Leading Health, Privacy, and Consumer Groups Call on FTC to Protect Adolescent Privacy online

For Immediate Release:  Feb. 18, 2011
Child, Health and Consumer Advocates Ask FTC for Teen Privacy Protections, including Do-Not-Track and No Behavioral Targeting

Today a Coalition of Child, Health and Consumer Advocates filed comments on the Federal Trade Commission’s proposed privacy framework asking for increased privacy protections for adolescents.   The coalition includes leading advocates such as the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Children Now, and the Consumer Federation of America.

Privacy protections are needed as teens are increasingly subjected to privacy invasions online. Teens are using new media technologies for key social interactions and to explore their identities. This increased use of digital media subjects them to wholesale data collection and profiling of even their most intimate interactions with friends, family, and schools. Meanwhile, recent research in psychology and neuroscience reveals that teens are more prone to risky behavior when their anxieties and peer relations are exploited. Privacy protections are needed to keep the online world social and safe.

Companies should not use data to behaviorally profile teens. The framework should also provide enhanced choice for adolescents, including a Do Not Track feature. In implementing “privacy by design,” companies should consider the needs and vulnerabilities of teens.  They should address those vulnerabilities by, for example, minimizing the amount of data collected from teens.  Data that is collected should be retained for only short periods and should be afforded greater security.

“Teens live online today,” said Guilherme Roschke, attorney for CDD. “This time of development and maturation requires privacy protections. Teens cannot go it alone against the vast data collection and profiling infrastructure of new media technologies that not even adults can understand.”

“Because of their avid use of new media, adolescents are primary targets for digital marketing,” explained co-signer Kathryn C. Montgomery, Ph.D. “The unprecedented ability of digital technologies to track and profile individuals across the media landscape, and to engage in sophisticated forms of targeting, puts these young people at special risk of compromising their privacy.”

The full coalition includes:

Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Berkeley Media Studies Group, a project of the Public Health Institute, Children Now, Consumer Federation of America, Consumer Watchdog, David VB Britt, Retired CEO, Sesame Workshop, Ellen Wartella, Kathryn Montgomery, National Policy & Legal Analysis Network to Prevent Childhood Obesity, a project of Public Health Law & Policy, The Praxis Project, Privacy Rights Clearinghouse, Public Good, Public Health Institute, Tamara R. Piety, and World Privacy Forum

Guilherme Roschke
Staff Attorney / Fellow
Institute for Public Representation
First Amendment and Media Center
Georgetown University Law Center
T:(202) 662-9543
F:(202) 662-9634
gcr22@law.georgetown.edu
http://www.law.georgetown.edu/clinics/ipr/
**********

NTIA’s Strickling on Privacy: He Forgets Consumers!

Here’s an excerpt via Politico from their interview with Department of Commerce NTIA Chief–and potential privacy policy maven–Lawrence Strickling.  Note the absence of consumers in his description of the problem and issues.  The Commerce Department, which is jockeying to have a greater role in the privacy debate (which the largest data collectors like because they are afraid of the consumer watchdog-minded FTC), better start making consumer needs come first–if they are to have any credibility here in the U.S. and with the EU.   It appears from the interview the Commerce Department has largely made up its mind to rely on “voluntary enforceable codes of conduct.”   Here’s what Larry said in a Q & A:

NTIA is also getting into the privacy discussions.

It’s part of the larger Internet Policy Task Force that’s underway here at Commerce where our agency — along with other agencies — is looking at a number of Internet policy issues. Privacy is first and foremost on the list, but we’re also looking at the protection of intellectual property, cybersecurity, and we’ll be looking at the free flow of information. For Commerce, our theme links all these topics around the notion of innovation, preserving the job creation and business expansion aspects of the Internet and trying to protect that going forward. So in the area of privacy, the task force did issue the green paper late last year. Comments just came in on that, so people are starting to work their way through them, with the goal that we’ll take the green paper and turn it into a more final pronouncement of the Department of Commerce or perhaps even the administration’s policy on privacy later this spring.

Do you think there should be a government office specifically dedicated to privacy?

We certainly believe that if we’re going to move forward with these voluntary enforceable codes of conduct with the industry that the function of convening and organizing that process should sit [in the government]. Our believe is that the Department of Commerce, and in particular NTIA, is the appropriate place for that function to reside. When we start talking about offices that sounds more bureaucratic and maybe requires departmental administrative orders. But on the issue of making sure that function is done, yes, based on what we see in the comments, we think that’s an appropriate idea. We think it’s a necessary idea in terms of working with industry and we’ll see how this all plays out over the course of the spring.

What is NTIA doing internationally on the privacy front?

Privacy has big international implications because the Council of Europe is looking at redoing what they’ve done in privacy. The European Union is looking at this issue. OECD is looking at the issue. So we’re very cognizant of the need to make sure our policy, whatever it is, is designed in a way to best harmonize with what’s happening in the rest of the world, and in particularly Europe.

Five Ways to Protect Privacy

[a version we wrote of this ran in Multichannel News]
Five Ways for Digital Marketers to Protect Consumer Privacy

If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes.  That’s not what consumers and citizens need in the interactive marketing era.   All Americans should have their privacy respected and protected when they go online—including when they use mobile phones.

1.     Tell your users what you actually say to your advertisers—about how the profiling and targeting process really works.  There is a disconnect that is unfair and deceptive between what companies say in their privacy policies and pitch to their clients and potential partners.   Be honest about the “360 degree” ways you engage in online marketing.

2.     Don’t collect information and target consumers based on their interests in finance and health.  These two most “sensitive” categories should be opt-in only.   When consumers go online for loans, credit, mortgages, and health concerns they require the upmost privacy.  Although online financial, health and so-called lead-generation advertising is big business, consumers should not be forced to have their online financial and health behavior stealthfully-tracked and compiled.  The risks to consumers are great if we don’t develop special rules for this data.

3.     Racial and ethnic profiling data should also be opt-in. Hispanics, African-Americas, Asian-Americans and other minorities are increasingly the focus of a growing behavioral targeting and online marketing apparatus.  In the “offline” world, we have witnessed a disturbing use of racial profiling practices to discriminate against individuals.  In today’s online environment, users are being identified as being a member of a racial or ethnic group without either their awareness or consent.  While we all want to see the growth of diversely owned online publishing, it should not be done at the expense of civil liberties in the digital era.  We must prevent the growth of online racial profiling, that when tied to income, geography and other data can be used to create 21st Century forms of discrimination.

4.     Don’t use neuromarketing and other subliminal and subconscious-based advertising.   Fortune 1000 advertisers and online marketers such as Microsoft, Yahoo and Google are using new forms of ad testing and development involving the latest tools of neuroscience, such as fMRI’s and EEGs.  Neuromarketing’s goal is to directly influence a consumer’s subconscious, and when combined with the power of online data targeting,  offers powerful—and frightening—new forms of manipulation.

5.     Users need to consent to having their profiles be bought and sold on so-called online ad exchanges.  Selling off the right to target a consumer online, via real-time auctions that happen in milliseconds, is dehumanizing.  Nor should we permit the growing combination of offline and online databases to be used for targeting, including via these new digital auction houses.

Interactive marketing is now a fundamental operating principle for the cross-platform media economy throughout the world.   But right now, it’s a digital “wild west” that doesn’t serve the interests of consumers, citizens and most marketers.

The new Self-Reg Online Ad Plan–Digital “Deja-vu” All Over Again! See What they Say about the NAI Now!

In 1999, online marketers promised consumers they would protect their privacy.  Leading interactive ad companies created the Network Advertising Initiative (NAI) as a scheme to head-off proposals by the FTC that would help regulate online profiling.  Now it turns out, says the online ad industry, the NAI really couldn’t work.  So they have developed yet another self-regulatory effort.  Here’s what online marketers told Ad Week today:  “The move marks the most significant regulation the industry has imposed on companies and goes significantly farther than the Network Advertising Initiative, which held third-party advertisers needed to allow consumers to opt out. Doing so, however, was a cumbersome process.“   So the industry didn’t tell the FTC or consumers that the NAI wasn’t consumer friendly and “cumbersome.”  Yet they have used the NAI as a political bulwark to head-off consumer protection rules.  Shame on them.  Meanwhile, in the same story, it’s revealed that only now–as pressure mounts to protect online consumers—does the industry recognize protecting privacy is important:  “The guys that drive the industry have figured out this privacy stuff does matter,” said Scott Meyer, CEO of Better Advertising Project, which will help companies comply with the requirements.

The new “aboutads.info” website established by the industry fails to provide consumers serious information about cookies and behavioral targeting and profiling.  It reveals how little the industry is committed to protecting privacy and informing U.S. consumers about the process.  To see how this new plan is really designed to protect the data collection business, examine the rules for sensitive information. Beyond the children’s privacy law (COPPA) we got enacted in 1998, this scheme permits full-scale collection and use of financial and health information.   Under the “new” self-reg policies, the narrowest of definitions for respecting your financial and health information has been created:  “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions or medical records about a specific individual for OBA without Consent.”
Shame on them.  Online marketers spent some $3 billion last year on online financial marketing and will spend $1 billion for pharma and health related targeting in 2010. Consumer data collected by online financial and health marketers, much of which is sensitive and personal, is ok under the industry’s “new” plan.

PS:  The folks at Better Advertising need to take a course in online marketing–and change its new website so it really informs consumers about the process.  What it has now would get a C-minus in any class on online marketing.  They can start with 360 degree targeting, online and offline profiling, rich media, a serious description of online auctions, the tracking process, work on “engagement” and neuromarketing,” social media marketing, etc.  Consumers deserve better.

The new “Digital Advertising Alliance” self-reg plan. See if it tells consumers what its sponsor ad groups really say to each other. That they track and target your “digital footprint”

On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled.  A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require.  The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.

As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level.  Here’s excerpts of what they say.  See if that little icon is being honest when you click it.  Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process.  Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you!  From the new “Targeting Local Markets” guide:

Explicit profile data Targeting. definition–
Explicit data is “registration quality data” collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…

Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing” experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.

Online Marketers, Privacy & Self-Regulation: “Repeatedly Failed Promises Syndrome”

To help undermine the impact of the forthcoming FTC proposal to protect consumer privacy, a coalition of online ad lobby groups will unveil yet another self-regulation plan.  According to Mediapost, online consumers will soon see “[I]cons to signify behavioral advertising — or serving ads based on people’s Web activity.”  Since 1999, online ad groups have rolled out self-regulatory regimes promising to protect consumers online.  Each has failed to do so.   This new effort involves the very same groups and companies that offered self-regulatory promises in the past.   For example, see the World Privacy Forum’s report on the failure of the Network Advertising Initiative’s self-reg schemes; that group is part of the new effort, btw.

This new effort is seriously flawed–and before marketers and advertisers adopt it, it must be independently evaluated by consumer groups, independent academics, and the FTC.  We believe that the system will fail to protect consumers–because it will not candidly inform them about how the data is collected and used.  Meanwhile, in a revealing flip-flip, the IAB’s UK counterpart deep-sixed its just released safeguard on retargeting.  According to a new report, “[O]nline advertising trade body the Interactive Advertising Bureau (IAB) has withdrawn a code of practice which recommended that behavioural advertising retargeting cookies should expire after 48 hours. The IAB’s Affiliate Marketing Council (AMC) published the code last week. It applied to the practice of ‘retargeting’ web users who had visited a site with ads for that site on other people’s websites, using cookies to track their movements and activities…That code has been withdrawn and will be reworked after further industry consultation, though, the IAB said. The code has disappeared from the IAB’s website.”

Consumers and citizens require real safeguards governed by law and regulation–not flimsy digital promises designed to sanction ever-expanding data collection practices.

Google & Microsoft Tout their Mobile Targeting Clout, inc. Behavioral, Location, Gender, etc.

My CDD and USPIRG asked the FTC in January 2009 to investigate mobile marketing and its threat to both privacy and consumer protection issues (Ringleader Digital, now the subject of lawsuits and stories in the WSJ and NYT, was included in the complaint, btw).  Online mobile marketers, including Microsoft and Google, illustrate how regulators in the U.S. and abroad should require safeguards to protect the public from unfair and deceptive practices–including those that involve their privacy.  In Ad Age, both Google and Microsoft loudly proclaim what their mobile marketing services can do for brands, ads and marketers.  Here are some choice excerpts:

Microsoft:  “Microsoft Advertising’s industry-leading mobile display and search advertising solutions engage more than 43 million on-the-go U.S. consumers each month—regardless of a user’s mobile phone or wireless carrier. Its innovative ad placements and ad formats include display, rich media, search, video and custom in-app ad units…

Advanced Targeting Options
  • Profile targeting: age, gender, household income, location, time of day
  • Behavioral targeting: more than 120 custom segments (e.g., “movie watchers” and “business travelers”)
  • Device: make and model
  • Wireless carriers: on-deck inventory
  • Keyword targeting: exact or broad match…Complete mobile ad solutions for automotive, CPG, entertainment, financial services, retail, technology, telecommunications, travel and other sectors…
  • More than 43 million, or 55 percent of active mobile web users in U.S.
  • More than 80 million active mobile users globally in 32 countries.”

Google: “Today’s consumers are on the move. More than ever before, audiences are searching and browsing the web on their mobile devices. How do advertisers connect with the on-the-go consumer…As customers go mobile, advertisers need smart mobile advertising strategies. With Google, they can easily target and tailor messages according to location and automatically show their customers relevant local business information or phone numbers to enable them to take immediate action. Once a campaign is up and running, marketers can measure their results via detailed reports. Additionally, integrated mobile reporting in Google Analytics allows them to track and optimize conversion, e-commerce and engagement metrics on mobile devices. They can take advantage of Google’s mobile-specific ad formats. Click-to-call text ads, animated mobile banner ads, click-to-download ads and other display ad formats are examples of how Google is innovating for the small screen.  Google closed its acquisition of AdMob, one of the world’s leading mobile advertising networks, in May. AdMob’s innovative rich media ad units—including full-screen expandable, animated banner and interactive video—create opportunities for advertisers to engage with a relevant audience on their mobile devices. Now the Google and AdMob teams are working to create new ways to deliver engaging and innovative advertising experiences that will help marketers drive their businesses forward…

CASE STUDY

CHALLENGE: Esurance, a direct-to-consumer personal car insurance company, wanted to ensure that customers could do business with it on their own terms and at their own convenience… To make the connection between mobile users and Esurance agents, Esurance used Google mobile ads with integrated click-to-call functionality. The CTC ads gave mobile users the option of clicking through to Esurance’s mobile-optimized landing page or initiating a phone call with a licensed insurance agent…Results…

  • Boosted conversion rates: Click-to-call mobile ads drove a 30 percent to 35 percent higher response.”

PS:  Attention Music Lovers.  In the same Ad Age piece, the online music service Pandora exclaims that it can provide:“Through powerful hypertargeting, reach the right person, at the right time, without waste. Target based on age, day, gender, location, mobile platform, time and type of music…Pandora offers a broad array of formats and rich media functions to create an immersive mobile experience, including:

  • Tap to video
  • Drag and drop
  • Tap to app
  • Tap to call
  • Tap to e-mail
  • Tap to expand
  • Tap to find a location
  • Tap to iTunes
  • Tap to mobile webpage
  • Standard banners”

Facebook Finagling: Getting You to Push the “Like” Button and Opt-In to Third Party Apps, Marketers, and Data Collection

As Facebook builds a larger online marketing and data collection infrastructure around the world, in the U.S.,  India, and in the EU, it’s important regulators, researchers, privacy and consumer protection advocates investigate how it operates its social media marketing business.  Facebook prefers to keep its interactive “marketing to the social graph” ad approach largely out of public view.  For example, last week, noted Inside Facebook, there was this change [our bold]:

“Open Graph-enabled third-party websites can now include Like buttons that create a connection with a Page, not just share an object. Page Likes can be more valuable because they opt a user into receiving updates about the Page in their news feed, and displaying the connection on their profile. Developers don’t need to include any description of what the Like button actually points to, meaning users may be unaware that their click is in fact subscribing and connecting them. The change will help developers convert one-time visitors into members of their Page’s community.

This is a good illustration of how Facebook (and others) zeal in promoting third party data and financial relationships threatens to further undermine privacy and related consumer protection concerns.