CDD

CDD Filings

  • The Center for Digital Democracy (CDD) respectfully urges the Federal Election Commission (FEC) to adopt regulations to ensure that voters will have meaningful transparency and control over the digital data and marketing practices used in elections today. The FEC must boldly act and use its legal authority and leadership position to enact—as well as recommend—much-needed safeguards. We call on the FEC to tell campaigns that they must refrain from using digital tactics that promote “voter suppression.” It should also urge federal candidates not to use viral and other forms of stealth communications to influence voters through misinformation—including “fake news.” The FEC should go on record saying that political campaigns should not deploy digital marketing tactics that have not been publicly assessed for their impact on the integrity of the voting process—such as the use of predictive artificial intelligence products (including bots) and applications designed to bypass conscious decision-making (through the use of neuromarketing and emotionally based psychometrics). Read more.
  • Press Release

    Advocates Say Google’s YouTube Violates Federal Children’s Privacy Law

    Consumer, privacy and children’s groups file complaint urging FTC to stop most popular kids’ online video service from gathering children’s data

    WASHINGTON, DC—April 9, 2018—Today, a coalition of leading U.S. child advocacy, consumer, and privacy groups represented by the Institute for Public Representation filed a complaint (link is external) urging the Federal Trade Commission (FTC) to investigate and sanction Google for violations of the Children’s Online Privacy Protection Act (COPPA) in operating YouTube. Google claims that YouTube is only for users 13 and up, despite being the most popular online platform for children, used by 80% of American children ages 6 to 12. The site features many programs designed and promoted for children and Google generates significant profits from kid-targeted advertising. The complaint says the FTC should subject Google to penalties, which could total in the billions of dollars. The Center for Digital Democracy (CDD), Campaign for a Commercial-Free Childhood (CCFC), and 21 other organizations demonstrated in their filing that Google, which owns YouTube, makes substantial profits collecting many types of personal information on kids on YouTube, including geolocation, unique device identifiers, mobile telephone numbers, and persistent identifiers used to recognize a user over time and across different websites or online services. Google collects this information without first providing direct notice to parents and obtaining their consent, and Google uses it to target advertisements to kids across the internet, including across devices. COPPA bars the operator of a website directed to children, or that has knowledge of children using it, from collecting and using such information without obtaining parental consent. CCFC’s Executive Director Josh Golin said, “For years, Google has abdicated its responsibility to kids and families by disingenuously claiming YouTube—a site rife with popular cartoons, nursery rhymes, and toy ads—is not for children under thirteen. Google profits immensely by delivering ads to kids and must comply with COPPA. It’s time for the FTC to hold Google accountable for its illegal data collection and advertising practices.” Child directed channels such as ChuChuTV Nursery Rhymes & Kids Songs (15.9 million subscribers and over 10 billion channel views) and LittleBabyBum (14.6 million subscribers and over 14 billion channel views) are among the most popular channels on YouTube. Major advertisers pay Google a premium to place their ads in a platform known as “Google Preferred,” which includes a “Parenting and Family” lineup comprised mostly of popular channels targeted to children. “Google has acted duplicitously by falsely claiming in its terms of service that YouTube is only for those who are age 13 or older, while it deliberately lured young people into an ad-filled digital playground,” said Jeff Chester of the Center for Digital Democracy. “Just like Facebook, Google has focused its huge resources on generating profits instead of protecting privacy.” Angela J. Campbell, counsel for CCFC and CDD, said: “Given the large number of children affected and the extent of YouTube’s COPPA violations, the FTC needs to impose large civil penalties to show it is serious about protecting children’s privacy online.” James P. Steyer, CEO of Common Sense, said: "Kids have been watching videos on YouTube for years, something the company has known, and profited off of, by targeting content and ads at children under 13. It is time for Google to be completely transparent with all the facts and institute fundamentally responsible new policies moving forward to protect the privacy of kids. We fully expect Google to work closely with advocates and reach out to parents with information about parental controls, content, and collection practices on YouTube so parents can make informed choices about what content they allow their kids to access and how to protect their privacy.” Katie McInnis, policy counsel for Consumers Union, said: “YouTube knows children are watching content on their site, and has created content channels specifically aimed at them, but does not appear to obtain the required parental consent before collecting information about them. Google has the responsibility to be COPPA-compliant and ensure that children can safely watch the programs designed and promoted for kids. These practices present serious concerns that warrant the FTC’s attention.” Groups signing on to the complaint to the FTC along with CDD and CCFC are: Berkeley Media Studies Group; Center for Media Justice; Common Sense; Consumer Action; Consumer Federation of America; Consumer Federation of California; Consumers Union, the advocacy division of Consumer Reports; Consumer Watchdog; Corporate Accountability; Defending the Early Years; Electronic Privacy Information Center (“EPIC”); New Dream; Obligation, Inc.; Parent Coalition for Student Privacy; Parents Across America; Parents Television Council; Privacy Rights Clearinghouse; Public Citizen; The Story of Stuff Project; TRUCE (Teachers Resisting Unhealthy Childhood Entertainment); and USPIRG. The complaint was drafted by the Communications & Technology Law Clinic in the Institute for Public Representation at Georgetown University Law Center. ###
  • WASHINGTON, DC – October 18, 2017—A number of brands of “smartwatches” intended to help parents monitor and protect young children have major security and privacy flaws which could endanger the children wearing them. A coalition of leading U.S. child advocacy, consumer, and privacy groups sent a letter to the Federal Trade Commission (FTC) today, asking the agency to investigate the threat these watches pose to children. Smartwatches for children essentially work as a wearable smartphone. Parents can communicate with their child through the mobile phone function and track the child’s location via an app. Some product listings recommend them for children as young as three years old. Groups sending the letter to the FTC are the Electronic Privacy Information Center (EPIC), the Center for Digital Democracy (CDD), the Campaign for a Commercial-Free Childhood (CCFC), the Consumer Federation of America, Consumers Union, Public Citizen, and U.S. PIRG. The advocacy groups are working with the Norwegian Consumer Council (NCC), which conducted research (link is external) showing that watches sold in the U.S. under the brands Caref and SeTracker have significant security flaws, unreliable safety features, and policies which lack consumer privacy protections. In the EU, groups are filing complaints in Belgium, Denmark, the Netherlands, Sweden, Germany, the UK, and with other European regulators. “By preying upon parents’ desire to keep children safe and, these smart watches are actually putting kids in danger,” said CCFC’s Executive Director Josh Golin. “Once again, we see Internet of Things products for kids being rushed to market with no regard for how they will protect children’s sensitive information. Parents should avoid these watches and all internetconnected devices designed for kids.” The NCC’s research showed that with two of the watches, a stranger can take control of the watch with a few simple steps, allowing them to eavesdrop on conversations the child is having with others, track and communicate with the child, and access stored data about the child’s location. The data is transmitted and stored without encryption. The watches are also unreliable: a geo-fencing feature meant to notify parents when a child leaves a specified area, as well as an “SOS” function alerting parents when a child is in distress, simply do not work. The manufacturers’ data practices also put children at risk. Some devices have no privacy policies at all, and the policies that do exist lack basic consumer protections, including seeking consent for data collection, notifying users of changes in terms, and allowing users to delete stored data. "The Trump Administration and the Congress must bring America’s consumer product safety rules into the 21st century,” said Jeff Chester of the Center for Digital Democracy. “In the rush to make money off of kids’ connected digital devices, manufacturers and retailers are failing to ensure these products are truly safe. In today’s connected world that means protecting the privacy and security of the consumer—especially of children. Both the FTC and the Consumer Product Safety Commission must be given the power to regulate the rapidly growing Internet of Things marketplace.” The Caref (branded Gator in Europe) and SeTracker smartwatches are available online through Amazon. The groups have asked the FTC to act quickly to investigate these products, and they advise parents to refrain from buying the products because of the danger they could pose to children. The NCC, which conducted the testing of the watches, advises consumers who have already purchased the watches to stop using them and uninstall the app. “The Federal Trade Commission must be proactive in protecting consumers—especially vulnerable young children—from harmful products that abuse technology for the sake of profit,” said Kristen Strader, Campaign Coordinator for Public Citizen. “Smartwatches and similar devices must be absolutely safe and secure before they are released to the public for sale.” Ed Mierzwinski, Consumer Program Director at U.S. PIRG, said, "Companies making any internet-connected devices, but especially for children, need to ensure that privacy and security are more than breakable — or worse, hackable — promises." Katie McInnis, technology policy counsel for Consumers Union, said, “When a company sells a smartwatch aimed at children, it must ensure the product is safe and secure. The FTC should launch an investigation into the privacy and security concerns surrounding these products to make sure families are safe.” The same trans-Atlantic coalition persuaded government authorities and retailers last December (link is external) that the internet-connected dolls Cayla and i-Que Robot were spying on children and threatening their welfare, and retailers removed the toys from store shelves. The FBI subsequently issued a warning to consumers (link is external) that internet-connected toys could put the privacy and safety of children at risk. --- For more information, please see the following: Letter to FTC by coalition of leading U.S. child advocacy, consumer, and privacy groups (link below) Press Release by US coalition of leading U.S. child advocacy, consumer and privacy groups (link below) #WatchOut Report by Norwegian Consumer Council (link below) Press Release by Norwegian Consumer Council (link below) #WatchOut English - YouTube (http://bit.ly/2ghNoD1 (link is external)) #WatchOut - longer video explainer on security flaws 4:30 mins - YouTube (http://bit.ly/2xLYSVv (link is external))
    Jeff Chester
  • Washington, DC (March 6, 2017): The Center for Digital Democracy (CDD), Campaign for a Commercial-Free Childhood, Common Sense Kids Action, Consumer Action and the Electronic Privacy Information Center (EPIC) called on the Federal Communications Commission (FCC) to reject industry requests to rescind the FCC’s broadband privacy rules, as this would leave parents effectively without any tools to protect their children’s privacy on broadband Internet Service Provider networks (ISPs). The groups warned that any attempts to modify the privacy rule would significantly weaken the privacy protections for children. The filing to the FCC was drafted by the Institute for Public Representation at Georgetown University Law Center (IPR). In October 2016, the Federal Communications Commission adopted ground-breaking privacy rules protecting the personal information of broadband internet service customers, including children. The FCC rules set limits on what internet service providers may do with the highly sensitive data that they collect in the course of providing internet service. These rules were intended to give consumers and parents the tools they need to make informed decisions about how their information, or the information of their children, is used by their ISP. Most significantly, the rules require ISPs to obtain opt-in approval for use and sharing of sensitive customer personal information for purposes other than providing broadband service. “Sensitive” information includes precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications. In their filing, the advocates oppose petitions filed by ISPs, including Comcast, Verizon and Time Warner, that ask the FCC to reconsider its broadband privacy Order. The advocates explain in their filing with the FCC: Treating children’s information as sensitive and requiring notice and opt-in consent is necessary to protect children and is consistent with the FTC’s practices. This aspect of the rules is necessary, although not sufficient to protect children’s privacy. All web browsing and application usage histories must be treated as sensitive information because children's information is mixed with that of adults. In order to protect children from targeted advertising, all users' browsing and application histories must receive protection as such histories reveal traits, characteristics, likes, and dislikes. Marketers, who are intensely interested in targeting children and adolescents, would have a much greater ability to take unfair advantage of children, without these rules in place. The FCC should retain opt-in requirements for use of all categories of sensitive information, such as for web browsing and application usage histories. Since this data is inextricably intertwined with adult activities, any required additional sorting of this data into sensitive and non-sensitive data would inevitably lead to further erosion of privacy of all ISP users. Most Americans are oblivious to modern day big data practices and to the resulting potential risks to themselves or society at large. When it comes to vulnerable children it must be the obligation of ISPs to make a convincing case to parents that opting into the ISP’s data practices is in the best interest of their children. The following can be attributed to Katharina Kopp, Deputy Director, Center for Digital Democracy: The FCC Privacy Rules protect the fundamental rights of children to enjoy privacy and freedom from age-inappropriate commercial exploitation. Any attempts to weaken these rules is an attempt to leave parents and their children defenseless against powerful corporate interests. Digital food marketing of unhealthy foods to children and teens, for example, has contributed to an obesity epidemic that harms us all. This is unfair, unjust and not in the public interest. We call on the FCC to implement the Privacy Order in its entirety without any delay. The following can be attributed to Josh Golin, Executive Director, Campaign for a Commercial-Free Childhood This is a crucial test for the FCC. Will the Commission insist that parents have a right to protect their children’s privacy online? Or will the FCC aid and abet the ISP’s efforts to build digital marketing profiles of vulnerable children? We call on the Commission to do the right thing and implement the Privacy Order. The following statement can be attributed to Linda Sherry, Director of National Priorities, Consumer Action: Consumer Action opposes efforts to rescind the FCC’s broadband privacy rules, which would jeopardize the privacy of all internet service customers and strip them of the right to assert control over their sensitive information including geo-location, financial, health, etc. We join the Center for Digital Democracy in highlighting the potential harm to children, a highly vulnerable and defenseless population that has gained important new rights under the rule, which specifically recognizes the sensitivity of children’s information. The Center for Digital Democracy is a leading nonprofit organization focused on empowering and protecting the rights of the public in the digital era. The Campaign for a Commercial-Free Childhood support parents’ efforts to raise healthy families by limiting commercial access to children. Consumer Action empowers low- and moderate-income and limited-English-speaking consumers nationwide to prosper through education and advocacy. EPIC is a public interest research center in Washington, DC, established in 1994 to focus public attention on emerging privacy and civil liberties issues and to protect privacy, freedom of expression, and democratic values in the information age.
  • The Center of Digital Democracy joins 28 other media and social justice, consumer protection, civil liberties and privacy groups, asking the FCC to implement its broadband privacy rules and to reject industry calls to repeal the Order.
  • January 27, 2017 - The Center for Digital Democracy and 18 media justice, consumer protection, civil liberties, and privacy groups strongly urge congressional leaders to oppose the use of the Congressional Review Act (CRA) to adopt a Resolution of Disapproval overturning the FCC’s broadband privacy rules.---Click the link below for the full PDF of the letter.
  • Re: Exploring Special Purpose National Bank Charters for Fintech Companies Dear Comptroller Curry: The Center for Digital Democracy and U.S. Public Interest Research Group (U.S. PIRG) agree with the consumer, civil rights, and community groups and their separately filed group letter in which they expressed strong opposition to the proposed new federal nonbank lending charters. U.S. PIRG also signed and concurs with the detailed comment from National Consumer Law Center et al. The Office of the Comptroller of the Currency (OCC) must not undermine state rate caps; must not weaken states’ ability to oversee lenders and act to prevent harmful lending practices; and the OCC must not undermine efforts to provide fair and inclusive lending practices, particularly for people of color and low- and moderate-income consumers, in the areas where they operate. Further, the OCC must not allow nonbank lenders to engage in practices that violate privacy rights, or engage in unfair data and marketing practices. State laws often operate as the primary line of defense for consumers and small businesses. The OCC’s charter proposal inadequately protects consumers from these harmful practices and it should not take state law enforcers off the beat of preventing these practices. Center for Digital Democracy and U.S. PIRG file this supplemental comment to focus on the digital rights and consumer privacy concerns raised by the use of opaque Big Data algorithms used by Fintech firms. These practices increasingly threaten consumer privacy and the OCC must also take them into account when considering non-bank special purpose charters. An ongoing and increasingly challenging issue confronting citizens and consumers is the new threats to their privacy and their ability to control how personal and non- personal data about their online and offline behavior are collected and used by online financial services companies. The use of personal data by Fintech companies is pervasive and touches every aspect of their business operation, including marketing, customer loyalty management, pricing, fraud prevention, and underwriting. Fintech companies use many new on- and offline data sources, either directly collecting data from consumers or relying on third parties for Big Data analytics to classify consumers and to make predictions about them. Assigning individuals to socially constructed classifications and then making inferences about them based on group profiles is likely to have consequences that are not well understood and may further increase social inequities. Consumers’ privacy is increasingly undermined and no adequate protections are in place. The OCC must not allow an expansion of these practices via a federal charter that does not provide for adequate privacy safeguards. The OCC must proactively investigate unfair marketing practices and not grant national licenses without affirmative protections. Fintech companies are using Facebook, Instagram, and other digital behavioral data that combine data and interactive experiences to influence consumers and their social networks. Sophisticated data-processing capabilities allow for more precise micro-targeting, the creation of comprehensive profiles, and the ability to act instantly on the insights gained from consumer behaviors. Targeted and highly personalized marketing offers can be intrusive and foster consumer behaviors that are not in the best interest of the individual. Behavioral science shows that consumers are susceptible to ‘nudges’ which raises concerns about the risk of financial institutions taking advantage of the behavioral biases and limitations of consumers. Increasing personalization which Big Data makes possible, could also reduce the comparability of products, making it harder for consumers to compare one offer with another which could have an impact on market competition. Similarly, lack of transparency around the processing of data and automated algorithms may lead to increasing information asymmetries between the financial institution and the individual and thus consumers are left with less awareness and a lack of understanding and control over important financial decisions. These practices happen behind the scenes and can only be addressed by a vigilant regulator. The OCC should not allow fintech companies to operate a national license without properly addressing these data practices. The OCC must also not allow nonbank lenders or partner depository institutions to engage in unfair and discriminatory lending practices. The use of ‘alternative data’ sources can be the cause of bias or contain errors and may lead to consumer harm or unfairness. While alternative credit scoring can be a boon for the underbanked, there need to be standards and safeguards to ensure that any new data are not biased and that their use may not lead to unintended consequences. While industry has argued that increased automation will help expand access to credit and lower costs overall, credit models that are more “accurate” may lead to a more stratified society, as it will leave those at the bottom potentially excluded from credit forever. Models that judge individuals against group profiles based on past data inevitably incorporate elements of past inequality and discrimination. Communities of color are thus most vulnerable. Unless additional policies are put in place to address these consequences, inequality is likely to become more entrenched the more we rely on models for risk evaluations. Fintech platforms must comply fully with the requirements of the Fair Credit Reporting Act and Equal Credit Opportunity Act. In conclusion, the OCC must not grant new federal nonbank lending charters that would give firms free rein to use unfair data and marketing practices. Instead the OCC must proactively mitigate risks from unfair data, marketing, and lending practices that threaten to undermine privacy, consumer rights and economic inclusion. Sincerely, Jeff Chester and Katharina Kopp Center for Digital Democracy Edmund Mierzwinski U.S. PIRG Recommended further reading: BIG DATA MEANS BIG OPPORTUNITIES AND BIG CHALLENGES: Promoting Financial Inclusion and Consumer Protection in the “Big Data” Financial Era U.S. PIRG Education Fund and Center for Digital Democracy, 27 March 2014 Available at http://www.uspirg.org/reports/usf/big-data-means-big-opportunities-and-b... (link is external)
  • Internet-Connected Toys Are Spying on Kids, Threatening Their Privacy and Security

    Groups say products violate federal kids’ privacy law and FTC rules; New report on “Internet of Toys” accompanies unprecedented regulatory action from groups in US and EU

    WASHINGTON, DC – December 6, 2016 – The growing popularity of “smart” Internet-connected toys poses significant privacy, security, and other risks to children, according to a complaint filed today (link is external) by leading child advocacy, consumer, and privacy groups at the Federal Trade Commission (FTC). My Friend Cayla and I-Que Intelligent Robot, dolls marketed to both young girls and boys, collect and use personal information from children in violation of the Children’s Online Privacy Protection Act (COPPA) and FTC rules prohibiting unfair and deceptive practices. The complaint calls upon the FTC to investigate and take action against Genesis Toys, the maker of My Friend Cayla and I-Que, and Nuance Communications, which provides third-party voice recognition software for the toys. Groups filing the complaint are the Campaign for a Commercial Free Childhood (CCFC), the Center for Digital Democracy (CDD), Consumers Union, and the Electronic Privacy Information Center (EPIC).When companies collect personal information from children through the Internet, they incur serious legal obligations to protect children’s privacy. COPPA reflects a general understanding that the collection and use of information about young children should be treated with care and avoided when possible. Yet, the complaint charges, “Both Genesis Toys and Nuance Communications unfairly and deceptively collect, use, and disclose audio files of children’s voices without providing adequate notice or obtaining verified parental consent.” The complaint also takes issue with Genesis' failure to take reasonable security measures to prevent unauthorized Bluetooth connections with the toys. As a result, Genesis fails to prevent strangers and predators from covertly eavesdropping on children's private conversations, which "creates a substantial risk of harm because children may be subject to predatory stalking or physical danger."“With the growing Internet of Things, American consumers face unprecedented levels of surveillance in their most private spaces, and young children are uniquely vulnerable to these invasive practices,“ said Claire T. Gartland, Director, EPIC Consumer Privacy Project. “The FTC has an obligation here to step in and safeguard the privacy of young children against toys that spy and companies that exploit their very voices for corporate gain.”According to the complaint, the list of privacy violations by these “spy toys” is lengthy. For example, the packaging for My Friend Cayla has no mention of privacy, and locating the doll's Terms of Service is a major challenge. Once a parent does locate Cayla’s Privacy Policy and Terms of Use, these documents shed little light on what information is actually collected from children, how it’s used, or where it ends up. In one of the most serious legal violations, Genesis fails to get parents’ consent before collecting children’s voice recordings and other personal data. Children’s voice recordings from the dolls are also sent to Nuance, a company that may use them for its law enforcement and military intelligence products.“Genesis and Nuance are completely disregarding their legal and ethical obligations when it comes to kids’ privacy,” Gartland said. “Instead, they have chosen to exploit children’s sensitive voice recordings and private conversations for corporate profit. It is extremely alarming that what a child says to her ‘trusted’ friend could end up in a voice biometrics database sold to law enforcement and intelligence agencies.”Today’s FTC complaint is part of an unprecedented, coordinated, transatlantic legal action involving consumer and privacy groups in the US and Europe. Leading European consumer organizations filed a series of formal complaints with EU regulators, and with data protection, consumer protection, and product safety agencies in France, the Netherlands, Belgium, Ireland, and Norway. The combined US and European advocacy effort was triggered by groundbreaking research from the Norwegian Consumer Council, which conducted an in-depth legal and technical analysis of three Internet-connected toys (link is external). The Council’s “Toyfail” report examined Cayla, I-Que, and Mattel’s interactive Hello Barbie doll, all of which are produced and distributed by multinational companies and targeted at children.These products are part of a new generation of digital playthings – known as the “Internet of Toys” – which are growing in popularity, with consumers spending an estimated $2.8 billion on them last year (link is external). The toys use WiFi, Bluetooth, or mobile apps, and offer “smart” features such as cameras, microphones, and sensors that can record and respond to children’s interactions.Consumer groups on both sides of the Atlantic have raised serious concerns about the threats that Internet-connected toys pose to children’s privacy, security, and safety, as well as potential harms to children’s psychosocial development.Researchers who analyzed the Cayla doll discovered that it had been pre-programmed with dozens of phrases that reference Disneyworld and Disney movies. This product placement is not disclosed to users and would be difficult for young children to recognize as advertising. “Children form friendships with dolls and toys with ‘personalities,’ and confide intimate details about their lives with them,” said CCFC’s Executive Director Josh Golin. “It is critical that the sensitive data collected by these toys be subject to the most stringent protections and not be used for manipulative and sneaky marketing.”Katie McInnis, technology policy counsel for Consumers Union, said, “As more toys are connected to the Internet, we have to ensure that children's privacy and security are protected. When a toy collects personal information about a child, families have a right to know, and they need to have meaningful choices to decide how their kids' data is used. We strongly urge the FTC to investigate these companies, stop the deceptive practices, and hold them accountable."“Children today are growing up immersed in a digital world, where mobile devices, games, apps, and now a new generation of Internet-toys are profoundly shaping their social interactions, personal experiences, and behaviors,” commented Kathryn Montgomery, Professor of Communication at American University and consultant to CDD. “Regulators need to ensure that children will be able to reap the benefits of these digital technologies without being subjected to harmful practices that undermine their privacy, safety, and wellbeing.”As Montgomery, who led the campaign for passage of COPPA, also noted: “This will be a crucial test of the new FTC under the Trump Administration. Now more than ever, we must ensure that children’s needs are high on the policy agenda for the Big Data era.”The full FTC complaint from CCFC, CDD, Consumers Union, and EPIC is available at https://epic.org/privacy/kids/EPIC-IPR-FTC-Genesis-Complaint.pdf (link is external).The full Toyfail report is available at http://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws (link is external).A short video demonstrating the toys’ vulnerabilities can be viewed at https://www.youtube.com/watch?v=lAOj0H5c6Yc (link is external).
  • Center for Digital Democracy, Center for Democracy & Technology, Consumer Action, Consumer Federation of America, Consumer Federation of California, Consumers Union, Electronic Privacy Information Center, National Association of Consumer Advocates, National Consumers League, Benton Foundation, Common Sense Kids Action, and Privacy Rights Clearinghouse file this brief to highlight the potential far-reaching ramifications of this case as well as the degree to which the panel decision breaks from century-long precedent, thereby creating a sharp split among the courts of appeals.First, the panel opinion raises issues of exceptional importance. If allowed to stand, the ruling could immunize from FTC oversight a vast swath of companies that engage to some degree in a common carrier activity. This result is unprecedented, deeply disruptive to the market, and at odds with Congress’s intent. Many of the world’s largest companies offer broadband Internet or other common carriage service. These highly diverse companies could harm consumers by committing acts that are deceptive or unfair, breach privacy commitments, fail to provide reasonable security for sensitive personal data, violate any of the seventy consumer protection statutes Congress has directed the FTC to enforce, or, as in the AT&T case, deliberately omit critical information about the services a company provides – and nonetheless escape FTC enforcement. No other federal agency has authority to fill this void.Second, the panel’s decision creates a deep Circuit split by breaking from the 100-year-long understanding that the term “common carrier” is defined by activities, not status. Departing from established norms of statutory construction, the panel failed to heed settled interpretive rules requiring that exemptions from antitrust laws be construed narrowly; that remedial statutes be read broadly to effectuate their purposes; and that an agency’s interpretation of its organic statute be accorded deference. The panel’s inversion of decades of precedent creates a substantial regulatory gap and puts the Ninth Circuit directly in conflict with the D.C. and Second Circuits.---For the full argument, see the attached PDF.
  • Cross-Device Privacy Must be Protected by FCC Proposed Rule on Broadband ISPs

    Geolocation & Cross Platform and Application Data is Sensitive information. AT&T expands cross-device targeting

    ... ISPs are engaged in cross-device tracking of its subscribers and customers which allow them to target advertising at the individual and household level. Exemplary for all ISPs, we are highlighting AT&T’s efforts in this area. AT&T is expanding its cross-device tracking in order to target individuals on their mobile device after collecting and analyzing their data using the company's internal data and analytics capabilities. In a recent interview, AT&T AdWorks President Rick Welday explained that by the end of this year AT&T will allow marketers to “advertise in 14 million addressable households, 30 million mobile devices and millions of streams within the DirecTV app.” While AT&T may claim that its cross-device tracking is done “anonymously,” that is merely a euphemism to obscure the invasion of privacy that underlies such practices. Mr. Welday explains that AT&T’s data-driven monitoring of its customers enables it to develop dossiers that reveal whether their users are a new homeowner, a new parent, or in the market for an automobile. In its trials with cross-device targeting, AT&T worked with leading Fortune 100 brands as well as promoting its own “AT&T Mobility Wireless” service. The Fortune 100 companies that AT&T worked with likely provided their own so-called first-party data to be used for such cross-device targeting. This illustrates the operational realities today for consumer profiling data, where data are no longer shared with advertisers, but rather advertisers provide such data to ad-delivery platforms (such as AT&T's) for increasingly granular targeting.[3] Linking devices (and the application history on and geolocation on of those devices) to a particular consumer via a unique identifier should be prohibited, unless the ISP has obtained affirmative, express consent (opt-in). The rule’s definition of ‘sensitive information’ must therefore reflect industry practices and include any data elements that allow for this kind of cross-device tracking. The final rule must give ISP customers control over their data, and before companies can proceed with targeted advertising, they must obtain an opt-in consent from their customers. We are particularly concerned that without such safeguards the rules would allow for a by-passing of requirements of the Children’s Online Privacy Protection Act, by using insights gained via cross device tracking to target children without parental consent. Finally, we urge the Commission to affirm in its final rule the need for safeguards against any unauthorized attempts to re-link devices (and its app usage history and geolocation information) to associate them with one user. CDD respectfully urges the FCC to enact its proposed safeguards as soon as possible to help address the further eroding of Americans’ privacy by ISPs.