalition of leading consumer, child advocacy, health and privacy organizations filing comments at the FTC last week aren’t calling for the parental permission paradigm used by the Children’s Online Privacy Protection Act [COPPA] be extended to teens.  But there are many online commercial services specifically targeting adolescents–that’s their target market.  It’s those sites and services specifically focused on adolescents that we want to have better privacy safeguards.   We want those sites to be governed by an opt-in regime that gives teen users meaningful control of how their information is collected and utilized.  Those sites should be required to engage in the Fair Information Principles known as  “data use minimization.”  Commercial sites targeting adolescents should make its data collection practices fully transparent and under the control by the teen (including a truly accessible privacy policy).  In another words, a privacy safeguard regime that really should be available for everyone.  Teens are ‘ground zero’ for much of digital marketing–for examples see our site: www.digitalads.org [especially the update section].  If you look at the reports on that site, you will see that the most recent scholarly thinking is that brain development in adolescents occurs much later than what was once thought.  They don’t have the ability to effectively understand the intent of highly sophisticated interactive marketing and the corresponding data collection which underlies contemporary digital advertising. That’s why empowering them so they can protect their privacy strengthens their rights.

Online Ad Lobby and Chamber Celebrate Victory over Consumer Protection & FTC

Yesterday, the online ad lobby [IAB, ANA, DMA]–working with Chamber of Commerce–scored a major political victory by forcing the Financial reform bill conference committee to drop proposed provisions that would have strengthened the FTC.  Under the House bill, the FTC would have been given the same kind of regulatory authority most federal agencies have [APA rulemaking].  Marketers and advertisers are celebrating their win, because it keeps the FTC on a weakened and short political leash.  While consumer protection is significantly expanded because of the CFPB and new financial rules, the FTC is to remain largely hamstrung.  The online marketing and advertising lobby [including ANA, DMA–see below] were afraid that the newly invigorated FTC under Pres. Obama would require the industry to protect privacy online and also become more accountable to consumers engaged in e-commerce.   I heard IAB and Chamber are dancing in the streets! Congressmen Barney Frank, Henry Waxman and Sen. Rockefeller deserve praise for working hard to protect consumers, including their proposal on the FTC.

Here’s what two of the ad groups placed on their sites about the FTC issue:

Progress on FTC Enforcement Provisions in Wall Street Reform Conference

June 23, 2010

The marketing and media community has made substantial progress on defeating the broad expansion of FTC powers that is included in the House version of the Wall Street reform bill.  But we still need your assistance to keep these provisions out of the final bill.

Yesterday the Senate conferees presented an offer on the bill that rejected the new FTC powers that are in the House version.  Chairman Dodd indicated that while he may support changes in the Magnuson Moss rulemaking process, there is no Senate provision and these issues are too complex and important to be resolved in the context of the Wall Street reform bill.  Conferees hope to finish the conference this week so the final bill can be cleared for the President’s signature next month.

The House conferees may still continue to push for these provisions, so it is very important that marketers contact the Senate conferees to express our appreciation for their support and to urge them to remain strongly opposed to these new powers for the FTC in this bill.  Contact information for the Senate conferees is located here and our letter to Senate conferees is available here.  Please let the Senators know if you have plants or operations in their states.

ANA took part in a very important meeting yesterday with Senate Commerce Committee Chairman Jay Rockefeller on these issues.  We argued that these issues are very important to the entire marketing community and deserve careful consideration outside of the context of the Wall Street reform bill.  The Chairman strongly indicated that he will continue to push for changes in the Magnuson Moss rulemaking procedures this year.

If you have any questions about this matter, please contact Dan Jaffe (djaffe@ana.net) or Keith Scarborough (kscarborough@ana.net) in ANA’s Washington, DC office at (202) 296-1883.

http://www.ana.net/advocacy/content/2418

DMA Asks Financial Reform Conferees to Keep FTC Expansion Out of ‘Restoring American Financial Stability Act’

June 10, 2010 — The Direct Marketing Association (DMA) today was joined by 47 other trade associations and business coalitions in sending a letter to each of the conferees on H.R. 4173, the “Restoring American Financial Stability Act” (RAFSA), urging them to keep language that would dramatically expand the powers of the Federal Trade Commission (FTC) out of the final bill.

As the House and Senate conferees work to reconcile their versions of the financial regulatory legislation, the associations — which represent hundreds of thousands of US companies from a wide array of industry segments — expressed strong opposition to provisions in the House version of the bill that would expand the FTC’s rulemaking and enforcement authority over virtually every sector of the American economy.

“The balance struck in the Senate bill is the right one,” said Linda Woolley, DMA’s executive vice president, government affairs.  “That bill makes the most sense in the context of financial reform legislation, maintaining the FTC’s existing jurisdiction without expanding its rulemaking and enforcement authority over industries and sectors that had nothing to do with the financial crisis.  Issues of FTC expansion deserve their own due consideration and debate in the more appropriate context of an FTC reauthorization, as has been done in the past.”

DMA and the other associations strongly believe that granting the FTC broad new authority is not a necessary or relevant response to the causes of the recent recession and, therefore, asked the conferees to oppose the inclusion of any provisions that would expand FTC authority, rather than making changes to the Commission that would have a fundamental impact on the entire business community and the broader American economy.

For more information please visit www.dmaaction.org.
http://www.the-dma.org/cgi/dispannouncements?article=1449

Boucher/Stearns Privacy Bill: Fails to Ensure Data Collection Minimization and Forces Consumers to rely on Digital ‘fine’ Print

Yesterday, Reps. Rich Boucher and Clifford Stearns released a “discussion” draft for what they intend to become a new law addressing privacy online.  Mr. Boucher, whom I and a number of consumer and privacy representatives met with in March, is sincere in his desire to address online privacy.  But the bill’s overall orientation maintain (and really nurtures) the intense and pervasive data collection, online profiling, and targeting status quo.  Instead of focusing the goal of the bill on data minimization, a important Fair Information Principle, it really enables the maximization of information collection on consumers.

The bill does make several important contributions, including acknowledging that racial/ethnic and sexual orientation must be considered  “sensitive” information requiring higher safeguards [I played a role in urging Congressional leaders to include racial/ethnic data in the sensitive category].  By acknowledging that a “unique persistent identifier” should be classified as personal information, the draft bill follows what policymakers in the EU have crafted (and the FTC staff has already largely suggested).

But by primarily relying on so-called “notice and choice”–namely privacy policies–the bill fails to protect online users.  There is a growing consensus, backed by research, that privacy policies are inadequate.  The reliance by Mr. Boucher on Google’s ad preference manager system, which allows users to opt-out of more specific ad targeting categories, doesn’t address the key question:  how can we ensure less information is collected and used about each of us.  Nor does the bill protect sensitive information involving health and finance, where it permits a huge loophole that will continue online data practices involving our interactions online with financial and health related sites and services].  Adolescents are left unprotected in the bill–one of its most glaring omissions.

The bill doesn’t really empower the FTC to act effectively in this area, in our opinion.  Under the Boucher/Stearns bill, consumers will still have to rely on digital fine print–written in invisible ink–to protect privacy.  This is not a debate on ensuring online ad revenues for free content–we all support that.  It’s about defining reasonable rules of the online road that balances citizen and consumer rights with the interests of those who collect our data–whether they be commercial or government.

Where Does Google and Microsoft Really Stand–with the IAB and ad lobby or for Consumer Protection?

Both Google and Microsoft serve on the executive committee of the Interactive Ad Bureau, a trade association fighting against consumer privacy proposals in Congress and the FTC.  The IAB just sent a letter signed by other ad and marketing industry lobbyists opposing Obama and congressional proposals to expand the ability of the FTC to better protect consumers.  My CDD just sent emails to officials at both Google and Microsoft asking them to clarify where they stand on the IAB’s letter [see below].  Do our two leading online marketing leaders support financial and regulatory reform, including protecting privacy?  Or does the IAB letter–and Google and Microsoft’s own role helping govern that trade lobby group–really reflect their own position against better consumer protection? Not coincidently, the IAB’s PAC has expanded its PAC contribution giving to congress.

Why does the IAB and other ad groups want to scuttle a more capable FTC?  Think online financial products, including mortgages, pharmaceutical operated social networks, digital ads targeting teens fueling the youth obesity crisis, ads created by brain research to influence our subconscious minds, a mobile marketing system that targets us because it knows our location, interests and behavior.  The IAB is terrified that a responsible consumer protection agency will not only peek under the ‘digital hood,’ as the Obama FTC is currently doing.  But actually propose policies and bring cases that rein in irresponsible and harmful business practices.  So Microsoft and Google:  who are with?  Consumers or the special interest advertising lobby?
*****

letter to Google:  22 January 2010

Dear Pablo, Jane, Peter and Alan:

As you may know, the Interactive Advertising Bureau recently sent a letter  to Congress, along with other ad related groups, opposing the expansion of FTC regulatory authority as proposed in the Consumer Financial Protection Agency bill and related reauthorization [http://www.clickz.com/3636212].

Google serves on the executive committee of the IAB’s board.  For the record, does Google support IAB’s stance that, as news reports say, if the FTC is given additional enforcement and penalty-making authority, “the FTC could essentially act as an unelected legislature governing industries and sectors across the economy.”

If Google disagrees with the IAB’s letter, I ask that it make its position public as soon as possible.  I also respectfully request Google state its position regarding the Consumer Financial Protection Agency proposal, as well as its position on expanding FTC authority.

Regards,

Jeff Chester
Center for Digital Democracy
www.democraticmedia.org

letter to Microsoft:  22 Jan. 2010:

Dear Mike and Frank:

As you may know, the Interactive Advertising Bureau recently sent a letter to Congress, along with other ad related groups, opposing the expansion of FTC regulatory authority as proposed in the Consumer Financial Protection Agency bill and related reauthorization [http://www.clickz.com/3636212].

Microsoft serves on the executive committee of the IAB’s board.  For the record, does Microsoft support IAB’s stance that, as news reports say, if the FTC is given additional enforcement and penalty-making authority, “the FTC could essentially act as an unelected legislature governing industries and sectors across the economy.”

If Microsoft disagrees with the IAB’s letter, I ask that it make its position public as soon as possible.  I also respectfully request Microsoft state its position regarding the Consumer Financial Protection Agency proposal, as well as its position on expanding FTC authority.

Regards,

Jeff Chester
Center for Digital Democracy
www.democraticmedia.org

Consumer and Privacy Groups at FTC Roundtable to Call for Decisive Agency Action

Washington, DC, December 6, 2009 – On Monday December 7, 2009, consumer representatives and privacy experts speaking at the first of three Federal Trade Commission (FTC) Exploring Privacy Roundtable Series will call on the agency to adopt new policies to protect consumer privacy in today’s digitized world. Consumer and privacy groups, as well as academics and policymakers, have increasingly looked to the FTC to ensure that Americans have control over how their information is collected and used.

The groups have asked the Commission to issue a comprehensive set of Fair Information Principles for the digital era, and to abandon its previous notice and choice model, which is not effective for consumer privacy protection.

Specifically, at the Roundtable on Monday, consumer panelists and privacy experts will call on the FTC to stop relying on industry privacy self-regulation because of its long history of failure. Last September, a number of consumer groups provided Congressional leaders and the FTC a detailed blueprint of pro-active measures designed to protect privacy, available at: http://www.democraticmedia.org/release/privacy-release-20090901.

These measures include giving individuals the right to see, have a copy of, and delete any information about them; ensuring that the use of consumer data for any credit, employment, insurance, or governmental purpose or for redlining is prohibited; and ensuring that websites should only initially collect and use data from consumers for a 24-hour period, with the exception of information categorized as sensitive, which should not be collected at all. The groups have also requested that the FTC establish a Do Not Track registry.

Quotes from Monday’s panelists:

Marc Rotenberg, EPIC: “There is an urgent need for the Federal Trade Commission to address the growing threat to consumer privacy.  The Commission must hold accountable those companies that collect and use personal information. Self-regulation has clearly failed.”

Jeff Chester, Center for Digital Democracy: “Consumers increasingly confront a sophisticated and pervasive data collection apparatus that can profile, track and target them online. The Obama FTC must quickly act to protect the privacy of Americans,including information related to their finances, health, and ethnicity.”

Susan Grant, Consumer Federation of America: “It’s time to recognize privacy as a fundamental human right and create a public policy framework that requires that right to be respected,” said Susan Grant, Director of Consumer Protection at Consumer Federation of America. “Rather than stifling innovation, this will spur innovative ways to make the marketplace work better for consumers and businesses.”

Pam Dixon, World Privacy Forum: “Self-regulation of commercial data brokers has been utterly ineffective to protect consumers. It’s not just bad actors who sell personal information ranging from mental health information, medical status, income, religious and ethnic status, and the like. The sale of personal information is a routine business model for many in corporate America, and neither consumers nor policymakers are aware of the amount of trafficking in personal information. It’s time to tame the wild west with laws that incorporate the principles of the Fair Credit Reporting Act to ensure transparency, accountability, and consumer control.”

Written statements and other materials for the roundtable panelists are available at the following links:

CDD/USPIRG: http://www.democraticmedia.org/node/419

WPF: http://www.worldprivacyforum.org/pdf/WPF_Comments_FTC_110609fs.pdf

CFA: http://www.consumerfed.org/elements/www.consumerfed.org/File/5%20Myths%20about%20Online%20Behavioral%20Advertising%2011_12_09.pdf

EPIC: www.epic.org