Category: Hispanic Targeting

Boucher/Stearns Privacy Bill: Fails to Ensure Data Collection Minimization and Forces Consumers to rely on Digital ‘fine’ Print

Yesterday, Reps. Rich Boucher and Clifford Stearns released a “discussion” draft for what they intend to become a new law addressing privacy online.  Mr. Boucher, whom I and a number of consumer and privacy representatives met with in March, is sincere in his desire to address online privacy.  But the bill’s overall orientation maintain (and really nurtures) the intense and pervasive data collection, online profiling, and targeting status quo.  Instead of focusing the goal of the bill on data minimization, a important Fair Information Principle, it really enables the maximization of information collection on consumers.

The bill does make several important contributions, including acknowledging that racial/ethnic and sexual orientation must be considered  “sensitive” information requiring higher safeguards [I played a role in urging Congressional leaders to include racial/ethnic data in the sensitive category].  By acknowledging that a “unique persistent identifier” should be classified as personal information, the draft bill follows what policymakers in the EU have crafted (and the FTC staff has already largely suggested).

But by primarily relying on so-called “notice and choice”–namely privacy policies–the bill fails to protect online users.  There is a growing consensus, backed by research, that privacy policies are inadequate.  The reliance by Mr. Boucher on Google’s ad preference manager system, which allows users to opt-out of more specific ad targeting categories, doesn’t address the key question:  how can we ensure less information is collected and used about each of us.  Nor does the bill protect sensitive information involving health and finance, where it permits a huge loophole that will continue online data practices involving our interactions online with financial and health related sites and services].  Adolescents are left unprotected in the bill–one of its most glaring omissions.

The bill doesn’t really empower the FTC to act effectively in this area, in our opinion.  Under the Boucher/Stearns bill, consumers will still have to rely on digital fine print–written in invisible ink–to protect privacy.  This is not a debate on ensuring online ad revenues for free content–we all support that.  It’s about defining reasonable rules of the online road that balances citizen and consumer rights with the interests of those who collect our data–whether they be commercial or government.

Where Does Google and Microsoft Really Stand–with the IAB and ad lobby or for Consumer Protection?

Both Google and Microsoft serve on the executive committee of the Interactive Ad Bureau, a trade association fighting against consumer privacy proposals in Congress and the FTC.  The IAB just sent a letter signed by other ad and marketing industry lobbyists opposing Obama and congressional proposals to expand the ability of the FTC to better protect consumers.  My CDD just sent emails to officials at both Google and Microsoft asking them to clarify where they stand on the IAB’s letter [see below].  Do our two leading online marketing leaders support financial and regulatory reform, including protecting privacy?  Or does the IAB letter–and Google and Microsoft’s own role helping govern that trade lobby group–really reflect their own position against better consumer protection? Not coincidently, the IAB’s PAC has expanded its PAC contribution giving to congress.

Why does the IAB and other ad groups want to scuttle a more capable FTC?  Think online financial products, including mortgages, pharmaceutical operated social networks, digital ads targeting teens fueling the youth obesity crisis, ads created by brain research to influence our subconscious minds, a mobile marketing system that targets us because it knows our location, interests and behavior.  The IAB is terrified that a responsible consumer protection agency will not only peek under the ‘digital hood,’ as the Obama FTC is currently doing.  But actually propose policies and bring cases that rein in irresponsible and harmful business practices.  So Microsoft and Google:  who are with?  Consumers or the special interest advertising lobby?
*****

letter to Google:  22 January 2010

Dear Pablo, Jane, Peter and Alan:

As you may know, the Interactive Advertising Bureau recently sent a letter  to Congress, along with other ad related groups, opposing the expansion of FTC regulatory authority as proposed in the Consumer Financial Protection Agency bill and related reauthorization [http://www.clickz.com/3636212].

Google serves on the executive committee of the IAB’s board.  For the record, does Google support IAB’s stance that, as news reports say, if the FTC is given additional enforcement and penalty-making authority, “the FTC could essentially act as an unelected legislature governing industries and sectors across the economy.”

If Google disagrees with the IAB’s letter, I ask that it make its position public as soon as possible.  I also respectfully request Google state its position regarding the Consumer Financial Protection Agency proposal, as well as its position on expanding FTC authority.

Regards,

Jeff Chester
Center for Digital Democracy
www.democraticmedia.org

letter to Microsoft:  22 Jan. 2010:

Dear Mike and Frank:

As you may know, the Interactive Advertising Bureau recently sent a letter to Congress, along with other ad related groups, opposing the expansion of FTC regulatory authority as proposed in the Consumer Financial Protection Agency bill and related reauthorization [http://www.clickz.com/3636212].

Microsoft serves on the executive committee of the IAB’s board.  For the record, does Microsoft support IAB’s stance that, as news reports say, if the FTC is given additional enforcement and penalty-making authority, “the FTC could essentially act as an unelected legislature governing industries and sectors across the economy.”

If Microsoft disagrees with the IAB’s letter, I ask that it make its position public as soon as possible.  I also respectfully request Microsoft state its position regarding the Consumer Financial Protection Agency proposal, as well as its position on expanding FTC authority.

Regards,

Jeff Chester
Center for Digital Democracy
www.democraticmedia.org

Consumer and Privacy Groups at FTC Roundtable to Call for Decisive Agency Action

Washington, DC, December 6, 2009 – On Monday December 7, 2009, consumer representatives and privacy experts speaking at the first of three Federal Trade Commission (FTC) Exploring Privacy Roundtable Series will call on the agency to adopt new policies to protect consumer privacy in today’s digitized world. Consumer and privacy groups, as well as academics and policymakers, have increasingly looked to the FTC to ensure that Americans have control over how their information is collected and used.

The groups have asked the Commission to issue a comprehensive set of Fair Information Principles for the digital era, and to abandon its previous notice and choice model, which is not effective for consumer privacy protection.

Specifically, at the Roundtable on Monday, consumer panelists and privacy experts will call on the FTC to stop relying on industry privacy self-regulation because of its long history of failure. Last September, a number of consumer groups provided Congressional leaders and the FTC a detailed blueprint of pro-active measures designed to protect privacy, available at: http://www.democraticmedia.org/release/privacy-release-20090901.

These measures include giving individuals the right to see, have a copy of, and delete any information about them; ensuring that the use of consumer data for any credit, employment, insurance, or governmental purpose or for redlining is prohibited; and ensuring that websites should only initially collect and use data from consumers for a 24-hour period, with the exception of information categorized as sensitive, which should not be collected at all. The groups have also requested that the FTC establish a Do Not Track registry.

Quotes from Monday’s panelists:

Marc Rotenberg, EPIC: “There is an urgent need for the Federal Trade Commission to address the growing threat to consumer privacy.  The Commission must hold accountable those companies that collect and use personal information. Self-regulation has clearly failed.”

Jeff Chester, Center for Digital Democracy: “Consumers increasingly confront a sophisticated and pervasive data collection apparatus that can profile, track and target them online. The Obama FTC must quickly act to protect the privacy of Americans,including information related to their finances, health, and ethnicity.”

Susan Grant, Consumer Federation of America: “It’s time to recognize privacy as a fundamental human right and create a public policy framework that requires that right to be respected,” said Susan Grant, Director of Consumer Protection at Consumer Federation of America. “Rather than stifling innovation, this will spur innovative ways to make the marketplace work better for consumers and businesses.”

Pam Dixon, World Privacy Forum: “Self-regulation of commercial data brokers has been utterly ineffective to protect consumers. It’s not just bad actors who sell personal information ranging from mental health information, medical status, income, religious and ethnic status, and the like. The sale of personal information is a routine business model for many in corporate America, and neither consumers nor policymakers are aware of the amount of trafficking in personal information. It’s time to tame the wild west with laws that incorporate the principles of the Fair Credit Reporting Act to ensure transparency, accountability, and consumer control.”

Written statements and other materials for the roundtable panelists are available at the following links:

CDD/USPIRG: http://www.democraticmedia.org/node/419

WPF: http://www.worldprivacyforum.org/pdf/WPF_Comments_FTC_110609fs.pdf

CFA: http://www.consumerfed.org/elements/www.consumerfed.org/File/5%20Myths%20about%20Online%20Behavioral%20Advertising%2011_12_09.pdf

EPIC: www.epic.org

“Cookie Wars, Real-Time Targeting, and Proprietary Self Learning Algorithms: Why the FTC Must Act Swiftly to Protect Consumer Privacy”

That’s the title of comments filed at the U.S. Federal Trade Commission by my Center for Digital Democracy and U.S. PIRG.  I also just gave a presentation with the same name at last week’s meeting of data protection commissioners in Madrid, Spain.   It’s available here.

Here’s an excerpt:   Today, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990’s. So-called “one-to-one marketing,” where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach.

Database Games AOL May Play: “Database Matching” Subscribers Behavior Online and Off

We think it’s ironic that the same week AOL joins with several other leading digital marketers to kill-off a new online privacy law in Maine designed to protect adolescents, an article in Advertising Age reveals how much it covets–and hopes to financially harvest–data from its 5.8 million customers.  Here’s an excerpt on so-called database matching–in essence, a digital spy watching what you do offline and on AOL:

Valuable eyeballs
While many major ad-supported internet properties would kill to have as many paying users as AOL, it’s the users’ behavior that puts them in the company’s sweet spot. Subscribers are AOL’s uber-users — more valuable than average because they use more AOL properties and products than typical web visitors and, as a whole, are a large part of the traffic that sees ads and then converts, either by clicking through or making a purchase.

The company also sees subscribers as a valuable source of research and insights — a sort of panel it can use to understand online behavior and ad receptivity.

“There are other ways they can bring value, ways we can use the data and understand how they interact with content,” Mr. Levick said [AOL’s president for global advertising and strategy]. “If we can look at them in the aggregate and see how they interact with certain advertising, it could bring us closer to the last mile of online research.”

How it would do that isn’t exactly clear, but like other web properties, AOL has databases of users who have registered for services and can work with marketers to “database match.”

“[Database matching] is interesting in terms of connecting online exposure to offline sales,” said Carrie Frolich, managing director-digital at Mediaedge:cia. “If I have a client that directly sells their product, be it a pizza-delivery or phone company, they know names and addresses, and AOL knows that. With the assistance of a third party, they can match up our database and their database and come up with a matched set that you can load into ad server and measure exposures and measure the lift.”

source:  Why once-dispensable access biz is central to AOL’s strategy.  Abbey Klaassen.  Ad Age.  August 24, 2009

Technology Policy Institute Spins the Privacy Debate in D.C.–Group funded by Some of the Biggest Data Collection Companies

Today, the Technology Policy Institute (TPI) is holding a Hill forum on privacy and the Internet.  The group’s announcement for the event states that More privacy, however, would mean less information, less valuable advertising, and thus fewer resources available for producing new low-priced services.  It is this tradeoff that Congress needs to take into account as it considers new privacy legislation.”

What an absurd, reductionistic, and intellectually-dishonest claim.  First, this group is funded by some of the largest companies engaged in behavioral data collection and also fighting meaningful privacy policies.   That includes Google and Time Warner.  TPI’s other funders involved in some form of data collection and targeted interactive marketing include AT&T, Cisco, the National Cable and Telecommunications Association and Verizon.  Rep. Cliff Stearns, the ranking member of the House Subcommittee on the Communications, Technology, and the Internet is speaking at the event: that committee is currently drafting privacy legislation to protect consumers.  Panel speakers include TPI supporters Google and Comcast.  The lone privacy group on the panel, CDT, is funded by Google and others.  One academic on the panel also works for a high-tech consulting company.  The other panel academic has done fine work on social networks and privacy.

What makes TPI’s posturing absurd, beyond its funding conflicts, is the current economic crisis.  Consumer privacy laws are required to ensure that our financial, health and other personal transactions online are conducted in a responsible manner.  Anyone–or group–who believes that we can’t have both privacy and a robust online marketplace is out of touch.

IAB Works to Undermine Obama Consumer Protection Plan [On its Exec. Board includes Google, Time Warner, Disney, NYT, CBS, WPP]

The Interactive Advertising Bureau (IAB) signed a July 20, 2009 letter sent to Rep. Barney Frank of the House Committee on Financial Services raising questions–and really attempting to undermine–the Obama Administration’s proposed Consumer Financial Protection Agency.  Others signing the letter included the Business Roundtable, Consumers Bankers Association, Consumer Data Industry Association, Financial Services Roundtable, the Real Estate Roundtable and the U.S. Chamber of Commerce.  The IAB wasn’t the only ad lobby group signing the letter; so did the 4A’s and the DMA.  My colleagues in the consumer community view the letter as an attempt to derail the bill [the letter, which asks for a delay on the bill, says that “there will be significant dangerous, unintended consequences if the legislation is enacted in its current form.”]

Why would the IAB be concerned about the creation of a new powerful consumer financial watchdog?  It’s because their members work with companies engaged in digitally-related financial products–including mortgages, loans, credit cards, and so-called lead generation services.  The IAB benefits from the hundreds of millions spent year year on interactive ads for financially-related services (Among the top 15 digital advertisers in 2008 were Scottrade, Tree.com, TD Ameritrade Holding Co, Bank of America, FMR Corp, Experian, etc.). The IAB is clearly afraid of having an agency that would be empowered to investigate how online marketers sell and promote a wide range of financial products online.

We do wonder whether IAB board members that support the Obama Administration’s proposal (which is widely backed by consumer groups) understand the implications of the position it has taken.  Personally, I believe the creation of the new agency is critically important.  We must ensure that American consumers are never again victims when buying financial products.  Given that most of us will be learning about and purchasing financial services online, the proposed new agency will have to address how a number of IAB’s members engage in digitally-delivered financial services.

A Microsoft/Yahoo! Deal will Raise Privacy and Competition Issues [Annals of Behavioral Targeting Mergers]

Microsoft and Yahoo!  should expect privacy and consumer groups to vigorously press regulators to closely and skeptically examine any deal–and at the very least urge them to impose a series of tough conditions on data collection and ad practices.  This digital duo will not get a free data collection pass from privacy and consumer groups, even if a new combination would provide much needed competition to Google.  Microsoft and Yahoo have created elaborate data collection services across platforms and applications, including for behavioral targeting.  They have competing ad targeting businesses in search, display and mobile, for example.  Both companies operate leading ad exchanges (where our profile data is bought and sold like food commodities). They also have competing ad targeting research and development efforts. Beyond the US, there are important competition and privacy issues for the EU as well.

A merger that further concentrates control by a dwindling very few over the digital marketing and advertising business illustrates how quickly consolidation has emerged as a principal and worrisome feature of the Internet era.

Progress & Freedom Foundation Comes to Aid of its Data-Collecting Backers (Using a `save the newspapers’ as a ploy to permit violations of consumer privacy protection!)

This report from Internetnews.com on the Progress and Freedom Foundation’s “Congressional” briefing illustrates how desperate some online marketers are that a growing number of bi-partisan congressional leaders want to protect consumer privacy.  So it’s not surprising that some groups that are actually financially supported by the biggest online marketing data collectors in the world would hold a Hill event to help out the friends who pay their bills.

It should have been noted in Ken Corbin’s that Google, Microsoft, Time Warner (AOL), News Corp. (MySpace) financially back the Progress and Freedom Foundation (PFF).  Other behavioral data targeting `want to be’s’ who monopolize U.S. online and other platforms are also backers:  AT&T, Comcast, NBC, Disney/ABC, Viacom/MTV/Nick, etc. For a list, see here.

PFF and some of its allies deliberately distort the critique of consumer and privacy groups.  We are not opposed to online marketing and also understand and support its revenue role for online publishing.  But many of us do oppose as unfair to consumers a stealth-like data collection, profiling and ubiquitous tracking system that targets people online.  One would suppose that as a sort of quasi-libertarian organization, PFF would support individual rights.  But given all the financial support PFF gets from the major online data collectors, how the group addresses the consumer privacy issue must be viewed under the `special interests pays the bills’ lens.

PFF and its allies are playing the ‘save the newspaper’ card in their desperate attempt to undermine the call for lawmakers to protect consumer privacy.  Newspapers and online publishers should be in the forefront of supporting reader/user privacy; it enhances, not conflicts, with the First Amendment in the digital era.  Finally, PFF’s positions on media issues over the years has actually contributed to the present crisis where journalism is on the endangered species list.  This is a group that has worked to dismantle the FCC, eliminate rules designed to foster diverse media ownership, and undermine network neutrality.

PS:  The article quotes from Prof. Howard Beales of George Washington University (and a fCV,ormer Bush FTC official with oversight on privacy).  Prof. Beales was on the PFF panel.  Prof. Beales, according to his CV has served as a consultant to AOL and others (including  Primerica and the Mortgage Insurance Companies of America).  Time Warner, which owns AOL, is a PFF financial backer.  All this should have been noted in the press coverage.

Online Consumers Require Real Privacy Safeguards, Not the Digital Fox [AAAA, ANA, BBB, DMA & IAB] in Charge of the Data Hen House

The self-regulatory proposals released today [2 July 2009]  by five marketing industry trade and lobby groups are way too little and far too late. This move by the online ad industry is an attempt, of course, to quell the growing bi-partisan calls in Congress to enact meaningful digital privacy and consumer protection laws. It’s also designed to assuage a reawakened Federal Trade Commission–whose new chair, Jon Leibowitz, recently appointed one the country’s most distinguished consumer advocates and legal scholars to direct its Bureau of Consumer Protection (David Vladeck). The principles are inadequate, even beyond their self-regulatory approach that condones, in effect, the “corporate fox guarding the digital data henhouse.” Effective government regulation is required to protect consumers. We should have learned a painful lesson by now with the failure of the financial industry to oversee itself. The reckless activities of the financial sector—made possible by a deregulatory, hands-off government policy–directly led to the current financial catastrophe. As more of our transactions and daily activities are conducted online, including those involving financial and health issues–through PCs, mobile phones, social networks, and the like–it is critical that the first principle be to ensure the basic protection of consumer privacy. Self-dealing “principles” concocted by online marketers simply won’t provide the level of protection consumers really require.

The industry appears to have embraced a definition of behavioral targeting and profiling that is at odds with how the practice actually works. Before any data is collected from consumers, they need to be candidly informed about the process–such as the creation and evolution of their profile; how tracking and data gathering occurs site to site; what data can be added to their profile from outside databases; the role that data targeting plays on so-called first-party websites, etc. In addition, the highest possible consumer safeguards are necessary when financial and health data are involved. Under the loosey-goosey trade industry principles, however, only “certain health and financial data” are to be treated as a “sensitive” category. This would permit widespread data collection involving personal information regarding our health and financial concerns. The new principles, moreover, fail to protect the privacy of teenagers; nor do they seriously address children’s privacy. (I was one of the two people that led the campaign to enact the Children’s Online Privacy Protection Act).

The failure to develop adequate safeguards for sensitive consumer information illustrates, I believe, the inability of the ad marketing groups to seriously address online privacy. The so-called “notice and choice” approach embraced by the industry has failed. More links to better-written privacy statements don’t address the central problem: the collection of more and more user data for profiling and targeting purposes. There needs to be quick Congressional action placing limits on the collection, use and retention of consumer data; opt-in control over profile information; and the creation of a meaningful sensitive data category. Consumer and privacy groups intend to work with Congress to ensure that individuals don’t face additional losses due to unfair online marketing practices.

[press statement by the Center for Digital Democracy]