Leading Health, Privacy, and Consumer Groups Call on FTC to Protect Adolescent Privacy online

For Immediate Release:  Feb. 18, 2011
Child, Health and Consumer Advocates Ask FTC for Teen Privacy Protections, including Do-Not-Track and No Behavioral Targeting

Today a Coalition of Child, Health and Consumer Advocates filed comments on the Federal Trade Commission’s proposed privacy framework asking for increased privacy protections for adolescents.   The coalition includes leading advocates such as the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Children Now, and the Consumer Federation of America.

Privacy protections are needed as teens are increasingly subjected to privacy invasions online. Teens are using new media technologies for key social interactions and to explore their identities. This increased use of digital media subjects them to wholesale data collection and profiling of even their most intimate interactions with friends, family, and schools. Meanwhile, recent research in psychology and neuroscience reveals that teens are more prone to risky behavior when their anxieties and peer relations are exploited. Privacy protections are needed to keep the online world social and safe.

Companies should not use data to behaviorally profile teens. The framework should also provide enhanced choice for adolescents, including a Do Not Track feature. In implementing “privacy by design,” companies should consider the needs and vulnerabilities of teens.  They should address those vulnerabilities by, for example, minimizing the amount of data collected from teens.  Data that is collected should be retained for only short periods and should be afforded greater security.

“Teens live online today,” said Guilherme Roschke, attorney for CDD. “This time of development and maturation requires privacy protections. Teens cannot go it alone against the vast data collection and profiling infrastructure of new media technologies that not even adults can understand.”

“Because of their avid use of new media, adolescents are primary targets for digital marketing,” explained co-signer Kathryn C. Montgomery, Ph.D. “The unprecedented ability of digital technologies to track and profile individuals across the media landscape, and to engage in sophisticated forms of targeting, puts these young people at special risk of compromising their privacy.”

The full coalition includes:

Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Berkeley Media Studies Group, a project of the Public Health Institute, Children Now, Consumer Federation of America, Consumer Watchdog, David VB Britt, Retired CEO, Sesame Workshop, Ellen Wartella, Kathryn Montgomery, National Policy & Legal Analysis Network to Prevent Childhood Obesity, a project of Public Health Law & Policy, The Praxis Project, Privacy Rights Clearinghouse, Public Good, Public Health Institute, Tamara R. Piety, and World Privacy Forum

Guilherme Roschke
Staff Attorney / Fellow
Institute for Public Representation
First Amendment and Media Center
Georgetown University Law Center
T:(202) 662-9543
F:(202) 662-9634
gcr22@law.georgetown.edu
http://www.law.georgetown.edu/clinics/ipr/
**********

Neuromarketing Research–Sponsors include Miller Coors, American Express, Hershey’s

excerpt on the Advertising Research Foundation’s “Inaugural NeuroStandards Retreat”–

On January 12-14, 2011 at Campbell Soup Headquarters in Camden, New Jersey, 40 senior review panel members, research vendors, gold brand sponsors, gold media sponsors, silver sponsors and ARF personnel gathered to discuss significant insights and key findings from the unprecedented Engagement 3: NeuroStandards Collaboration. This groundbreaking ARF research project,… will provide much-needed transparency about biometric and neurological research methods.
In advance of the retreat, each of the research vendors involved (Gallup & Robinson, Innerscope, MSW Research/LAB, Mindlab International, NeuroCompass, Neuro-Insight, Sands Research, and Sensory Logic) were asked to analyze eight commercials—one from each gold brand sponsor (American Express, Campbell Soup, Clorox, Colgate-Palmolive, General Motors, Hershey’s, Miller Coors and JP Morgan Chase).

The research vendors presented their reports to each sponsor prior to the retreat. The reports were also reviewed by a number of subject matter experts (for example, Electroencephalography (EEG) experts looked at EEG reports, Functional Magnetic Resonance Imaging (fMRI) experts looked at fMRI reports). Subject matter expert reports were then distributed to a panel of expert reviewers who provided their assessment at the retreat…

The expert reviews, discussions and key findings from the ARF NeuroStandards Retreat will be presented in March at Re:think 2011 – The ARF 75th Anniversary Annual Convention. Some of the major topics that will be explored include:

How neuromarketing research can produce new insights for advertising, branding, and other marketing research projects;
Which biometric and neurological methods are best suited for specific research objectives and what are the advantages and disadvantages of these methods compared to traditional research methodologies…

Neuromarketing & Privacy: German Data Protection Authority Enacts Safeguards

We have long been sounding the alarm over the role of neuromarketing in advertising, especially for online marketing.  We are gratified that the Data Protection Authority in Hamburg Germany, according to this law firm post, just imposed safeguards on the role of neuromarketing.  It explains that [excerpt]: “[O]n November 23, the data protection authority (DPA) of the German Federal State of Hamburg imposed a €200,000 fine [link in German] against the Hamburg-based savings & loan Hamburger Sparkasse due to violations of the German Federal Data Protection Act (the BDSG) for, among other reasons, using neuromarketing techniques without customer consentIndeed, according to the head of the Hamburg DPA, Prof. Johannes Caspar, the intent was to send a clear signal to the market against the use of modern neuromarketing and comparable methods in violation of data protection law.  The case also clearly illustrates that German regulators are willing to enforce the new data protection regime and are well prepared to impose significant fines upon companies rather than giving them merely a warning notice…The decision of the Hamburg DPA may also attract attention beyond Germany and influence the interpretation of data protection laws in other countries, in particular with respect to the compliance of neuromarketing and brain sciences techniques with data protection laws.  Due to the sensitivity of such activities, it is likely that regulators in the EU will follow the approach taken by the Hamburg DPA.”

Consumers Union Supports our call for FTC action on digital pharma & health marketing

My CDD is very pleased to have received a copy of this letter sent to the FTC and FDA by Consumers Union.  It underscores how the issues around sensitive data and sensitive users are a critical part of consumer protection online.  We are also pleased about the positive coverage our complaint has received from the press, including the New York Times, CBS/Moneywatch, and other publications.

December 1, 2010

Chairman Jon Leibowitz

Federal Trade Commission

600 Pennsylvania Avenue NW

Washington, DC  20580

Dear Mr. Chairman:

Consumers Union, the independent, non-profit publisher of Consumer Reports, urges the Federal Trade Commission to accept the request of November 23, 2010 from several petitioners “to investigate unfair and deceptive advertising practices that consumers face as they seek health information and services online.”

The very detailed 144-page filing is by the Center for Digital Democracy, U.S. PIRG, Consumer Watchdog, and the World Privacy Forum. Among the companies named in the complaint are Google, Yahoo, Microsoft, AOL, WebMD, Quality Health, Everyday Health, and Health Central. The complaint explains how non-traditional pharmaceutical advertising on the internet and elsewhere uses a wide range of tools and disguises to convince consumers to use various drug products. These advertisements frequently hide the fact that they are funded by the drug manufacturer and they often fail to give any hint of side effects or possible adverse events from use of the drugs.

We have not independently examined each of the documents cited in the complaint or the context in which they were used. But the documents are overwhelmingly explicit in their description of how to take information consumers would consider very private (the decision to type in a health-related word or phrase on a website) and consciously and unconsciously manipulate those consumers into the use of specific prescription drug products.

The mass of documents in the complaint are shocking in their totality and their implication for privacy and the use of pharmaceuticals with potentially dangerous side effects or questionable efficacies.

We urge the Commission to begin an immediate investigation pursuant to the requests in the complaint. Thank you for your consideration.

Sincerely,

William Vaughan

Health Policy Analyst

The new Self-Reg Online Ad Plan–Digital “Deja-vu” All Over Again! See What they Say about the NAI Now!

In 1999, online marketers promised consumers they would protect their privacy.  Leading interactive ad companies created the Network Advertising Initiative (NAI) as a scheme to head-off proposals by the FTC that would help regulate online profiling.  Now it turns out, says the online ad industry, the NAI really couldn’t work.  So they have developed yet another self-regulatory effort.  Here’s what online marketers told Ad Week today:  “The move marks the most significant regulation the industry has imposed on companies and goes significantly farther than the Network Advertising Initiative, which held third-party advertisers needed to allow consumers to opt out. Doing so, however, was a cumbersome process.“   So the industry didn’t tell the FTC or consumers that the NAI wasn’t consumer friendly and “cumbersome.”  Yet they have used the NAI as a political bulwark to head-off consumer protection rules.  Shame on them.  Meanwhile, in the same story, it’s revealed that only now–as pressure mounts to protect online consumers—does the industry recognize protecting privacy is important:  “The guys that drive the industry have figured out this privacy stuff does matter,” said Scott Meyer, CEO of Better Advertising Project, which will help companies comply with the requirements.

The new “aboutads.info” website established by the industry fails to provide consumers serious information about cookies and behavioral targeting and profiling.  It reveals how little the industry is committed to protecting privacy and informing U.S. consumers about the process.  To see how this new plan is really designed to protect the data collection business, examine the rules for sensitive information. Beyond the children’s privacy law (COPPA) we got enacted in 1998, this scheme permits full-scale collection and use of financial and health information.   Under the “new” self-reg policies, the narrowest of definitions for respecting your financial and health information has been created:  “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions or medical records about a specific individual for OBA without Consent.”
Shame on them.  Online marketers spent some $3 billion last year on online financial marketing and will spend $1 billion for pharma and health related targeting in 2010. Consumer data collected by online financial and health marketers, much of which is sensitive and personal, is ok under the industry’s “new” plan.

PS:  The folks at Better Advertising need to take a course in online marketing–and change its new website so it really informs consumers about the process.  What it has now would get a C-minus in any class on online marketing.  They can start with 360 degree targeting, online and offline profiling, rich media, a serious description of online auctions, the tracking process, work on “engagement” and neuromarketing,” social media marketing, etc.  Consumers deserve better.

The new “Digital Advertising Alliance” self-reg plan. See if it tells consumers what its sponsor ad groups really say to each other. That they track and target your “digital footprint”

On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled.  A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require.  The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.

As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level.  Here’s excerpts of what they say.  See if that little icon is being honest when you click it.  Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process.  Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you!  From the new “Targeting Local Markets” guide:

Explicit profile data Targeting. definition–
Explicit data is “registration quality data” collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…

Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing” experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.

Online Marketers, Privacy & Self-Regulation: “Repeatedly Failed Promises Syndrome”

To help undermine the impact of the forthcoming FTC proposal to protect consumer privacy, a coalition of online ad lobby groups will unveil yet another self-regulation plan.  According to Mediapost, online consumers will soon see “[I]cons to signify behavioral advertising — or serving ads based on people’s Web activity.”  Since 1999, online ad groups have rolled out self-regulatory regimes promising to protect consumers online.  Each has failed to do so.   This new effort involves the very same groups and companies that offered self-regulatory promises in the past.   For example, see the World Privacy Forum’s report on the failure of the Network Advertising Initiative’s self-reg schemes; that group is part of the new effort, btw.

This new effort is seriously flawed–and before marketers and advertisers adopt it, it must be independently evaluated by consumer groups, independent academics, and the FTC.  We believe that the system will fail to protect consumers–because it will not candidly inform them about how the data is collected and used.  Meanwhile, in a revealing flip-flip, the IAB’s UK counterpart deep-sixed its just released safeguard on retargeting.  According to a new report, “[O]nline advertising trade body the Interactive Advertising Bureau (IAB) has withdrawn a code of practice which recommended that behavioural advertising retargeting cookies should expire after 48 hours. The IAB’s Affiliate Marketing Council (AMC) published the code last week. It applied to the practice of ‘retargeting’ web users who had visited a site with ads for that site on other people’s websites, using cookies to track their movements and activities…That code has been withdrawn and will be reworked after further industry consultation, though, the IAB said. The code has disappeared from the IAB’s website.”

Consumers and citizens require real safeguards governed by law and regulation–not flimsy digital promises designed to sanction ever-expanding data collection practices.

Google’s new `simplifed’ Privacy Policy: More disclosure and honesty required [updated]

Last week Google announced it was “simplifying and updating” its privacy policies.  As it so often does, the announcement was framed as a `we did for your good’ kind of effort.  “[W]e want to make our policies more transparent and understandable,” it explained, noting that “most privacy policies are still too hard to understand.” But as so often with Google and other online marketers, you have to both read between the digital lines and also analyze what’s really going on.

Google’s revised policy, which takes effect October 3, fails to really explain to consumers/users what’s actually going on.  Like other privacy policies, Google claims that all its data collection is to “provide you with a better experience and to improve the quality of our services.”  But what they really mean–and what the Congress, the FTC and other regulators must require them to disclose–is that they have crafted a wide-ranging system designed to foster personalized data collection and online targeting.  Missing from the revised Privacy Policy (which Google, btw, is pitching to privacy advocates and no doubt others as a  paragon of digital virtue) is any candid disclosure on how its Doubleclick, Admob, Google Display Network, Ad Exchange, Teracent, and other services collect information from and about us.

Google isn’t alone–Facebook, Microsoft, Yahoo and everyone else rely on a purposefully deceptive privacy policy to engage in data collection activities that require disclosure and individual user control.  Google is also reshaping its privacy policy to better capture all the data it can collect across multiple platforms and applications. Here, just for the record, is what Google advertised in Ad Age’s recent Ad Exchange and online advertising guide [excerpt]:  No matter how you define performance, the Google Display Network offers a solution. By bringing more measurability and precision to your advertising, it enables you to create, target and optimize ads based on real-time data, meaning better returns for you.

The Google Display Network helps advertisers and agencies achieve performance at scale by delivering relevant, accountable ads to their target audiences—in more places, more often…Precisely target your audience: The Google Display Network’s technology enables you to find customers based on their interests, sites they visit and when they’re engaging with relevant content via contextual targeting, or show specific messages to users who’ve already visited your site with remarketing…The Google Display Network provides opportunities to advertise in all such environments—feeds, games, mobile, social networks and video streams— enabling you to create an immersive experience for your audience.

PS.  Well, Google just also announced what its interactive display ad system can do for marketers.  How come this isn’t in the privacy policy in understandable language and full consumer control? Excerpt:  Advertising with Google used to be all about four lines of text, on Google.com and on our partner sites. No longer. Did you know that, outside of ads alongside search results, more than 40 percent of the ads that we show are now non-text ads? And that doesn’t include the 45 billion ads that our DoubleClick advertising products serve every day across the web.

We get excited by display advertising for a number of reasons…Teracent’s technology can automatically tailor and select the creative elements in an ad, and adjust them based on location, language, weather and even the past performance of ads, to show the optimal ad.  We’re focused on helping advertisers get the best results from their campaigns—by enabling creative branding campaigns, precise targeting, wide reach and effective measurement. Over recent years, we’ve added a ton of new features to YouTube and the Google Display Network, to help advertisers get—and measure—the results they’re after. From remarketing to Campaign Insights to video targeting on YouTube, we’re building tools that are helping advertisers get great results and enabling them to run some of the most amazing ad campaigns the world has ever seen.

Google: Creating a “dynasty” in online data ad targeting

From the Connected Marketing Week in SF, via ClickZ:  Google is simultaneously attempting to fill the role of ad exchange, ad network, DSP (through its Invite Media acquisition), and media agency…Michael Rubenstein, president of AppNexus and the former head of Google’s ad exchange efforts, said Google has been admirably fair and transparent. But he said that could change.”Google is putting together the pieces to form a dynasty,” he said. “So far they’re behaving pretty well as far as keeping the ecosystem open to everybody, probably because they need to. But we’ll see what happens over time as they accumulate more market power.”

Google Exec on Behavioral Targeting: “massive benefit for advertisers” [note he didn’t call it “Preference” Marketing!

Online industry reaction to the Wall Street Journal privacy series, and generally, illustrate a basic disconnect in how they view the privacy concerns raised by digital profiling, tracking and targeting.  Leading online marketers frequently claim that behavioral targeting and related data-focused techniques are actually good for the consumer.  The problem, they argue, is that consumers lack basic information about the process.  Presumably, they believe, if we really understood how it worked, we would be relieved.  In truth, of course, the opposite is true.  The more one knows about the processes underlying what the online ad industry claims is a digital marketing “ecosystem,” the more a consumer and citizen should be alarmed.

In the UK, EU and in the U.S., companies like Google and Microsoft are working together on PR campaigns to convince both the public and policymakers all is well with behavioral profiling for marketing.  One Google executive in the UK recently told New Media Age that “The use of behavioural targeting is growing and is a massive benefit for advertisers wishing to serve more relevant ads. It also helps pay for content and services. But there is user confusion about how it works…Lack of understanding is the biggest problem facing behavioural targeting in the UK. There’s a knowledge gap between those who work in the industry and are familiar with terms such as cookies, remarketing and aggregated data, and users who search the web for information and goods. It’s our job, along with the rest of industry, to inform those users about how online advertising works and the choices they have.” 

But in reality, the industry–including Google–has failed to be candid with consumers and policymakers about all the data collection practices that are deployedsuch as by Google subsidiaries Doubleclick, Admob, & Teracent, for example.

Microsoft is also very bullish about behavioral targeting–especially since it’s in a global digital fight with Google to deliver data-enriched ad targeting for the biggest brands.  In the same New Media Age issue [22 July 2010], Zuzanna Gierlinska, head of Microsoft Media Network at Microsoft Advertising explains that:  “We’re not saying you should use targeting – whether that’s behavioural targeting or re-messaging – just to push conversion.  But it can have a strong brand uplift. People come into a channel, see a nice creative with high-impact imagery and then go away. But that message stays with them.”  The article goes on to explain that: It’s this ability to talk to people on an ongoing basis, and give them a better experience, that’s the key to why combining re-messaging and behavioural targeting with a standard brand buy works, argues Gierlinska. For example, with re-messaging, users are already a warm lead, while behavioural targeting tightens the focus on users who are demonstrating an interest… This positive experience benefits both conversion and brand uplift among the target audience. “Targeting benefits everyone,” Gierlinska says. “It benefits the publisher because it’s not wasting impressions or serving ads to just anyone. It benefits the advertiser because it has efficiencies with its media buy. But it’s also really beneficial to the users because they’re getting relevant messaging that’s timely and ideally helping their productivity in what they’re doing online, rather than just being served random messages.”

Much of how the industry addresses the behavioral targeting and its related data mining application are rationalizations [maybe all their therapists are on vacation or Freudians!  Just kidding].  But it reflects a failure by industry leaders to recognize a serious problem that affects the public.  That’s the same kind of `it’s all good for us, regardless of what we do’ behavior that led to the recent–and ongoing–global financial collapse.