CDD Filings

Contact: David Monahan, CCFC (david@commercialfreechildhood.org (link sends e-mail); 617-896-9397)Jeff Chester, CDD (jeff@democraticmedia.org (link sends e-mail); 202-494-7100)Apps which Google rates as safe for kids violate their privacy and expose them to other harmsAdvocates, lawmakers call on FTC to address how Google’s Play Store promotes children’s games which violate kids’ privacy law, feature inappropriate content, and lure kids to watch ads and make in-app purchases BOSTON, MA and WASHINGTON, DC — December 19, 2018 — Today, a coalition of 22 consumer and public health advocacy groups led by Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD) called on the Federal Trade Commission (link is external) (“FTC”) to investigate and sanction Google for the deceptive marketing of apps for young children. Google represents that the apps in the “Family” section of the Google Play Store are safe for children, but the apps often violate federal children’s privacy law, expose children to inappropriate content, and disregard Google’s own policies by manipulating children into watching ads and making in-app purchases.The Play Store is Google’s one-stop shop for Android apps, games, and entertainment. Apps in the “Family” section are promoted with a green star and, in some cases, a recommended age, like “Ages 5 & Under,” or “Ages 6-8.” Google is aware from several recent academic studies that many of the apps in this section are a threat to children’s privacy and wellbeing, yet it continues to promote them with these kid-friendly ratings.“The business model for the Play Store’s Family section benefits advertisers, developers, and Google at the expense of children and parents,” said CCFC’s Executive Director Josh Golin. “Google puts its seal of approval on apps that break the law, manipulate kids into watching ads and making purchases, and feature content like kids cleaning their eyes with sharp objects. Given Google’s long history of targeting children with unfair marketing and inappropriate content, including on YouTube, it is imperative that the FTC take swift action.”Lawmakers echoed the call for FTC action. “We’re repeatedly confronted with examples of tech companies that are just not doing enough to protect consumer privacy – and I’m particularly concerned about what this failure means for our children,” said U.S. Senator Tom Udall (D-NM) regarding today’s action by the advocates. “When real-world products are dangerous or violate the law, we expect retailers to pull them off the shelves. Google’s refusal to take responsibility for privacy issues in their Play Store allows for app developers to violate COPPA, all while Google cashes in on our children’s activity. It is past time for the Federal Trade Commission to crack down to protect children’s privacy.”“Google’s dominance in the app market cannot come at the expense of its clear legal obligations to protect kids that use its products.” said David N. Cicilline (RI-01), the top Democrat on the House Antitrust Subcommittee, who raised his concerns about this issue when the Chairman of the FTC testified last week. “I am pleased that this coalition of consumer and children’s advocacy groups are urging the FTC to scrutinize whether Google is improperly tracking children and selling their data.”Google policies require apps in the Kids and Family section of its Play Store to be compliant with the Children’s Online Privacy Protection Act (COPPA). But, Google doesn’t verify compliance, so Play Store apps for children consistently violate COPPA. Many apps send children’s data unencrypted, while others access children’s locations or transmit persistent identifiers without notice or verifiable parental consent. Google has known about these COPPA violations since at least July 2017, when they were publicly reported by Serge Egelman, a researcher at the University of California, Berkeley Center for Long-Term Cybersecurity. Yet Google continues to promote such apps as COPPA-compliant.“Our research revealed a surprising number of privacy violations on Android apps for children, including sharing geolocation with third parties,” said Serge Egelman, a researcher at the University of California, Berkeley. “Given Google’s assertion that Designed for Families apps must be COPPA compliant, it’s disappointing these violations still abound, even after Google was alerted to the scale of the problem.”Google’s policies also require apps for children to avoid “overly aggressive” commercial tactics, but the advocates’ FTC complaint reveals that many popular apps feature ads that interrupt gameplay, are difficult to click out of, or are required to watch in order to advance in a game. In addition, games represented to parents as free often pressure children to make in-app purchases, sometimes going so far as to show characters crying if kids don’t buy locked items. The complaint also offers examples of multiple children’s apps that serve ads for alcohol and gambling, despite those ads being barred by Google’s Ad Policy.Other apps designated as appropriate for children are clearly not. Some contain graphic, sexualized images, like TutoTOONS Sweet Baby Girl Daycare 4 – Babysitting Fun, which has over 10 million downloads. Others model actively harmful behavior, like TabTale’s Crazy Eye Clinic, which teaches children to clean their eyes with a sharp instrument, and has over one million downloads."Parents who download apps recommended for ages 8 and under don’t expect their child to see ads which promote gambling, alcoholic beverages, or violent video games,” said Angela Campbell, Director of the Communications and Technology Clinic at Georgetown Law, which drafted the complaint. “But Google falsely claims that apps listed in the Family section only have ads which are appropriate for children. It’s important for the FTC to act quickly to protect children, especially in light of Google's dominance in the app market."The coalition has previously asked the FTC to investigate developers of children’s apps, citing research from the University of Michigan that revealed manipulative advertising is rampant in apps popular with preschoolers. Today’s complaint focuses on Google, whose misrepresentation and promotion of those apps has led to hundreds of millions of downloads.“Google (Alphabet, Inc.) has long engaged in unethical and harmful business practices, especially when it comes to children,” explained Jeff Chester, executive director of the Center for Digital Democracy (CDD). "And the Federal Trade Commission has for too long ignored this problem, placing both children and their parents at risk over their loss of privacy, and exposing them to a powerful and manipulative marketing apparatus. As one of the world’s leading providers of content for kids online, Google continues to put the enormous profits they make from kids ahead of any concern for their welfare," Chester noted. “It’s time federal and state regulators acted to control Google’s 'wild west' Play Store App activities.”Joining the Campaign for a Commercial-Free Childhood and the Center for Digital Democracy in signing today’s complaint to the FTC are Badass Teachers Association, Berkeley Media Studies Group, Color of Change, Consumer Action, Consumer Federation of America, Consumer Watchdog, Defending the Early Years, Electronic Privacy Information Center, Media Education Foundation, New Dream, Open MIC (Open Media and Information Companies Initiative), Parents Across America, Parent Coalition for Student Privacy, Parents Television Council, Peace Educators Allied for Children Everywhere (P.E.A.C.E.), Privacy Rights Clearinghouse, Public Citizen, the Story of Stuff, TRUCE (Teachers Resisting Unhealthy Childhood Entertainment), and USPIRG.In addition to filing an FTC complaint, CCFC has launched a petition (link is external) asking Google to adopt the Kids’ Safer App Store Standards, which would bar advertising in apps for kids under 5, limit ads in apps for kids 6 -12, bar in-app purchases, and require apps to be reviewed by a human before being included in the Kids and Family section of the Play Store.###

CDD today joined the Electronic Privacy Information Center (EPIC) and six other consumer groups in calling on the Federal Trade Commission to investigate the misleading and manipulative tactics of Google and Facebook in steering users to “consent” to privacy-invasive default settings. In a letter to the FTC, the eight groups complained that the technology companies deceptively nudge users to choose less privacy-friendly options. The complaint was based on the findings in a report, “Deceived by Design,” published today by the Norwegian Consumer Council. It found that Google and Facebook steer consumers into sharing vast amounts of information about themselves, through cunning design, privacy invasive defaults, and “take it or leave it”-choices, according to an analysis of the companies’ privacy updates. A report by Consumer Report investigating Facebook settings for US users found “that the design and language used in Facebook's privacy controls nudge people toward sharing the maximum amount of data with the company.” Read the Norwegian report, “Deceived by Design” here: https://www.forbrukerradet.no/undersokelse/no-undersokelsekategori/deceived-by-design (link is external) Read the letter the eight groups sent to the FTC today here: http://thepublicvoice.org/wp-content/uploads/2018/06/FTC-letter-Deceived-by-Design.pdf (link is external) Read the report by Consumer Report here: https://www.consumerreports.org/privacy/cr-researchers-find-facebook-privacy-settings-maximize-data-collection (link is external)

WASHINGTON, DC – October 18, 2017—A number of brands of “smartwatches” intended to help parents monitor and protect young children have major security and privacy flaws which could endanger the children wearing them. A coalition of leading U.S. child advocacy, consumer, and privacy groups sent a letter to the Federal Trade Commission (FTC) today, asking the agency to investigate the threat these watches pose to children. Smartwatches for children essentially work as a wearable smartphone. Parents can communicate with their child through the mobile phone function and track the child’s location via an app. Some product listings recommend them for children as young as three years old. Groups sending the letter to the FTC are the Electronic Privacy Information Center (EPIC), the Center for Digital Democracy (CDD), the Campaign for a Commercial-Free Childhood (CCFC), the Consumer Federation of America, Consumers Union, Public Citizen, and U.S. PIRG. The advocacy groups are working with the Norwegian Consumer Council (NCC), which conducted research (link is external) showing that watches sold in the U.S. under the brands Caref and SeTracker have significant security flaws, unreliable safety features, and policies which lack consumer privacy protections. In the EU, groups are filing complaints in Belgium, Denmark, the Netherlands, Sweden, Germany, the UK, and with other European regulators. “By preying upon parents’ desire to keep children safe and, these smart watches are actually putting kids in danger,” said CCFC’s Executive Director Josh Golin. “Once again, we see Internet of Things products for kids being rushed to market with no regard for how they will protect children’s sensitive information. Parents should avoid these watches and all internetconnected devices designed for kids.” The NCC’s research showed that with two of the watches, a stranger can take control of the watch with a few simple steps, allowing them to eavesdrop on conversations the child is having with others, track and communicate with the child, and access stored data about the child’s location. The data is transmitted and stored without encryption. The watches are also unreliable: a geo-fencing feature meant to notify parents when a child leaves a specified area, as well as an “SOS” function alerting parents when a child is in distress, simply do not work. The manufacturers’ data practices also put children at risk. Some devices have no privacy policies at all, and the policies that do exist lack basic consumer protections, including seeking consent for data collection, notifying users of changes in terms, and allowing users to delete stored data. "The Trump Administration and the Congress must bring America’s consumer product safety rules into the 21st century,” said Jeff Chester of the Center for Digital Democracy. “In the rush to make money off of kids’ connected digital devices, manufacturers and retailers are failing to ensure these products are truly safe. In today’s connected world that means protecting the privacy and security of the consumer—especially of children. Both the FTC and the Consumer Product Safety Commission must be given the power to regulate the rapidly growing Internet of Things marketplace.” The Caref (branded Gator in Europe) and SeTracker smartwatches are available online through Amazon. The groups have asked the FTC to act quickly to investigate these products, and they advise parents to refrain from buying the products because of the danger they could pose to children. The NCC, which conducted the testing of the watches, advises consumers who have already purchased the watches to stop using them and uninstall the app. “The Federal Trade Commission must be proactive in protecting consumers—especially vulnerable young children—from harmful products that abuse technology for the sake of profit,” said Kristen Strader, Campaign Coordinator for Public Citizen. “Smartwatches and similar devices must be absolutely safe and secure before they are released to the public for sale.” Ed Mierzwinski, Consumer Program Director at U.S. PIRG, said, "Companies making any internet-connected devices, but especially for children, need to ensure that privacy and security are more than breakable — or worse, hackable — promises." Katie McInnis, technology policy counsel for Consumers Union, said, “When a company sells a smartwatch aimed at children, it must ensure the product is safe and secure. The FTC should launch an investigation into the privacy and security concerns surrounding these products to make sure families are safe.” The same trans-Atlantic coalition persuaded government authorities and retailers last December (link is external) that the internet-connected dolls Cayla and i-Que Robot were spying on children and threatening their welfare, and retailers removed the toys from store shelves. The FBI subsequently issued a warning to consumers (link is external) that internet-connected toys could put the privacy and safety of children at risk. --- For more information, please see the following: Letter to FTC by coalition of leading U.S. child advocacy, consumer, and privacy groups (link below) Press Release by US coalition of leading U.S. child advocacy, consumer and privacy groups (link below) #WatchOut Report by Norwegian Consumer Council (link below) Press Release by Norwegian Consumer Council (link below) #WatchOut English - YouTube (http://bit.ly/2ghNoD1 (link is external)) #WatchOut - longer video explainer on security flaws 4:30 mins - YouTube (http://bit.ly/2xLYSVv (link is external))

Washington, DC (March 6, 2017): The Center for Digital Democracy (CDD), Campaign for a Commercial-Free Childhood, Common Sense Kids Action, Consumer Action and the Electronic Privacy Information Center (EPIC) called on the Federal Communications Commission (FCC) to reject industry requests to rescind the FCC’s broadband privacy rules, as this would leave parents effectively without any tools to protect their children’s privacy on broadband Internet Service Provider networks (ISPs). The groups warned that any attempts to modify the privacy rule would significantly weaken the privacy protections for children. The filing to the FCC was drafted by the Institute for Public Representation at Georgetown University Law Center (IPR). In October 2016, the Federal Communications Commission adopted ground-breaking privacy rules protecting the personal information of broadband internet service customers, including children. The FCC rules set limits on what internet service providers may do with the highly sensitive data that they collect in the course of providing internet service. These rules were intended to give consumers and parents the tools they need to make informed decisions about how their information, or the information of their children, is used by their ISP. Most significantly, the rules require ISPs to obtain opt-in approval for use and sharing of sensitive customer personal information for purposes other than providing broadband service. “Sensitive” information includes precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications. In their filing, the advocates oppose petitions filed by ISPs, including Comcast, Verizon and Time Warner, that ask the FCC to reconsider its broadband privacy Order. The advocates explain in their filing with the FCC: Treating children’s information as sensitive and requiring notice and opt-in consent is necessary to protect children and is consistent with the FTC’s practices. This aspect of the rules is necessary, although not sufficient to protect children’s privacy. All web browsing and application usage histories must be treated as sensitive information because children's information is mixed with that of adults. In order to protect children from targeted advertising, all users' browsing and application histories must receive protection as such histories reveal traits, characteristics, likes, and dislikes. Marketers, who are intensely interested in targeting children and adolescents, would have a much greater ability to take unfair advantage of children, without these rules in place. The FCC should retain opt-in requirements for use of all categories of sensitive information, such as for web browsing and application usage histories. Since this data is inextricably intertwined with adult activities, any required additional sorting of this data into sensitive and non-sensitive data would inevitably lead to further erosion of privacy of all ISP users. Most Americans are oblivious to modern day big data practices and to the resulting potential risks to themselves or society at large. When it comes to vulnerable children it must be the obligation of ISPs to make a convincing case to parents that opting into the ISP’s data practices is in the best interest of their children. The following can be attributed to Katharina Kopp, Deputy Director, Center for Digital Democracy: The FCC Privacy Rules protect the fundamental rights of children to enjoy privacy and freedom from age-inappropriate commercial exploitation. Any attempts to weaken these rules is an attempt to leave parents and their children defenseless against powerful corporate interests. Digital food marketing of unhealthy foods to children and teens, for example, has contributed to an obesity epidemic that harms us all. This is unfair, unjust and not in the public interest. We call on the FCC to implement the Privacy Order in its entirety without any delay. The following can be attributed to Josh Golin, Executive Director, Campaign for a Commercial-Free Childhood This is a crucial test for the FCC. Will the Commission insist that parents have a right to protect their children’s privacy online? Or will the FCC aid and abet the ISP’s efforts to build digital marketing profiles of vulnerable children? We call on the Commission to do the right thing and implement the Privacy Order. The following statement can be attributed to Linda Sherry, Director of National Priorities, Consumer Action: Consumer Action opposes efforts to rescind the FCC’s broadband privacy rules, which would jeopardize the privacy of all internet service customers and strip them of the right to assert control over their sensitive information including geo-location, financial, health, etc. We join the Center for Digital Democracy in highlighting the potential harm to children, a highly vulnerable and defenseless population that has gained important new rights under the rule, which specifically recognizes the sensitivity of children’s information. The Center for Digital Democracy is a leading nonprofit organization focused on empowering and protecting the rights of the public in the digital era. The Campaign for a Commercial-Free Childhood support parents’ efforts to raise healthy families by limiting commercial access to children. Consumer Action empowers low- and moderate-income and limited-English-speaking consumers nationwide to prosper through education and advocacy. EPIC is a public interest research center in Washington, DC, established in 1994 to focus public attention on emerging privacy and civil liberties issues and to protect privacy, freedom of expression, and democratic values in the information age.