Category: consumer protection

CDD/USPIRG to FTC: Self-Reg is a Failure (and should be investigated for “unfair and deceptive” complaint!)

Here’s what we included in our recent filing at the FTC.


The Failure of Industry Self-regulation

It should be evident to all that self-regulation to protect consumer privacy online has been a dismal failure, and the FTC must have the courage to admit this. After all, it wasn’t until CDD/USPIRG and other consumer groups filed well-publicized complaints (and helped create a public outcry over the privacy implications of the Google/DoubleClick deal) that the FTC finally issued its privacy principles in 2007.[183] And it took such pressure to awaken the National Advertising Initiative (NAI) and its members from the deep freeze of inaction, belatedly scrambling to “enhance” their “Self-Regulatory Code of Conduct, a set of binding Principles that has governed members since 2001.”[184] Since its inception, the NAI had been asleep at the digital self-regulatory “switch.” Otherwise we would not have had the ever-growing personalized data collection, profiling, and targeting apparatus that NAI’s members so enthusiastically embraced. The NAI, it should not be forgotten, was only created to head off serious action by the FTC back in 2000 as a result of the growing concern with online profiling.[185]

The revised NAI principles reveal how the group remains incapable of ensuring the protection of consumer privacy. They also demonstrate how the NAI cannot be relied on to offer the FTC—or the public—independent and honest proposals that would protect consumers from contemporary online data collection practices. For example, its revised principles—sadly—define sensitive information is the narrowest of terms: “Social Security Numbers or other Government-issued identifiers; Insurance plan numbers; Financial account numbers; Information that describes the precise real-time geographic location of an individual derived through location-based services such as through GPS-enabled devices; Precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history.”[186]

The NAI and its members know full well that copious amounts of data relating to the financial and health status of consumers is currently being collected. Indeed expenditures for online financial marketing alone was $3 billion in 2008. The collection of consumer information resulting from online lead generation—which saw some $1.7 billion in spending last year—is deeply connected to data about a person’s interest in loans or credit.[187] A growing business in online pharmaceutical marketing is also actively harvesting consumer data, for purposes that include behavioral targeting. If the NAI were a serious independent entity capable of protecting consumers, it would have effectively articulated how sensitive information should be protected.

NAI’s narrow definition of personally identifiable information (PII) is out of touch with online marketing reality: “PII includes name, address, telephone number, email address, financial account number, government-issued identifier, and any other data used or intended to be used to identify, contact or precisely locate a person.”[188] We urge the commission to examine NAI members’ sites so it can view for itself the stark discrepancies between what is promised advertisers in terms of personalized consumer targeting and the NAI’s purposefully narrow and inaccurate definition of PII.

Finally, we find it absurd that all the NAI could do in serving the privacy interests of young people is to conform to the legal standards of the Children’s Online Privacy Protection Act. (COPPA is a law CDD’s executive director played a key leadership role in helping pass in 1998.) It is unfortunate that the NAI could not offer new safeguards for children, including policies to protect adolescent privacy.

Unfortunately, the “Self-Regulatory Principles for Online Behavioral Advertising,” released in July 2009 by the American Association of Advertising Agencies, Association of National Advertisers, Council of Better Business Bureaus, Direct Marketing Association, and the Interactive Advertising Bureau, are equally inadequate.[189] While an improvement over the stance embraced by the IAB in 2008, when it claimed there were no privacy concerns related to behavioral advertising, the new principles cannot be relied on to protect consumers.[190] Its “Sensitive Data” principle in particular, much like the NAI’s, is so inadequate that the FTC should consider bringing an Unfair and Deceptive Complaint against its authors. There are only two categories of information listed under the sensitive principle: Children and “Health and Financial Data.” Under the latter, AAAA et al’s principle is simply that “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records about a specific individual for Online Behavioral Advertising without Consent.”[191] Again, this flies in the face of what the members of these groups actually do when collecting health and financial data for online advertising. As for protecting children, the AAAA and its associates—like the NAI—simply endorse the legal framework already required by COPPA. But by failing to address adolescent privacy, the AAAA et al. reveal that they are really concerned only with maintaining the data collection/profiling/targeting status quo.

As the history of self-regulation of the media in the U.S. makes clear, we need strong baseline laws and regulations to ensure serious industry compliance. That’s why this new proceeding must lead to FTC action that will ensure that consumer privacy online is finally safeguarded.

Bravo to Public Voice’s “Global Privacy Standards for a Global World” Madrid Declaration

Last week, NGO’s and activists from across the world met in Madrid Spain to discuss threats to privacy and human rights.  It was part of the Public Voice’s excellent work to ensure that civil society is well represented in the debates over privacy and other digital media issues.  Over 100 NGO’s, including my own CDD, were initial endorsers of the “Global Privacy Standards for a Global World” Madrid Declaration. It was well received by policy makers, including the data protection commissioner community.  The all day meeting and related efforts was organized by the remarkable Katitza Rodriquez.  Bravo to her and everyone involved.

The Declaration and related work at the Data Protection conference provided a much needed counter-balance to the failure of leading online companies to seriously address their data collection practices and plans.

Groups & Scholars Urge Congress to Strengthen FTC’s Ability to Protect Consumers

The advertising lobby has been working to undermine the FTC’s ability to serve the public interest.  Advertisers are fearful that the FTC–finally awakened from a long digital slumber–will actually investigate the numerous problems linked especially to marketing (think prescription drugs, financial marketing of subprime loans, etc.).  They are especially concerned that the FTC will effectively address privacy and consumer protection problems related to privacy, interactive advertising, children and adolescents, and “green” marketing.  Here’s the letter which was sent late yesterday to Chairman Waxman and Ranking Member Barton:


October 28, 2009

Chairman Henry Waxman

Rep. Joe Barton, Ranking Member

Energy and Commerce Committee

(via email)

Dear Chairman Waxman and Rep. Barton:

We write to support the provisions in H.R. 3126, the “Consumer Financial Protection Agency Act of 2009” (CFPA Act), designed to ensure that the Federal Trade Commission has the resources and authority to protect consumers from unfair and deceptive practices.

We believe that the FTC must play a more proactive role addressing critical consumer concerns, including privacy, online marketing, and food advertising to young people.  Therefore, we fully support the legislative language in H.R.3126 that would enable the commission to conduct consumer protection rulemaking under the provisions of the Administrative Procedures Act (APA); provide it with aiding and abetting liability for violations of the Section 5 of the FTC Act involving unfair or deceptive practices; and enable it to seek civil penalty liability for unfair and deceptive practices found to violate Section 5.  We also support providing the FTC independent litigating authority in civil penalty cases.

As you know, the FTC’s ability to serve consumers has been hamstrung because of its “Magnuson-Moss” rulemaking procedure.  As a result, the FTC has not been able to effectively engage in a timely and effective rulemaking process.  By providing the FTC with the same APA rulemaking authority enjoyed by other federal agencies, it will enable the commission to engage in consumer protection activities in a timely manner.

Respectfully,

American Academy of Child and Adolescent Psychiatry

Campaign for Commercial Free Childhood

Center for Democracy and Technology

Center for Digital Democracy

Center for Science in the Public Interest

Children Now

Consumer Federation of America

Consumer Action

Consumers Union

Consumer Watchdog

Free Press

Electronic Frontier Foundation

Media Access Project

Privacy Rights Clearinghouse

Privacy Times

Public Citizen

Public Knowledge

Public Health Institute

U.S. PIRG

World Privacy Forum

David Britt, CEO (retired) Sesame Workshop

Prof. Kelly Brownell, Yale University

Prof. Robert McChesney, University of Illinois at Urbana-Champaign

Prof. Kathryn C. Montgomery, American University

Prof. Joseph Turow, University of Pennsylvania

Prof. Ellen Wartella, UC Riverside

Huffington Post CEO Opposes Consumer Privacy Safeguards [HuffPost CEO Eric Hippeau Doesn’t Get Privacy]

File this under “we aren’t concerned about the public interest when it may affect our bottom line.”  At yesterday’s Web 2.0 Summit conference, a panel on the future of news included representatives from HuffPo, Google, the NYT and others.  When a question was asked from the audience about behavioral targeting, here’s what Huffington Post CEO Eric Hippeau said [according to the WSJ]:

“it’s much ado about nothing. “I’d much rather see an ad I’m interested in,” he says. Efforts at regulation are made by people who “don’t get it.”

Shame on Mr. Hippeau.   Perhaps he opposes protecting consumer privacy because it would be inconvenient while his company expands its online ad targeting business.  HuffPost uses a range of online data collection and targeting tools, including Pubmatic for ad optimization, and Admeld. It uses Time Warner’s behavioral targeting subsidiary Tacoda [advertising.com] and also Google’s DoubleClick service.  Here’s an excerpt from HuffPost’s privacy policy:

“The more we know about you, the better we are able to customize our web site to suit your personal preferences and interests… We may also from time to time send you messages about our marketing partners’ products. To maintain a site that is free of charge and does not require registration, we display advertisements on our web site. We also use the information you give us to help our advertisers target the audience they want to reach…the ads appearing on HuffingtonPost.com are delivered to you by DoubleClick, our Web advertising serving partner. Information about your visit to this site, such as number of times you have viewed an ad (but not your name, address, or other personal information), is used to serve ads to you on this site. And, in the course of serving advertisements to this site, third party advertisers may place or recognize a unique cookie on your browser.”
As we have said, we can both protect privacy and also foster the growth of the online ad market.  Mr. Hippeau revealed a starkly uninformed–and crass–dimension to the HuffPo’s corporate leadership.



Facebook: “selling fans between $4 and $10” to Brands and others

The Facebook economy—built on allowing marketers to harness what’s called the “social graph”–is big business (and will grow as consumers also buy more virtual goods).  AllFacebook reports that:

“When the Facebook platform launched two and a half years ago a massive cost per install economy sprouted up. Whether it was individual developers looking for more users or large brands looking to expand the user base of their branded applications, money was flowing…There are entire ad networks still supported by the cost per install economy…So how much do fans sell for? There’s a wide range but I’ve heard Facebook is selling fans between $4 and $10. That adds up to substantial revenue for Facebook. For example, let’s assume that the top 100 advertisers each want to purchase 100,000 fans. Theoretically Facebook could generate $100 million just from the top 100 advertisers. As you move down the long tail the numbers begin to add up quickly.”

source:  If Brands Want Fans, Facebook Will Sell Them Fans.  Nick O’Neill.  AllFacebook.  Oct. 20, 2009.

Customized Online Ads using vast data sets

Steve Lohr of the New York Times reports in Bits that “Murthy Nukala, the chief executive of Adchemy, calls his company’s technology “statistical personalization.” It doesn’t really identify a person, he said. But by probing vast data sets, from click streams to marketing information from firms like Acxiom, Adchemy can identify the sorts of people -– by age, gender and interests -– that advertisers want to pinpoint.“We don’t hold any data. We just connect to 30 or 40 data sources,” Mr. Nukala said.”

Adchemy is a good example of the growing data collection apparatus that fine-tunes the pitch by using “customized marketing content” along with its real-time analysis.  Here’s an excerpt from its website:

Highly customized marketing based on visitor context. All prospects – even anonymous ones – can be described by multiple attributes, including publisher, placement, search query, ad displayed, ad element clicked, geography, demographics, time of day/week/month and other marketer-defined attributes. Adchemy calls the sum total of all these attributes “visitor context.” At every level of the Customer Acquisition Funnel, the Adchemy Digital Marketing Platform dynamically generates the most customized marketing content for the prospect based on the visitor context.

Continuously optimized, real-time content delivery. Based on the user’s visitor context, the best content is served to each visitor in real time without any manual, human involvement. The learning engines proactively synthesize advertising performance and respond automatically to each customer with appropriate content based on powerful patent-pending statistical techniques. Adchemy’s patent-pending statistical techniques speed up the traditionally slow process of gathering statistically significant marketing insights.

AAAA Letter to DoJ on Microsoft/Yahoo Deal: `Mad’ Merger Men & Women Missing Some Truth in Advertising

The 4A’S advertising trade and lobby organization sent a letter to the Department of Justice yesterday supporting the Microsoft/Yahoo search merger deal.  Among the five signatories from some of the biggest and most powerful ad companies was the head of the Publicis Groupe. But missing from the `approve this deal’ letter was any acknowledgment that Publicis is a partner of Microsoft–something we and other consumer groups have asked the DoJ to investigate as part of its review.

The recent deal between Microsoft and Publicis includes the sale of Razorfish, combined online ad activities and also data sharing.   In addition, Microsoft is expected to own 3% of Publicis after the deal closes, according to the Wall Street Journal.

The letter to the DoJ should have disclosed this and other conflicts of interest.

“Behavioral targeting, by camouflaging the tracking of consumers, can damage the perceived trustworthiness of an e-commerce site or the actor it represents”

That’s from an important new research paper by Professor Catherine Dwyer of the Seidenberg School of Computer Science and Information Systems, Pace University.  “Behavioral Targeting: A Case Study on Consumer Tracking on Levis.com” was presented at the 15th Americas Conference on Information Systems.   We have sent the paper to Congress, the European Commission and the FTC.  In its summary, Prof. Dwyer explains that:

In order to illustrate the nature of consumer tracking, a case study was conducted that examined behavioral targeting within Levis.com, the e-commerce site for the Levis clothing line. The results show the Levis web site loads a total of nine tracking tags that link to eight third party companies, none of which are acknowledged in the Levis privacy policy. Behavioral targeting, by camouflaging the tracking of consumers, can damage the perceived trustworthiness of an e-commerce site or the actor it represents.

Online Ad Networks Targeting Teens: Time for new privacy safeguards

Teens are a major focus of online advertising.  We have asked Congress and the FTC to develop safeguards to ensure adolescents have their privacy protected.  As part of the public debate, it’s useful to review how online ad networks target teen users.  Here are some examples:

Betawave (its 12-17 targeting service):  “If it feels like it’s impossible to capture the attention of today’s short-attention-span teenager, we’d beg to differ. On average, teenagers spent 15 mins per session on our publisher sites and 73.7 mins per month. More importantly, their mindstate is highly receptive to advertising with stats 118% higher than industry average and 158% more likely to agree that advertisements influence their purchase decisions…What’s our secret? Our selection of casual games, virtual worlds, and social play sites that are in touch with their Teen and Tween audiences. We know how to create content to hold the attention of the American Teenager, but to also keep them coming back for more…Our Teen and Tween audience consumes all types of different media, but is addicted to the Internet. The content of our sites appeal to the “Influencers” — the kids who assert their preferences with parents and peers and impact the behavior of others…“Virtual World Integration:  Imagine a marketing vehicle where users embrace sponsorship, where they constantly ask for more brands, and where advertising is seen as a validation of their community. Virtual worlds offer this experience to savvy marketers…Integrate your product into virtual worlds, and turn casual observers into brand champions.”

Kiwibox teen network [Burst Network]:  Kiwibox Teen Network, brought to you by Burst Network, is the premier online vehicle for advertisers looking to target the teenage audience of girls and guys that are currently in high school or college. The anchor site for the network, Kiwibox.com, is a popular social networking destination and online magazine for teens…

As a member of Kiwibox Teen Network, your site will get the attention of popular brand marketers and attract high CPM campaigns. Advertisers on Kiwibox Teen Network will include the best brand names in consumer electronics, telecom, entertainment, apparel/footwear, snacks and beverages, retail, beauty products, and fast food…Kiwibox Teen Network supports several types of Rich Media layer ad units, including Interstitials, Superstitials, Floating, Synchronized and In-Person Rovion ads. We have partnerships with the top Rich Media vendors like PointRoll, Eyewonder, EyeBlaster, Unicast, Interpoll, and Atlas…

Yahoo tells Advertisers: “We even know their online user behaviour and when they are ready to buy” [Annals of Behavioral Targeting]

Via Yahoo’s UK site:

Precision is where the real value lies. We know what our users are interested in. We also know their demographics, geographics and psychographics. We even know their online user behaviour and when they are ready to buy. So we can find you whoever you fancy and you won’t be bothered by anyone you don’t.