Press Releases

June 25, 2019 The Honorable Joseph Simons The Honorable Noah Phillips Chairman Commissioner Federal Trade Commission Federal Trade Commission 600 Pennsylvania Avenue, NW 600 Pennsylvania Avenue, NW Washington, DC 20580 Washington, DC 20580 The Honorable Rohit Chopra The Honorable Rebecca Slaughter Commissioner Commissioner Federal Trade Commission Federal Trade Commission 600 Pennsylvania Avenue, NW 600 Pennsylvania Avenue, NW Washington, DC 20580 Washington, DC 20580 The Honorable Christine Wilson Commissioner Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Dear Chairman Simons, Commissioner Phillips, Commissioner Chopra, Commissioner Slaughter, and Commissioner Wilson: The Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD) have been encouraged by recent media reports that the Federal Trade Commission is preparing to take action against Google and YouTube for violating the Children’s Online Privacy Protection Act (COPPA). CCFC and CDD, represented by the Institute for Public Representation at Georgetown Law (IPR), are the organizations responsible for drafting the Request to Investigate Google and YouTube filed with the FTC on April 9, 2018. Previously, IPR filed on behalf of CCFC and CDD Requests to Investigate YouTube’s promotion of unfair and deceptive influencer marketing to children (October 21, 2016) and unfair and deceptive marketing practices on YouTube Kids (April 7, and November 24, 2015). As you are aware, YouTube has profited enormously by hosting channels and videos of nursery rhymes, unboxing videos, popular cartoons, and other content specifically designed for children on the main YouTube platform. But instead of getting the verifiable parental consent required before collecting children’s personal information, Google claims that YouTube is not for children under thirteen, and therefore, no consent is required. This defense is outlandish given that YouTube is the number one online destination for kids. In short, Google has profited by violating the law and the privacy of tens of millions of children. For this reason, the FTC must sanction Google at a scale commensurate with the company’s unprecedented and unparalleled violations of COPPA. As we pointed out in our Request to Investigate, the maximum civil penalties should be imposed because: Google had actual knowledge of both the large number of child-directed channels on YouTube and the large numbers of children using YouTube. Yet, Google collected personal information from nearly 25 million children in the U.S over a period of years, and used this data to engage in very sophisticated digital marketing techniques. Google’s wrongdoing allowed it to profit in two different ways: Google has not only made a vast amount of money by using children’s personal information as part of its ad networks to target advertising, but has also profited from advertising revenues from ads on its YouTube channels that are watched by children. [April 9, 2018 Request to Investigate at 26-27 (footnotes omitted)]. Moreover, any consent order must mandate meaningful changes to YouTube’s business practices. For example, all child-directed content should be placed on a separate platform where targeted advertising, commercial data collection, links to other sites or content, and autoplay are prohibited. Google must also live up to its Terms of Service – which stipulate YouTube is only for persons thirteen and older – by removing all kids’ content from the main YouTube platform. By ensuring such changes, the Commission will do a tremendous service to America’s families seeking to provide a healthy media environment for their children, while sending a clear message to all online and mobile operators that no one is above the law. Google’s disregard of children’s welfare is demonstrated not only by the evidence in our complaints, but by numerous reports of violent, sexual and other inappropriate content available to children on both YouTube Kids and on the main YouTube platform. Moreover, the company refused to turn off recommendations on videos featuring young children in leotards and bathing suits even after researchers demonstrated YouTube’s algorithm was recommending these videos to pedophiles. These ongoing and serious issues require that the FTC take strong action. We believe that Google should repay America’s families by creating a truly safe space for kids and fostering the production of quality non-commercial children’s programming. Attached you will find a list of recommended penalties and conditions to be included in a final consent order. We would be happy to meet with you to discuss our proposed remedies in greater detail. Thank you. Sincerely, Jeffrey Chester Executive Director Center for Digital Democracy Josh Golin Executive Director Campaign for a Commercial-Free Childhood Angela J. Campbell Director Institute for Public Representation Georgetown Law Encl.: Proposed Consent Order Penalties and Conditions Proposed Consent Order Penalties and Conditions The FTC should seek a 20-year consent decree which includes the following forms of relief: Injunctive relief Destroy all data collected from children under 13, in all forms in Google’s possession, including inferences drawn from this data, custody, or control of YouTube and all of Alphabet’s subsidiaries engaged in online data collection or commercial uses (e.g. advertising), including, but not limited to, Google Ads, Google Marketing Platform and their predecessors. Immediately stop collecting data from any user known to be under age 13, and any user that a reasonable person would likely believe to be under age 13, including, but not limited to, persons that are viewing any channel or video primarily directed to children, persons who have been identified for targeted ads based on being under 13 or any proxy for under 13 (e.g., grade in school, interest in toys, etc.), or any other factors. Identify, as of the date of this consent order, as well as on an ongoing basis, any users under age 13, and prohibit them from accessing content on YouTube. Prohibit users under age 13 from accessing content on YouTube Kids unless and until YouTube has provided detailed notice to parents, obtained parental consent, and complied with all of the other requirements of COPPA and this consent order. Remove all channels in the Parenting and Family lineup, as well as any other YouTube channels and videos directed at children, from YouTube. YouTube may make such channels and videos available on a platform specifically intended for children (e.g. YouTube Kids) only after qualified human reviewers have reviewed the content and determined that the programming comply with all of the policies for YouTube’s child-directed platform, which must include, but are not limited to: No data collection for commercial purposes. Any data collected for “internal purposes” must be clearly identified as to what is being collected, for what purpose, and who has access to the data. It may not be sold to any third parties. No links out to other sites or online services. No recommendations or autoplay. No targeted marketing. No product or brand integration, including influencer marketing. Consumer education Require Google to fund independent organizations to undertake educational campaigns to help children and parents understand the true nature of Google’s data-driven digital marketing systems and its potential impacts on children’s wellbeing and privacy. Require Google to publicly admit (in advertising and in other ways) that it has violated the law and warn parents that no one under 13 should use YouTube. Record keeping and monitoring provisions Google must submit to an annual audit by a qualified, independent auditor to ensure that Google is complying with all aspects of the consent decree. The auditor must submit their report to the FTC. The FTC shall provide reports to Congress about the findings. All of the annual audits must be publicly available without redaction on the Commission’s website within 30 days of receipt. Google may not launch any new child-directed service until the new service has been reviewed and approved by an independent panel of experts – including child development and privacy experts – to be appointed by the FTC. Google must retain, and make available to the FTC on request, documentation of its compliance with the consent decree. Civil penalties and other monetary relief Google will pay the maximum possible civil penalties – $42,530 per violation. Whether violations are counted per child or per day, the total amount of the penalty must be sufficiently high to deter Google and YouTube from any further violations of COPPA. Google to establish a $100 million fund to be used to support the production of noncommercial, high-quality, and diverse content for children. Decisions about who receives this money must be insulated from influence by Google. In addition, we ask the FTC to consider using its authority under Section 13(b) of the FTC Act to require Google and YouTube to disgorge ill-gotten gains, and to impose separate civil penalties on the management personnel at Google and YouTube who knowingly allowed these COPPA violations to occur.

Contact: Josh Golin, CCFC: josh@commercialfreechildhood.org (link sends e-mail); (617) 896-9369 Jeff Chester, CDD: jeff@democraticmedia.org (link sends e-mail); (202) 494-7100 Advocates Demand FTC Investigation of Echo Dot Kids Edition Amazon violates COPPA in many ways, including keeping data that parents believe they deleted BOSTON, MA — May 9, 2019 — Today, a coalition of 19 consumer and public health advocates led by the Campaign for a Commercial-Free Childhood (CCFC) and the Center for Digital Democracy (CDD) called on the Federal Trade Commission (FTC) (link is external) to investigate and sanction Amazon for infringing on children’s privacy through its Amazon Echo Dot Kids Edition. An investigation by CCFC and the Institute for Public Representation (IPR) at Georgetown Law revealed that Echo Dot Kids, a candy-colored version of Amazon’s home assistant with Alexa voice technology, violates the Children’s Online Privacy Protection Act (COPPA) in many ways. Amazon collects sensitive personal information from kids, including their voice recordings and data gleaned from kids’ viewing, reading, listening, and purchasing habits, and retains it indefinitely. Most shockingly, Amazon retains children’s data even after parents believe they have deleted it. CCFC and IPR have produced a video (link is external) demonstrating how Amazon ignores the request to delete or “forget” a child’s information it has remembered. The advocates’ FTC complaint also say Amazon offers parents a maze of multiple privacy policies, which violate COPPA because they are confusing, misleading and even contradictory. “Amazon markets Echo Dot Kids as a device to educate and entertain kids, but the real purpose is to amass a treasure trove of sensitive data that it refuses to relinquish even when directed to by parents,” said Josh Golin, CCFC’s Executive Director. “COPPA makes clear that parents are the ones with the final say about what happens to their children’s data, not Jeff Bezos. The FTC must hold Amazon accountable for blatantly violating children’s privacy law and putting kids at risk.” Amazon Echo Dot Kids Edition comes with a one-year subscription to FreeTime Unlimited, which connects children with entertainment like movies, music, audiobooks, and video games. The always-on listening device is often placed in the child’s bedroom, and kids are encouraged to interact with it as if Alexa was a close friend. Kids can download “skills,” similar to apps, to add functionality. In clear violation of COPPA, Amazon disavows responsibility for the data collection practices of Alexa skills for kids and tells parents to check the skill developers’ privacy policies. To make matters worse, 85% of skills for kids have no privacy policy posted. Amazon does not verify that the person consenting to data collection is an adult, let alone the child’s parent. The advocates also say the Echo Dot has a “playdate problem”: a child whose parents have not consented will have their conversations recorded and sensitive information retained when visiting a friend who owns the device. “We spent months analyzing the Echo Dot Kids and the device’s myriad privacy policies and we still don’t have a clear picture of what data is collected by Amazon and who has access to it,” said Angela Campbell, a CCFC Board Member and Director of IPR’s Communications and Technology Clinic at Georgetown Law, which researched and drafted the complaint. “If privacy experts can’t make heads or tails of Amazon’s privacy policy labyrinth, how can a parent meaningfully consent to the collection of their children’s data?” “By providing misleading tools that don’t actually allow parents to delete their children’s data, Amazon has made a farce of parents’ difficult task of protecting their children’s privacy,” said Lindsey Barrett, Staff Attorney and Teaching Fellow at IPR. “COPPA requires companies to allow parents to delete their children’s personal information, and Amazon is breaking the law— not to mention breaking parents’ trust.” “It’s shameful that Amazon is ensnaring children and their valuable data in its race to market dominance,” said Jeff Chester of CDD. "COPPA was enacted to empower parents to have control over their children’s data, but at every turn Echo Dot Kids thwarts parents who want to limit what Amazon knows about their child. The FTC must hold Amazon accountable to make clear that voice-activated, always-on devices must respect children’s privacy." Organizations which signed today’s complaint were the Campaign for a Commercial-Free Childhood, Center for Digital Democracy, Berkeley Media Studies Group, Color of Change, Consumer Action, Consumer Federation of America, Defending the Early Years, Electronic Privacy Information Center, New Dream, Open MIC (Open Media and Information Companies Initiative), Parents Across America, Parent Coalition for Student Privacy, Parents Television Council, Peace Educators Allied for Children Everywhere (P.E.A.C.E.), Public Citizen, Raffi Foundation for Child Honouring, Story of Stuff, TRUCE (Teachers Resisting Unhealthy Childhood Entertainment), and U.S. PIRG. In May 2018, CCFC and CDD issued a warning (link is external), supported by experts like Drs. Sherry Turkle, Jenny Radesky, and Dipesh Navsaria, that parents should steer clear of Echo Dot Kids. The advocates cautioned that Echo Dot endangers children’s privacy, and by encouraging young children to spend more time with and form “faux relationships” with digital devices, it threatens their healthy development. Added Josh Golin: “Echo Dot Kids interferes with children’s healthy development and relationships and threatens their privacy. Parents should resist Amazon’s efforts to indoctrinate children into a culture of surveillance, and say ‘no’ to Echo Dot Kids.” The investigation by CCFC and IPR was made possible by a generous grant from the Rose Foundation for Communities and the Environment (link is external).

For Immediate Release: Feb. 26, 2019 Contact: Mike Stankiewicz, mstankiewicz@citizen.org (link sends e-mail), (202) 588-7779 Jeff Chester jeff@democraticmedia.org (link sends e-mail) (202) 494-7100 MEDIA ADVISORY Press Briefing: Senators, Coalition Call for Sweeping National Digital Privacy Legislation Experts to Demand Federal Action to Combat Growing digital-consumer and Civil Rights Threats WHAT: Staff briefing, open to the press and sponsored by U.S. Sens. Ed Markey (D-Mass.) Tom Udall (D-N.M.), at which consumer protection and civil rights advocates will explain the urgent need for sweeping federal digital privacy legislation with a new approach. It includes baseline legislation that doesn’t pre-empt state privacy laws, the creation of a new federal data protection agency and safeguards against data practices that lead to unjust, unfair, manipulative or discriminatory, outcomes. The briefing comes as Americans increasingly demand protection of their digital privacy in light of unethical privacy sharing and harvesting by tech giants. Without any constraints, Big Tech companies and their partners are collecting sensitive information on American citizens, ranging from financial and health information to data that tracks our Internet activity across all our devices, our location throughout the day and much more. Both the federal government and the states must be empowered to protect the public from this ever-growing online threat to their privacy, welfare and civil rights. Members of the Privacy and Digital Rights for All coalition, which has announced a Framework for Comprehensive Privacy Protection And Digital Rights (link is external) in the U.S. also will speak about the need for enduring privacy innovation and limiting government access to personal data. WHEN: 2 p.m. EST, Mon., March 4 WHO: Ed Mierzwinski, consumer program director, U.S. PIRG Jeffrey Chester, executive director, Center for Digital Democracy Brandi Collins-Dexter, senior campaign director, Color of Change Josh Golin, executive director, Campaign for a Commercial-Free Childhood Burcu Kilic, research director, Public Citizen’s Access to Medicines program Christine Bannan, administrative law and policy fellow, Electronic Privacy Information Center (EPIC) WHERE: Hart Senate Office Building Room 216 120 Constitution Ave NE Washington, DC 20002 ###

Curbing Companies’ Bad Behavior Will Require Stronger Data Privacy Laws and a New Federal Data Privacy Agency Federal Privacy Laws Are Antiquated and Need Updating; New Data Privacy Legislation Must Include Civil Rights Protections and Enhanced Punishments for Violations Jan. 17, 2019 Contact: Don Owens, dowens@citizen.org (link sends e-mail), (202) 588-7767 Jeffrey Chester, jeff@democraticmedia.org (link sends e-mail), (202) 494-7100 WASHINGTON, D.C. – U.S. data privacy laws must be overhauled without pre-empting state laws and a new data privacy agency should be created to confront 21st century threats and address emerging concerns for digital customers, consumer and privacy organizations said today as they released a framework (link is external) for comprehensive privacy protection and digital rights for members of Congress. “Big Tech is coming to Washington looking for a deal that affords inadequate protections for privacy and other consumer rights but pre-empts states from defending their citizens against the tech companies’ surveillance and misuse of data,” said Robert Weissman, president of Public Citizen. “But here’s the bad news for the tech giants: That deal isn’t going to fly. Instead, the American people are demanding – and intend to win – meaningful federal restraints on tech company abuses of power that also ensure the right of states to craft their own consumer protections.” From the Equifax data breach to foreign election interference and targeted digital ads based on race, health and income, it’s clear that U.S. consumers face a crisis of confidence born from federal data privacy laws that are decades out of date and a lack of basic protections afforded them by digital conglomerates. These corporations, many of which dominate online spaces, are far more interested in monetizing every key stroke or click than protecting consumers from data breaches. For that reason, federal and state authorities must act, the groups maintain. The groups will push for federal legislation based on a familiar privacy framework, such as the original U.S. Code of Fair Information Practices and the widely followed Organization for Economic Cooperation and Development Privacy Guidelines. These frameworks should require companies that collect personal data and rights for individuals to: Establish limits on the collection, use and disclosure of sensitive personal data; Establish enhanced limits on the collection, use and disclosure of data of children and teens; Regulate consumer scoring and other business practices that diminish people’s physical health, education, financial and work prospects; and Prohibit or prevent manipulative marketing practices. The groups are calling for federal baseline legislation and oppose the pre-emption of state digital privacy laws. States have long acted as the “laboratories of democracy” and must continue to have the power to enact appropriate protections for their citizens as technology develops, the groups say. “Black communities should not have to choose between accessing the Internet and the right to control our data,” said Brandi Collins-Dexter, senior campaign director at Color Of Change. “We need privacy legislation that holds powerful corporations accountable for their impacts. Burdening our communities with the need to discern how complex terms of service and algorithms could harm us will only serve to reinforce discriminatory corporate practices. The privacy protection and digital rights principles released today create an important baseline for proactive data protections for our communities.” “For years now, Big Tech has used our sensitive information as a cash cow,” said Josh Golin, executive director of Campaign for a Commercial-Free Childhood. “Each innovation – whether it’s talking home assistants, new social media tools or software for schools – is designed to spy on families and children. We desperately need both 21st century legislation and a new federal agency with broad enforcement powers to ensure that children have a chance to grow up without their every move, keystroke, swipe and utterance tracked and monetized.” The United States is woefully behind other nations worldwide in providing these modern data protections for its consumers, instead relying solely on the Federal Trade Commission (FTC) to safeguard consumers and promote competition. But corporations understand that the FTC lacks rulemaking authority and that the agency often fails to enforce rules it has established. “The FTC has failed to act,” said Caitriona Fitzgerald, policy director at the Electronic Privacy Information Center. “The U.S. needs a dedicated data protection agency.” Alternately, many democratic nations like Canada, Mexico, the U.K., Ireland and Japan already have dedicated data protection agencies with independent authority and enforcement capabilities. Groups that have signed on to the framework include Berkeley Media Studies Group, Campaign for a Commercial-Free Childhood, Center for Digital Democracy, Center for Media Justice, Color of Change, Consumer Action, Consumer Federation of America, Defending Rights & Dissent, Electronic Privacy Information Center, Media Alliance, Parent Coalition for Student Privacy, Privacy Rights Clearinghouse, Privacy Times, Public Citizen, Stop Online Violence Against Women and U.S. PIRG. Read the groups’ proposal below. ###

34 Civil Rights, Consumer, and Privacy Organizations Unite to Release Principles for Privacy Legislation Contact: Katharina Kopp (kkopp@democraticmedia.org (link sends e-mail)); 202-836 4621 Washington, DC ----- Today, 34 civil rights, consumer, and privacy organizations join in releasing public interest principles for privacy legislation (link is external), because the public needs and deserves strong and comprehensive federal legislation to protect their privacy and afford meaningful redress. Irresponsible data practices lead to a broad range of harms, including discrimination in employment, housing, healthcare, and advertising. They also lead to data breaches and loss of individuals’ control over personal information. Existing enforcement mechanisms fail to hold data processors accountable and provide little-to-no relief for privacy violations. The privacy principles outline four concepts that any meaningful data protection legislation should incorporate at a minimum: Privacy protections must be strong, meaningful, and comprehensive. Data practices must protect civil rights, prevent unlawful discrimination, and advance equal opportunity. Governments at all levels should play a role in protecting and enforcing privacy rights. Legislation should provide redress for privacy violations. These public interest privacy principles include a framework providing guidelines for policymakers considering how to protect the privacy of all Americans effectively while also offering meaningful redress. They follow three days of Federal Trade Commission hearings (link is external) about big data, competition, and privacy as well as the comment deadline on “Developing the Administration’s Approach to Privacy (link is external),” a request for comment from the National Telecommunications and Information Administration as the agency works to develop privacy policy recommendations for the Trump Administration, and ongoing work (link is external) at the National Institute for Standards and Technology to develop a privacy risk framework. The groups urge members of Congress to pass privacy legislation that ensures fairness, prevents discrimination, advances equal opportunity, protects free expression, and facilitates trust between the public and companies that collect their personal data. New America’s Open Technology Institute, Public Knowledge, Access Humboldt, Access Now, Berkeley Media Studies Group, Campaign for a Commercial-Free Childhood, Center for Democracy & Technology, Center for Digital Democracy, Center for Media Justice, Center on Privacy & Technology at Georgetown Law, Color of Change, Common Cause, Common Sense Kids Action, Consumer Action, Consumer Federation of America, Consumers Union, Customer Commons, Demand Progress, Free Press Action Fund, Human Rights Watch, Lawyers’ Committee for Civil Rights Under Law, Media Alliance, Media Mobilizing Project, National Association of Consumer Advocates, National Consumer Law Center, National Consumers League, National Digital Inclusion Alliance, National Hispanic Media Coalition, Oakland Privacy, Open MIC (Open Media and Information Companies Initiative), Privacy Rights Clearinghouse, Public Citizen, U.S. PIRG, and United Church of Christ, OC Inc. signed the principles. Additional local and national privacy advocates are encouraged to sign on. The following can be attributed to Eric Null, Senior Policy Counsel at New America’s Open Technology Institute: “For decades, privacy regulation has favored the company over the user -- companies set their own rules and users are left to fend for themselves. Worse, companies have even discriminated based on protected classes through algorithmic decision-making. Comprehensive privacy legislation must disrupt this status quo. Legislation that follows the public interest privacy principles will better protect users and give users more control over their data.” The following can be attributed to Allie Bohm, Policy Counsel at Public Knowledge: “It is imperative that any comprehensive privacy legislation reflect the concerns, interests, and priorities of actual human beings. Today, consumer protection, privacy, and civil rights groups come together to articulate those interests, priorities, and concerns. Importantly, these principles address the many harms people can experience from privacy violations and misuse of personal data, including enabling unfair price discrimination; limiting awareness of opportunities; and contributing to employment, housing, health care, and other forms of discrimination.” The following can be attributed to Amie Stepanovich, U.S. Policy Manager at Access Now: “From Europe to India to Brazil, data privacy legislation is becoming the norm around the world, and people in the United States are getting left behind. It is long past time that our legislators acted to protect people across the country from opaque data practices that can result in its misuse and abuse, and any acceptable package must start with these principles.” The following can be attributed to Josh Golin, Executive Director at Campaign for a Commercial-Free Childhood: “What big tech offers for ‘free’ actually comes at a high cost -- our privacy. Worst of all is how vulnerable kids are tracked online and then targeted with manipulative marketing. This has to stop. We need laws that will empower parents to protect their children’s privacy.” The following can be attributed to Joseph Jerome, Policy Counsel at Center for Democracy & Technology: “Debates about national privacy laws focus on how companies should implement Fair Information Practices. The operative word is ‘fair.’ When it comes to how companies collect, use, and share our data, too many business practices are simply unfair. Federal law must go beyond giving consumers more notices and choices about their privacy, and we think it is time for legislators in Congress to flip the privacy presumption and declare some data practices unfair.” The following can be attributed to Katharina Kopp, Director of Policy at Center for Digital Democracy: “To this day, U.S. citizens have had to live without effective privacy safeguards. Commercial data practices have grown ever more intrusive, ubiquitous and harmful. It is high time to provide Americans with effective safeguards against commercial surveillance. Any legislation must not only effectively protect individual privacy, it must advance equitable, just and fair data uses, and must protect the most vulnerable among us, including children. In other words, they must bring about real changes in corporate practices. We have waited long enough; the time is now.” The following can be attributed to Laura Moy, Executive Director at Center on Privacy & Technology at Georgetown Law: “Americans want their data to be respected, protected, and used in ways that are consistent with their expectations. Any new legislation governing commercial data practices must advance these goals, and also protect us from data-driven activities that are harmful to society. We need privacy to protect us from uses of data that exclude communities from important opportunities, enable faceless brokers to secretly build ever-more-detailed profiles of us, and amplify political polarization and hate speech.” The following can be attributed to Yosef Getachew, Director of Media and Democracy Program at Common Cause: “An overwhelming majority of Americans believe they have lost control over how their personal information is collected and used across the internet ecosystem. Numerous data breaches and abuses in data sharing practices, which have jeopardized the personal information of millions of Americans, have validated these fears. Our current privacy framework no longer works, and the lack of meaningful privacy protections poses a serious threat to our democracy. Companies can easily manipulate data to politically influence voters or engage in discriminatory practices. These principles should serve as a baseline for any comprehensive privacy legislation that guarantees all Americans control over their data.” The following can be attributed to James P. Steyer, CEO and Founder, at Common Sense: “Any federal legislation should provide for strong baseline protections, particularly for the most surveilled and vulnerable generation ever -- our kids. These principles reflect that as privacy, consumer, and civil rights advocates, we only want federal legislation that will move the ball forward in terms of protecting kids, families, and all of us.” The following can be attributed to Linda Sherry, director of national priorities at Consumer Action: “Our country has floundered far too long without strong federal regulations governing data collection, retention, use and sharing. These privacy principles, developed by a coalition of leading consumer, civil rights and privacy organizations, are offered as a framework to guide Congress in protecting consumers from the many harms that can befall them when they are given little or no choice in safeguarding their data, and companies have few, if any, restrictions on how they use that information.” The following can be attributed to Susan Grant, Director of Consumer Protection and Privacy at Consumer Federation of America: “We need to move forward on data protection in the United States, from a default that allows companies to do what they want with Americans’ personal information as long as they don’t lie about it, to one in which their business practices are aligned with respect for privacy rights and the responsibility to keep people’s data secure.” The following can be attributed to Katie McInnis, Policy Counsel for Consumers Union, the advocacy division of Consumer Reports: “As new data breaches are announced at an alarming rate, now is the time to protect consumers with strong privacy laws. We need laws that do more than just address broad transparency and access rights. Consumers deserve practical controls and robust enforcement to ensure all of their personal information is sufficiently protected.” The following can be attributed to Gaurav Laroia, Policy Counsel at Free Press Action Fund: “The public has lost faith in technology companies' interest and ability to police their own privacy and data usage practices. It’s past time for Congress to pass a strong law that empowers people to make meaningful choices about their data, protects them from discrimination and undue manipulation, and holds companies accountable for those practices.” The following can be attributed to David Brody, Counsel & Senior Fellow for Privacy and Technology at the Lawyers’ Committee for Civil Rights Under Law: “Protecting the right to privacy is essential to protecting civil rights and advancing racial equity in a modern, Internet-focused society. Privacy rights are civil rights. Invasive profiling of online activity enables discrimination in employment, housing, credit, and education; helps bad actors target voter suppression and misinformation; assists biased law enforcement surveillance; chills the free association of advocates; and creates connections between hateful extremists exacerbating racial tensions.” The following can be attributed to Tracy Rosenberg, Executive Director at Media Alliance: “After a flood of data breaches and privacy violations, Americans overwhelmingly support meaningful protections for their personal information that are not written by, for and in the interests of the data collection industry. These principles start to define what that looks like.” The following can be attributed to Francella Ochillo, Vice President of Policy & General Counsel at National Hispanic Media Coalition: “For years, tech platforms have been allowed to monetize personal data without oversight or consequence, losing sight of the fact that personal data belongs to the user. Meanwhile, Latinos and other marginalized communities continue to be exposed to the greatest risk of harm and have the fewest opportunities for redress. The National Hispanic Media Coalition joins the chorus of advocates calling for a comprehensive regulatory framework that protects a user’s right to privacy and access as well as the right to be forgotten.” The following can be attributed to JP Massar, Organizer at Oakland Privacy: “We must not only watch the watchers, and regulate the sellers of our information. We must begin to unravel the information panopticon that has already formed. This is a start.” The following can be attributed to Robert Weissman, President at Public Citizen: “Internet privacy means control. Either we get to control our own lives as lived through the Internet, or the Big Tech companies do. That's what is at stake in whether the U.S. adopts real privacy protections.” The following can be attributed to Ed Mierzwinski, Senior Director for Consumer Programs at U.S. PIRG: “The big banks and the big tech companies all say that they want a federal privacy law, but the law that their phalanx of lobbyists seeks isn’t designed to protect consumers. Instead, it’s designed to protect their business models that treat consumers as commodities for sale; it fails to guarantee that their secret sauce big data algorithms don’t discriminate; it eliminates stronger and innovative state laws forever and it denies consumers any real, enforceable rights when harmed. We can’t allow that.” You may view the privacy principles (link is external) for more information.

A coalition of 22 consumer and public health advocacy groups called on the Federal Trade Commission (“FTC”) to investigate the preschool app market. The advocates’ letter urges the FTC to hold app makers accountable for unfair and deceptive practices, including falsely marketing apps that require in-app purchases as “free” and manipulating children to watch ads and make purchases. The complaint was filed in conjunction with a major new study that details a host of concerning practices in apps targeted to young children. The study (link is external) (paywall), “Advertising in Young Children’s Apps,” was led by researchers at University of Michigan C.S. Mott Children’s Hospital, and examined the type and content of advertising in 135 children’s apps.

Media Advisory – Save the Date FOR IMMEDIATE RELEASE October 3, 2018 Contact: Jeff Chester jeff@democraticmedia.org (link sends e-mail) COPPA--Protecting Children’s Privacy Online for 20 Years Sen. Ed Markey, Advocates and Experts Celebrate COPPA as they focus on future challenges posed by the digital marketplace October 17th, Capitol Hill, Open to Public Washington, D.C. To mark the 20th anniversary of the 1998 Children’s Online Privacy Protection Act (COPPA), Senator Edward J. Markey (DMA) —its principal congressional sponsor—will be joined by key representatives from the consumer, child advocacy, and privacy groups involved in implementing the law, at a public forum on Wednesday, October 17 from 12:30-3:30 pm in Room 385 of the Senate Russell Office Building (SR-385). Senator Markey will deliver a keynote speech followed by two panels featuring representatives from Electronic Privacy Information Center, Campaign for Commercial Free Childhood, Common Sense Media, Center for Digital Democracy, Color of Change, and Institute for Public Representation (Georgetown University Law Center), among others. Prof. Kathryn C. Montgomery, who spearheaded the public campaign that led to COPPA, will moderate. “COPPA is the nation’s constitution for children’s communication. For 20 years it has shielded our nation’s children from invasive practices and encroaching actors on the internet,” Sen. Markey noted. “It puts children and families in control and holds violators accountable when they compromise kids’ privacy. As we celebrate the 20th anniversary of COPPA, we must look to the future.” In addition to discussing COPPA’s impact, speakers will explore the expanding interactive and data-driven world young people face today, which is being transformed by a host of powerful technologies, such as artificial intelligence, virtual reality, and internet-connected toys. “In 2018, children grow up in an increasingly connected and digital world with ever-emerging threats to their sensitive personal information,” explained Sen. Markey. “Two decades after the passage of this bedrock law, it is time to redouble our efforts and safeguard the precious privacy of our youngest Americans.” The event is free and open to the public, but seating is limited. Lunch will be served. Please RSVP to jeff@democraticmedia.org (link sends e-mail).

October 1, 2018 Chairman John Thune Ranking Member Bill Nelson Senate Commerce Committee Washington, DC Dear Chairman Thune and Ranking Member Nelson, We appreciate your interest in consumer privacy and the hearing you convened recently to explore this topic. Still, our concerns remain that the hearing, with only industry representatives, was unnecessarily biased. Many of the problems consumers face, as well as the solutions we would propose, were simply never mentioned. There is little point in asking industry groups how they would like to be regulated. None of the proposals endorsed by the witnesses yesterday would have any substantial impact on the data collection practices of their firms. Such regulation will simply fortify business interests to the detriment of online users. And the absence of consumer advocates at the first hearing was also missed opportunity for a direct exchange about points made by the industry witnesses. We understand that you are planning to hold a second hearing in early October. In keeping with the structure of the first hearing, we ask that you invite six consumer privacy experts to testify before the Committee. We would also suggest that you organize an additional panel with other experts and enforcement officials, including Dr. Jelenik, the Chair of the European Data Protection Board, as well as State Attorneys General, who are now on the front lines of consumer protection in the United States. Thank you for your consideration of our views. We look forward to working with you. Sincerely, Access Humboldt Access Now Campaign for a Commercial-Free Childhood Center for Digital Democracy Common Sense Consumer Action Consumer Federation of America Customer Commons Digital Privacy Alliance Electronic Frontier Foundation EPIC Media Alliance National Association of Consumer Advocates New America's Open Technology Institute New York Public Interest Research Group (NYPIRG) Privacy Rights Clearing House U.S. Public Interest Research Group (U.S. PIRG) World Privacy Forum

September 25, 2018 Contact: Jeff Chester-202-494-7100 David Monahan 617-896-9397 For Immediate Release Child Advocacy and Consumer Groups Tell FCC to Keep Key TV Safeguards for Children Overturning Children’s TV Act rules will harm kids and be a huge giveaway of public airwaves to broadcast and cable companies Three leading nonprofit groups working to advance the interests of children in the digital era told the Federal Communications Commission (FCC) that its plan to dismantle long-standing safeguards designed to ensure all children have access to quality TV programing will harm American kids. The proposal to jettison guidelines which require broadcast TV stations air a minimum of three hours a week of educational programming on their primary channel and additional programming on multicast channels would significantly reduce the availability of higher quality shows, they explained in a filing (link is external) today. “The FCC seeks to strip away one of the only federal rules that helps both children and parents,” explained Jeff Chester, executive director of the Center for Digital Democracy. Chester helped lead the campaign back in the 1990’s that led to the current CTA rules. “It is also one of the only concrete public-interest requirements that Congress mandated in exchange for free use of the public airwaves, which allow television stations to earn vast revenues from both advertising and fees paid by cable companies. Just as the GOP FCC majority did when it killed network neutrality, the commission only seems interested in protecting the interests of the big broadcast and cable companies,” Chester said. “The Commission’s proposal would effectively eliminate children’s programming on broadcast television, where at least there are some limits on commercialism,” said Campaign for a Commercial-Free Childhood executive director Josh Golin. "Internet and mobile platforms for children are rife with many types of unfair and deceptive marketing that aren’t allow on kids’ TV. Rather than facilitating a race to the bottom, the FCC should work with lawmakers and the FTC to develop cross-platform rules to ensure all children access to quality, commercial-free media regardless of the platforms and devices their families own.” Without citing any evidence about the quality, cost and availability of children’s educational programs delivered by other means, the FCC claims that because children can watch children’s educational programs on cable, YouTube, Netflix, Amazon and Hulu, commercial television stations should not be required to air children’s educational programming. But in comments drafted by the Georgetown Law Communications and Technology Clinic, the advocates note, “To use non-broadcast services, households must have access to cable or broadband service, and be able to afford subscription fees and equipment. Children who live in rural areas, or whose families are low-income, and cannot access or afford alternative program options, will be hurt the most” if the FCC proposal is adopted. The three groups—Center for Digital Democracy, Campaign for a Commercial-Free Childhood, and the Benton Foundation—pledged to educate the public, including parents, educators and concerned citizens, so they can raise concerns with the FCC and other policy makers. --30--

In an open letter to Facebook's CEO Mark Zuckkerberg, members of the Transatlantic Consumer Dialogue urge the company "to confirm your company’s commitment to global compliance with the GDPR".

WASHINGTON, DC—April 9, 2018—Today, a coalition of leading U.S. child advocacy, consumer, and privacy groups represented by the Institute for Public Representation filed a complaint (link is external) urging the Federal Trade Commission (FTC) to investigate and sanction Google for violations of the Children’s Online Privacy Protection Act (COPPA) in operating YouTube. Google claims that YouTube is only for users 13 and up, despite being the most popular online platform for children, used by 80% of American children ages 6 to 12. The site features many programs designed and promoted for children and Google generates significant profits from kid-targeted advertising. The complaint says the FTC should subject Google to penalties, which could total in the billions of dollars. The Center for Digital Democracy (CDD), Campaign for a Commercial-Free Childhood (CCFC), and 21 other organizations demonstrated in their filing that Google, which owns YouTube, makes substantial profits collecting many types of personal information on kids on YouTube, including geolocation, unique device identifiers, mobile telephone numbers, and persistent identifiers used to recognize a user over time and across different websites or online services. Google collects this information without first providing direct notice to parents and obtaining their consent, and Google uses it to target advertisements to kids across the internet, including across devices. COPPA bars the operator of a website directed to children, or that has knowledge of children using it, from collecting and using such information without obtaining parental consent. CCFC’s Executive Director Josh Golin said, “For years, Google has abdicated its responsibility to kids and families by disingenuously claiming YouTube—a site rife with popular cartoons, nursery rhymes, and toy ads—is not for children under thirteen. Google profits immensely by delivering ads to kids and must comply with COPPA. It’s time for the FTC to hold Google accountable for its illegal data collection and advertising practices.” Child directed channels such as ChuChuTV Nursery Rhymes & Kids Songs (15.9 million subscribers and over 10 billion channel views) and LittleBabyBum (14.6 million subscribers and over 14 billion channel views) are among the most popular channels on YouTube. Major advertisers pay Google a premium to place their ads in a platform known as “Google Preferred,” which includes a “Parenting and Family” lineup comprised mostly of popular channels targeted to children. “Google has acted duplicitously by falsely claiming in its terms of service that YouTube is only for those who are age 13 or older, while it deliberately lured young people into an ad-filled digital playground,” said Jeff Chester of the Center for Digital Democracy. “Just like Facebook, Google has focused its huge resources on generating profits instead of protecting privacy.” Angela J. Campbell, counsel for CCFC and CDD, said: “Given the large number of children affected and the extent of YouTube’s COPPA violations, the FTC needs to impose large civil penalties to show it is serious about protecting children’s privacy online.” James P. Steyer, CEO of Common Sense, said: "Kids have been watching videos on YouTube for years, something the company has known, and profited off of, by targeting content and ads at children under 13. It is time for Google to be completely transparent with all the facts and institute fundamentally responsible new policies moving forward to protect the privacy of kids. We fully expect Google to work closely with advocates and reach out to parents with information about parental controls, content, and collection practices on YouTube so parents can make informed choices about what content they allow their kids to access and how to protect their privacy.” Katie McInnis, policy counsel for Consumers Union, said: “YouTube knows children are watching content on their site, and has created content channels specifically aimed at them, but does not appear to obtain the required parental consent before collecting information about them. Google has the responsibility to be COPPA-compliant and ensure that children can safely watch the programs designed and promoted for kids. These practices present serious concerns that warrant the FTC’s attention.” Groups signing on to the complaint to the FTC along with CDD and CCFC are: Berkeley Media Studies Group; Center for Media Justice; Common Sense; Consumer Action; Consumer Federation of America; Consumer Federation of California; Consumers Union, the advocacy division of Consumer Reports; Consumer Watchdog; Corporate Accountability; Defending the Early Years; Electronic Privacy Information Center (“EPIC”); New Dream; Obligation, Inc.; Parent Coalition for Student Privacy; Parents Across America; Parents Television Council; Privacy Rights Clearinghouse; Public Citizen; The Story of Stuff Project; TRUCE (Teachers Resisting Unhealthy Childhood Entertainment); and USPIRG. The complaint was drafted by the Communications & Technology Law Clinic in the Institute for Public Representation at Georgetown University Law Center. ###

Broadcasters want to kill one of their only few public interest obligations: to air at least 3 hours of educational children’s programming a week. The FCC is engaged in another outrageous form of digital highway robbery—to steal from kids in order to allow TV giants to make even more profits from shows filled with commercials. Broadcasters now earn billions of dollars from their free public license to transit television—including getting access to invaluable cable TV channels. They are supposed to serve as a “Trustee” of the airwaves—not video programming bandits. Without their 3 hour kidvid requirement, broadcasters will able to reap the financial rewards without any real payback to the public. Millions of kids in the U.S. live in homes that can’t afford cable or broadband. Kidvid programming plays an important role providing access to some quality content for these children. The Pai FCC—as it’s done by killing network neutrality—is engaged in a slash and burn campaign when it comes to much needed public interest consumer protections for media. We will vigorously fight this cynical and harmful move by the FCC to place the interests of the TV lobby ahead of America’s children. CDD helped lobby in the 3-hour rule in the 1990s and plans to work with allies, such as Sen Ed Markey, to protect the interests of parents and children.

The phone and cable lobby will use its new power over the Internet to further erode the privacy rights of Americans. Comcast, AT&T, and Verizon will be entirely free to tap into the data flowing from our mobile devices, PCs, gaming and streaming platforms and set-top boxes. These ISP giants have already built up a formidable (link is external) commercial data gathering and Big Data analytics infrastructure. Now they will expand their gathering of our personal information, inc. financial, health, media use, and also force competitors to share the data they collect. If you want ISPs to give you preferential treatment, content providers will be forced to give up your data, so phone and cable can further expand their ad revenues. Independent and small content companies—including non-commercial and diversely-owned services—will be pressed to consent to terms that favor the digital gatekeepers that control our broadband highway. The FCC’s Net Neutrality decision will trigger a powerful wave of consolidation and deal making that further reduces the range of content and services we should expect in the 21st Century (including for children). We also believe that Google, Facebook and other providers will likely make their peace with the big ISPs, creating a powerful alliance that controls the U.S.’s digital destiny. CDD will be a part of the collaborative work to address this. We urge everyone to also “follow the data” as they examine the digital marketing plans of Verizon, Comcast and AT&T (link is external). There they will find plenty of opportunity to educate the public about our digital future has been placed at great risk.

Statement of Kathryn C Montgomery, Ph.D. Professor, School of Communication, American University Senior Consultant, Center for Digital Democracy December 4, 2017 In its first formal move to enter the children’s digital marketplace, Facebook has taken a responsible approach to this sensitive age group. It has created a “walled garden” messenger service designed exclusively for younger children; established strong parental controls; kept the service free of advertising; and restricted the use of many data collection and targeting practices that are employed routinely in its other services. The Children’s Online Privacy Protection Act (COPPA) – which we helped pass in 1998, and which was updated in 2012 – has established a strong framework for protecting children 12 and under from unfair data collection and targeting. However, additional safeguards are necessary to protect young people from powerful new forms of commercial surveillance in the Big Data and Internet-of-things era. By designing an ad-free and safe environment for children, Facebook is playing a leadership role in developing responsible corporate practices that could be the basis for industry-wide guidelines. But it is too early to understand fully how young people’s engagement with this new generation of digital interactive platforms will impact their psychosocial development. All stakeholders—including health professionals, educators, scholars, advocates, policymakers, and corporations — will need to monitor very closely how these services evolve. ---