CDD Filings Digital Citizen

June 25, 2019 The Honorable Joseph Simons The Honorable Noah Phillips Chairman Commissioner Federal Trade Commission Federal Trade Commission 600 Pennsylvania Avenue, NW 600 Pennsylvania Avenue, NW Washington, DC 20580 Washington, DC 20580 The Honorable Rohit Chopra The Honorable Rebecca Slaughter Commissioner Commissioner Federal Trade Commission Federal Trade Commission 600 Pennsylvania Avenue, NW 600 Pennsylvania Avenue, NW Washington, DC 20580 Washington, DC 20580 The Honorable Christine Wilson Commissioner Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Dear Chairman Simons, Commissioner Phillips, Commissioner Chopra, Commissioner Slaughter, and Commissioner Wilson: The Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD) have been encouraged by recent media reports that the Federal Trade Commission is preparing to take action against Google and YouTube for violating the Children’s Online Privacy Protection Act (COPPA). CCFC and CDD, represented by the Institute for Public Representation at Georgetown Law (IPR), are the organizations responsible for drafting the Request to Investigate Google and YouTube filed with the FTC on April 9, 2018. Previously, IPR filed on behalf of CCFC and CDD Requests to Investigate YouTube’s promotion of unfair and deceptive influencer marketing to children (October 21, 2016) and unfair and deceptive marketing practices on YouTube Kids (April 7, and November 24, 2015). As you are aware, YouTube has profited enormously by hosting channels and videos of nursery rhymes, unboxing videos, popular cartoons, and other content specifically designed for children on the main YouTube platform. But instead of getting the verifiable parental consent required before collecting children’s personal information, Google claims that YouTube is not for children under thirteen, and therefore, no consent is required. This defense is outlandish given that YouTube is the number one online destination for kids. In short, Google has profited by violating the law and the privacy of tens of millions of children. For this reason, the FTC must sanction Google at a scale commensurate with the company’s unprecedented and unparalleled violations of COPPA. As we pointed out in our Request to Investigate, the maximum civil penalties should be imposed because: Google had actual knowledge of both the large number of child-directed channels on YouTube and the large numbers of children using YouTube. Yet, Google collected personal information from nearly 25 million children in the U.S over a period of years, and used this data to engage in very sophisticated digital marketing techniques. Google’s wrongdoing allowed it to profit in two different ways: Google has not only made a vast amount of money by using children’s personal information as part of its ad networks to target advertising, but has also profited from advertising revenues from ads on its YouTube channels that are watched by children. [April 9, 2018 Request to Investigate at 26-27 (footnotes omitted)]. Moreover, any consent order must mandate meaningful changes to YouTube’s business practices. For example, all child-directed content should be placed on a separate platform where targeted advertising, commercial data collection, links to other sites or content, and autoplay are prohibited. Google must also live up to its Terms of Service – which stipulate YouTube is only for persons thirteen and older – by removing all kids’ content from the main YouTube platform. By ensuring such changes, the Commission will do a tremendous service to America’s families seeking to provide a healthy media environment for their children, while sending a clear message to all online and mobile operators that no one is above the law. Google’s disregard of children’s welfare is demonstrated not only by the evidence in our complaints, but by numerous reports of violent, sexual and other inappropriate content available to children on both YouTube Kids and on the main YouTube platform. Moreover, the company refused to turn off recommendations on videos featuring young children in leotards and bathing suits even after researchers demonstrated YouTube’s algorithm was recommending these videos to pedophiles. These ongoing and serious issues require that the FTC take strong action. We believe that Google should repay America’s families by creating a truly safe space for kids and fostering the production of quality non-commercial children’s programming. Attached you will find a list of recommended penalties and conditions to be included in a final consent order. We would be happy to meet with you to discuss our proposed remedies in greater detail. Thank you. Sincerely, Jeffrey Chester Executive Director Center for Digital Democracy Josh Golin Executive Director Campaign for a Commercial-Free Childhood Angela J. Campbell Director Institute for Public Representation Georgetown Law Encl.: Proposed Consent Order Penalties and Conditions Proposed Consent Order Penalties and Conditions The FTC should seek a 20-year consent decree which includes the following forms of relief: Injunctive relief Destroy all data collected from children under 13, in all forms in Google’s possession, including inferences drawn from this data, custody, or control of YouTube and all of Alphabet’s subsidiaries engaged in online data collection or commercial uses (e.g. advertising), including, but not limited to, Google Ads, Google Marketing Platform and their predecessors. Immediately stop collecting data from any user known to be under age 13, and any user that a reasonable person would likely believe to be under age 13, including, but not limited to, persons that are viewing any channel or video primarily directed to children, persons who have been identified for targeted ads based on being under 13 or any proxy for under 13 (e.g., grade in school, interest in toys, etc.), or any other factors. Identify, as of the date of this consent order, as well as on an ongoing basis, any users under age 13, and prohibit them from accessing content on YouTube. Prohibit users under age 13 from accessing content on YouTube Kids unless and until YouTube has provided detailed notice to parents, obtained parental consent, and complied with all of the other requirements of COPPA and this consent order. Remove all channels in the Parenting and Family lineup, as well as any other YouTube channels and videos directed at children, from YouTube. YouTube may make such channels and videos available on a platform specifically intended for children (e.g. YouTube Kids) only after qualified human reviewers have reviewed the content and determined that the programming comply with all of the policies for YouTube’s child-directed platform, which must include, but are not limited to: No data collection for commercial purposes. Any data collected for “internal purposes” must be clearly identified as to what is being collected, for what purpose, and who has access to the data. It may not be sold to any third parties. No links out to other sites or online services. No recommendations or autoplay. No targeted marketing. No product or brand integration, including influencer marketing. Consumer education Require Google to fund independent organizations to undertake educational campaigns to help children and parents understand the true nature of Google’s data-driven digital marketing systems and its potential impacts on children’s wellbeing and privacy. Require Google to publicly admit (in advertising and in other ways) that it has violated the law and warn parents that no one under 13 should use YouTube. Record keeping and monitoring provisions Google must submit to an annual audit by a qualified, independent auditor to ensure that Google is complying with all aspects of the consent decree. The auditor must submit their report to the FTC. The FTC shall provide reports to Congress about the findings. All of the annual audits must be publicly available without redaction on the Commission’s website within 30 days of receipt. Google may not launch any new child-directed service until the new service has been reviewed and approved by an independent panel of experts – including child development and privacy experts – to be appointed by the FTC. Google must retain, and make available to the FTC on request, documentation of its compliance with the consent decree. Civil penalties and other monetary relief Google will pay the maximum possible civil penalties – $42,530 per violation. Whether violations are counted per child or per day, the total amount of the penalty must be sufficiently high to deter Google and YouTube from any further violations of COPPA. Google to establish a $100 million fund to be used to support the production of noncommercial, high-quality, and diverse content for children. Decisions about who receives this money must be insulated from influence by Google. In addition, we ask the FTC to consider using its authority under Section 13(b) of the FTC Act to require Google and YouTube to disgorge ill-gotten gains, and to impose separate civil penalties on the management personnel at Google and YouTube who knowingly allowed these COPPA violations to occur.

The Center for Digital Democracy (CDD) respectfully urges the Federal Election Commission (FEC) to adopt regulations to ensure that voters will have meaningful transparency and control over the digital data and marketing practices used in elections today. The FEC must boldly act and use its legal authority and leadership position to enact—as well as recommend—much-needed safeguards. We call on the FEC to tell campaigns that they must refrain from using digital tactics that promote “voter suppression.” It should also urge federal candidates not to use viral and other forms of stealth communications to influence voters through misinformation—including “fake news.” The FEC should go on record saying that political campaigns should not deploy digital marketing tactics that have not been publicly assessed for their impact on the integrity of the voting process—such as the use of predictive artificial intelligence products (including bots) and applications designed to bypass conscious decision-making (through the use of neuromarketing and emotionally based psychometrics). Read more.

The Center of Digital Democracy joins 28 other media and social justice, consumer protection, civil liberties and privacy groups, asking the FCC to implement its broadband privacy rules and to reject industry calls to repeal the Order.

Washington, DC (August 29, 2016) – The Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) today filed a complaint with the Federal Trade Commission, stating that the WhatsApp plan to transfer user data to Facebook is unlawful and that the FTC is obligated to block the proposed change in business practices.The EPIC-CDD complaint responds to a recent announcement from WhatsApp that the company plans to disclose the verified telephone numbers of WhatsApp users to Facebook for user profiling and targeted advertising.“When Facebook acquired WhatsApp, WhatsApp made a commitment to its users, to the Federal Trade Commission, and to privacy authorities around the world not to disclose user data to Facebook. Now they have broken that commitment,” said Marc Rotenberg, President of EPIC. “Clearly, the Federal Trade Commission must act. The edifice of Internet privacy is built on the FTC’s authority to go after companies that break their privacy promises.” Facebook and WhatsApp are the two largest social network services in the world. According to Wikipedia, WhatsApp has over one billion users. Facebook purchased the company in February 2014 for 19.3 billion dollars.EPIC Consumer Protection Counsel Claire Gartland explained, “In 2014, the FTC said that WhatsApp had to obtain affirmative consent to transfer user data to Facebook. There was an opt-out provision but that only applied to new information. Since WhatsApp intends to transfer user telephone numbers, which is not new data, it must obtain opt-in consent.”Gartland continued, “The phone number may also be the single most valuable piece of personal data obtained by WhatsApp. WhatsApp users are required to provide a verified phone number to use the service. And the phone number provides a link to a vast amount of personal information.”“The proposed change – an opt-out for data previously obtained – is exactly what the FTC said WhatsApp could not do,” said Gartland. “The transfer is only allowed if the consent is opt-in.”“The FTC has an obligation to protect WhatsApp users. Their personal information should not be incorporated into Facebook’s sophisticated data driven marketing business,” said Katharina Kopp, Ph.D., and CDD’s Director of Policy. “Data that was collected under clear rules should not be used in violation of the privacy promises that WhatsApp made. That is a significant change that requires an opt-in, according to the terms the FTC set out. It’s not complicated. If WhatsApp wants to transfer user data to Facebook, it has to obtain the user’s affirmative consent.”In 2011, EPIC, CDD and more than a dozen consumer privacy organizations pursued a successful complaint at the FTC that led to a twenty-year consent order after Facebook changed user privacy settings in a way that made users' personal information, such as Friend lists and application usage data, more widely available to the public and to Facebook’s business partners.Former FTC Chair John Liebowitz said at the time, “Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users. Facebook's innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not."When Facebook proposed to acquire WhatsApp in 2014, EPIC and CDD said the FTC must protect the privacy of WhatsApp users. The FTC said that WhatsApp must continue to honor its privacy promises to consumers.The FTC warned, “If the acquisition is completed and WhatsApp fails to honor these promises, both companies could be in violation of Section 5 of the Federal Trade Commission (FTC) Act and, potentially, the FTC's order against Facebook.”The Federal Trade Commission has previously undertaken investigations against many firms that have engaged in unfair or deceptive trade practices.The Electronic Privacy Information Center (EPIC) (link is external) is a public interest research center in Washington, DC. EPIC was established in 1994 to focus public attention on emerging privacy and civil liberties issues and to protect privacy, freedom of expression, and democratic values in the information age. EPIC maintains one of the most popular privacy web sites in the world - epic.org (link is external) - and pursues a wide range of program activities including policy research, public education, litigation, publications, and advocacy. The Center for Digital Democracy (CDD) is recognized as one of the leading consumer protection and privacy organizations in the United States. Since its founding in 2001 (and prior to that through its predecessor organization, the Center for Media Education), CDD has been at the forefront of research, public education, and advocacy protecting consumers in the digital age.REFERENCESEPIC/CDD, In the Matter of WhatsApp: Complaint, Request for Investigation, Injunction, and Other Relief (Aug. 29, 2016),https://epic.org/privacy/ftc/whatsapp/EPIC-CDD-FTC-WhatsApp-Complaint-20... (link is external)FTC, “Enforcing Privacy Promises” (2016),https://www.ftc.gov/news-events/media-resources/protecting-consumer-priv... (link is external)FTC Press Release, “FTC Notifies Facebook, WhatsApp of Privacy Obligations in Light of Proposed Acquisition” (Apr. 10, 2014),https://www.ftc.gov/news-events/press-releases/2014/04/ftc-notifies-face... (link is external)FTC Letter to FB and WhatsApp, "Letter From Jessica L. Rich, Director of the Federal Trade Commission Bureau of Consumer Protection, to Erin Egan, Chief Privacy Officer, Facebook, and to Anne Hoge, General Counsel, WhatsApp Inc.” (Apr. 10, 2014),https://www.ftc.gov/news-events/press-releases/2014/04/ftc-notifies-face... (link is external)FTC, "Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises” (2011),https://www.ftc.gov/news-events/press-releases/2011/11/facebook-settles-... (link is external)FTC Consent Order with FB (2011),https://www.ftc.gov/news-events/press-releases/2012/08/ftc-approves-fina... (link is external)EPIC, In re WhatsApp,https://epic.org/privacy/internet/ftc/whatsapp/ (link is external)EPIC, In re Facebook,https://epic.org/privacy/inrefacebook/ (link is external)###