Newsroom
Program Areas
-
Press Statement Google YouTube FTC COPPA Settlement Statement of Katharina Kopp, Ph.D. Deputy Director Center for Digital Democracy August 30, 2019 It has been reported that Google has agreed to pay between $150 million and $200 million to resolve an FTC investigation into YouTube over alleged violations of a children's privacy law. A settlement amount of $150-200 million would be woefully low, considering the egregious nature of the violation, how much Google profited from violating the law, and given Google’s size and revenue. Google’s unprecedented violation requires an unprecedented FTC response. A small amount like this would effectively reward Google for engaging in massive and illegal data collection without any regard to children’s safety. In addition to assessing substantial civil penalties, the FTC must enjoin Google from committing further violations of COPPA and impose effective means for monitoring compliance; the FTC must impose a 20-year consent decree to ensure Alphabet Inc. acts responsibly when it comes to serving children and parents. ------ In April, 2018, the Center for Digital Democracy (CDD) and the Campaign for Commercial-Free Childhood (CCFC), through their attorneys at Georgetown Law’s Institute for Public Representation (IPR), filed an FTC complaint (link is external) detailing YouTube’s COPPA violations. Twenty-one other privacy and consumer groups signed on to CCFC and CDD’s complaint, which detailed how Google profits by collecting personal information from kids on YouTube, without first providing direct notice to parents and obtaining their consent as required by law. Google uses this information to target advertisements to children across the internet and across devices, in clear violation of COPPA.
-
Blog
CDD Memo to FTC on Facebook Consent Decree Violations--2013
FTC has long ignored how market operates-it still does in 2019
-
News
Groups Join Legal Battle to Fight Ineffective FTC Privacy Decision on Facebook
Statements from Campaign for Commercial-Free Childhood, CDD, Color of Change, Common Sense Media, Consumer Action, Consumer Federation of America, Open Markets, Public Citizen, USPIRG
FOR RELEASE July 26, 2019 Consumer Privacy Organizations to Challenge Facebook Settlement Statement from Groups --------- “The Settlement Fails to Provide Meaningful Relief to Facebook Users” WASHINGTON, DC – Many of the nation’s leading consumer privacy organizations are urging a federal court in Washington, DC to consider public comments before finalizing a proposed settlement between the Federal Trade Commission and Facebook. “The Facebook settlement is both historic and controversial. Many believe the FTC failed to establish meaningful safeguards for consumer privacy. We believe the court overseeing the case should consider the views of interested parties,” said Marc Rotenberg, President of the Electronic Privacy Information Center. Under the terms of the settlement, Facebook will pay a record-breaking $5 b fine to the United States Treasury, but there will be no significant changes in Facebook’s business practices and the FTC will release all pending complaints against the company. Typically in a proposed FTC settlement, the public would be provided an opportunity to provide comments to the agency before finalizing the deal. But no such opportunity was provided in the Facebook settlement. Many of the organizations that are joining the effort have also filed detailed complaints with the Federal Trade Commission, alleging that Facebook has violated privacy laws, including the Children’s Online Privacy Protection Act. A Freedom of Information Act case revealed that there are more than 26,000 complaints against Facebook currently pending at the Commission. In a similar case in 2012, the privacy group Consumer Watchdog challenged the FTC settlement with Google regarding the Safari hack. In other consumer privacy cases, courts have created opportunities for interested parties to file papers and be heard prior to a final determination on a proposed settlement. The case is In the Matter of Facebook, No. 19-cv-2184 (D.D.C. Filed July 24, 2019) EPIC filed with the court today: https://epic.org/2019/07/epic-challenges-ftc-facebook-s.html (link is external) Statements of Support: Brandi Collins-Dexter, Senior Campaign Director, Color of Change, “Despite the large price tag, the FTC settlement provides no meaningful changes to Facebook’s structure or financial incentives. It allows Facebook to continue to set its own limits on how much user data it can collect and it gives Facebook immunity for unspecified violations. The public has a right to know what laws Facebook violated. Corporations should face consequences for violating the public trust, not be given a rubber stamp to carry out business as usual. This settlement limits the ability of Black users to challenge Facebook’s misuse of their data and force real accountability which is why the courts must review the fairness of this settlement.” Susan Grant, Director of Consumer Protection and Privacy, Consumer Federation of America: “The FTC’s settlement with Facebook sells consumers short by failing to change the company’s mass surveillance practices and wiping away other complaints that deserved to be addressed. It needs to be stronger to truly protect our privacy.” Linda Sherry, Director of National Priorities, Consumer Action: “The FTC’s pending Facebook settlement does not take adequate measures to limit the collection and sharing of consumers’ personal information, but appears to provide the company with extensive protections from even future violations. Consumer Action respectfully urges the court to consider positions from interested parties who have related complaints filed with the FTC to ensure that the most fair and comprehensive agreement is approved.” Sally Hubbard, Director of Enforcement Strategy, Open Markets. “The FTC’s settlement is woefully insufficient in light of Facebook’s persistent privacy violations. The fine is a mere cost of doing business that makes breaking the law worth it for Facebook. Remedies must curb Facebook’s widespread data collection and promote competition. Otherwise Facebook will continue to fortify its monopoly power by surveilling users both on Facebook and off, and users can’t vote with their feet when Facebook violates their privacy. The public must have the opportunity to be heard on this negligent settlement." Robert Weissman, President, Public Citizen: “The FTC's settlement amounts to Facebook promising yet again to adhere to its own privacy policy, while reserving the right to change that policy at any time. That approach will fail to protect users' privacy. The court should reject the settlement and order the FTC to try again and do better.” Josh Golin, Executive Director, Campaign for Commercial-Free Childhood: “Facebook has been exploiting kids for years, and this proposed settlement is essentially a get-out-of-jail-free card. It potentially extinguishes our children's privacy complaints against Facebook, but offers absolutely no protections for kids' privacy moving forward. It also sweeps under the rug a complaint detailing how Facebook knowingly and intentionally tricked kids into spending money on mobile games over several years, sometimes to the tune of thousands of dollars per child.” James P. Steyer, CEO and Founder of Common Sense Media: "On behalf of families across the country, Common Sense fully stands behind EPIC's motion. The proposed settlement is a "get out of jail free" card for Facebook, purporting to absolve Facebook not only of liability for privacy abuses but for other -- completely unaddressed and unexplored -- Section 5 abuses. One such abuse that the FTC is aware of and that court documents confirm includes tricking kids into making in-app purchases that have put families out hundreds and even thousands of dollars —something the company has yet to meaningfully change its policies on to this day. Such a broad release is unprecedented, unjustified and unacceptable." Edmund Mierzwinski, Senior Director for Federal Consumer Programs, U.S. PIRG: "This laughable $5 billion settlement with the category-killer social media giant Facebook makes the much smaller Equifax settlement for sloppy security look harsh. Facebook intentionally collects and shares an ever-growing matrix of information about consumers, their friends and their interests in a mass surveillance business model. It routinely changes its previous privacy promises without consent. It doesn't adequately audit its myriad business partners. The FTC essentially said to Facebook: "Pay your parking ticket but don't ever change. Your fast-and-loose practices are okay with 3 of the 5 of us." Not changing those practices will come back to haunt the FTC, consumers and the world.” Jeff Chester, Executive Director, Center for Digital Democracy: "The 3-2 Facebook decision by the FTC leaves millions of Americans vulnerable to all the problems unleashed by the Cambridge Analytica scandal. The commission adopted a woefully inadequate remedy that does nothing to stem the fundamental loss of its user privacy which led to our original 2009 complaint." -
Press Release
FTC Fails to Protect Privacy in Facebook decision
Instead of serious structural and behavioral change, 3-2 deal is a huge giveaway. By dismissing all other claims, Simons' FTC does disservice to public
Statement of Jeff Chester, executive director, Center for Digital Democracy--CDD helped bring the 2009 FTC complaint that is the subject of today's decision on the Consent Order Once again, the Federal Trade Commission has shown itself incapable of protecting the privacy of the public and also preventing ongoing consumer harms. Today's announcement of a fine and--yet again! --improved system of internal compliance and other auditing controls doesn't address the fundamental problems. First, the FTC should have required Facebook to divest both its Instagram and Whatsapp platforms. By doing so, the commission would have prevented what will be the tremendous expansion of Facebook's ability to continually expand its data gathering activities. By failing to require this corporate break-up, the FTC has set the stage for what will be "Groundhog Day" violations of privacy for years to come. The FTC should have insisted that an independent panel of experts--consumer groups, data scientists, civil rights groups, etc.--be empaneled to review all the company's data related products, to decide which ones are to be modified, eliminated, or allowed to continue (such as lookalike modeling, role of influencers, cross-device tracking, etc.). This group should have been given the authority to review all new products proposed by the company for a period of at least five years. What was needed here was a serious change in the corporate culture, along with serious structural remedies, if the FTC really wanted to ensure that Facebook would act more responsibly in the future. The dissents by Commissioners Chopra and Slaughter illustrate that the FTC majority could have taken another path, instead of supporting a decision that will ultimately enable the problems to continue. Today's decision also dismisses all other complaints and requests for investigation related to Facebook's consent decree failures--a huge giveway. The FTC should be replaced by a new data protection agency to protect privacy. The commission has repeatedly demonstrated that--regardless of who is in charge--it is incapable of confronting the most powerful forces that undermine our privacy--and digital rights. -
FTC Facebook decision must go beyond Cambridge Analytica--that's just was the tipping point
The FTC is an unindicted conspirator in any privacy case
For years, consumer and privacy advocates attempted to get the Federal Trade Commission to act responsibly when it came to ensuring that the digital giants treated the public fairly, including their privacy. Since the mid-1990's, when I first started working to press the commission to be more responsive to the threats to autonomy and fairness triggered by the unrelenting and stealth gathering of all of our personal information (often working with EPIC), I was confronted by an agency which was so cautious, it blinded itself to the problems. The agency has never been able to address the role that digital marketing plays, for example, in manipulating people, helping it collect even more data on individuals. It refused to stop or curtail "Big Data" connected mergers or acquisitions, even though these deals further eroded our privacy. Overall, regardless of political party, the FTC has too often been timid, fearful, weak-kneed to industry, uninformed. Indeed, I believe that the massive global erosion of privacy and the growth of universal commercial surveillance is due, in large part, to the failure of the FTC to stop Google, Facebook and others from constantly expanding how they are able to get control over our personal details and use it anyway they desire. The FTC is an un-indicted conspirator in any privacy case. Cambridge Analytica was merely emblematic of the way the digital data marketing industry operates daily throughout the world. It wasn't an aberration, and there were and are many more like it. During the nearly 25 years I worked to pressure the FTC to do "the right thing," I and my many colleagues attempted to be a voice of information, conscience, political pressure. It helped no doubt. But I don't think we can save the agency at this point. We need a new digital watchdog that is set up from the get go with a clear mission to protect and empower the public--including ensuring their civil rights. Here's a memo, btw, we sent to Jim Kohm and other FTC officials working on the Facebook consent decree in 2013. We also organized a briefing for them; sent them trade stories, documenting the many ways we believe Facebook was violating its 2011 agreement. We gave them similar information on Google and its own consent decree failings. The FTC staff didn't see the problem. We can discuss why at some point, but I gather it's because they don't really want to tackle the forces that shape contemporary digital marketing. This is a sad story of the consumer agency that has a "don't ask, don't tell me" attitude when it comes to the powerful companies shaping our digital lives. -
Blog
What FTC needs to do to address Google/YouTube violations of kids privacy law
If FTC 3-2 decision does not include the following serious remedies, as listed below, it has failed to be effective protecting children & enforcing the law
Proposed Consent Order Penalties and Conditions The FTC should seek a 20-year consent decree which includes the following forms of relief: Injunctive relief Destroy all data collected from children under 13, in all forms in Google’s possession, including inferences drawn from this data, custody, or control of YouTube and all of Alphabet’s subsidiaries engaged in online data collection or commercial uses (e.g. advertising), including, but not limited to, Google Ads, Google Marketing Platform and their predecessors. Immediately stop collecting data from any user known to be under age 13, and any user that a reasonable person would likely believe to be under age 13, including, but not limited to, persons that are viewing any channel or video primarily directed to children, persons who have been identified for targeted ads based on being under 13 or any proxy for under 13 (e.g., grade in school, interest in toys, etc.), or any other factors. Identify, as of the date of this consent order, as well as on an ongoing basis, any users under age 13, and prohibit them from accessing content on YouTube. Prohibit users under age 13 from accessing content on YouTube Kids unless and until YouTube has provided detailed notice to parents, obtained parental consent, and complied with all of the other requirements of COPPA and this consent order. Remove all channels in the Parenting and Family lineup, as well as any other YouTube channels and videos directed at children, from YouTube. YouTube may make such channels and videos available on a platform specifically intended for children (e.g. YouTube Kids) only after qualified human reviewers have reviewed the content and determined that the programming comply with all of the policies for YouTube’s child-directed platform, which must include, but are not limited to: No data collection for commercial purposes. Any data collected for “internal purposes” must be clearly identified as to what is being collected, for what purpose, and who has access to the data. It may not be sold to any third parties. No links out to other sites or online services. No recommendations or autoplay. No targeted marketing. No product or brand integration, including influencer marketing. Consumer education Require Google to fund independent organizations to undertake educational campaigns to help children and parents understand the true nature of Google’s data-driven digital marketing systems and its potential impacts on children’s wellbeing and privacy. Require Google to publicly admit (in advertising and in other ways) that it has violated the law and warn parents that no one under 13 should use YouTube. Record keeping and monitoring provisions Google must submit to an annual audit by a qualified, independent auditor to ensure that Google is complying with all aspects of the consent decree. The auditor must submit their report to the FTC. The FTC shall provide reports to Congress about the findings. All of the annual audits must be publicly available without redaction on the Commission’s website within 30 days of receipt. Google may not launch any new child-directed service until the new service has been reviewed and approved by an independent panel of experts – including child development and privacy experts – to be appointed by the FTC. Google must retain, and make available to the FTC on request, documentation of its compliance with the consent decree. Civil penalties and other monetary relief Google will pay the maximum possible civil penalties – $42,530 per violation. Whether violations are counted per child or per day, the total amount of the penalty must be sufficiently high to deter Google and YouTube from any further violations of COPPA. Google to establish a $100 million fund to be used to support the production of noncommercial, high-quality, and diverse content for children. Decisions about who receives this money must be insulated from influence by Google. In addition, we ask the FTC to consider using its authority under Section 13(b) of the FTC Act to require Google and YouTube to disgorge ill-gotten gains, and to impose separate civil penalties on the management personnel at Google and YouTube who knowingly allowed these COPPA violations to occur. -
Blog
Time to Legislate COPPA 2.0
FTC's Proposed COPPA Review comes too late; Agency cannot be relied on to protect youth, families
Today, the FTC announced plans to review the Children's Online Privacy Protection Act (COPPA) rules. CDD and allies successfully campaigned to have the law's rules expanded in 2012, to ensure that the privacy of children 12 and under was better protected in today's "Big Data" driven cross-device environment. But it's too late for the FTC to make modest changes to how it implements the 1998 law. The commission has failed to effectively enforce the law for years--both Republicans and Democrats are at fault here. For example, the commission has long known that Google was deliberately ignoring COPPA, in order to build its YouTube service as the leading child-directed site. But it did nothing. Under a bill proposed by Sens. Edward J. Markey and Josh Hawley, the FTC would be required to proactively ensure that children's data is better protected, and that there are serious safeguards when marketing to them. It's time for the FTC to come out in support of that bill. -
News
FCC Commissioners Channel Scrooge and Weaken Children's TV Safeguards
FCC fails to ensure children in the U.S. have access to free, quality video content
"The Trump FCC just gave some of the country’s most powerful media companies a huge taxpayer-funded gift. By weakening a key safeguard requiring companies such as Comcast/NBC, News Corp./Fox, Disney/ABC, and Sinclair to air on their broadcast TV stations a few hours of educational programming for children, the FCC has placed the interests of the already rich and powerful over the needs of children and families. "Now these giant media companies get a huge public taxpayer hand-out in terms of free access to the airwaves (spectrum), as well as guaranteed access to cable TV systems, without any serious public-interest obligations. The FCC has given the TV industry a huge benefit, without getting anything in return. "Congress must step in and enact a new law that requires TV stations, cable systems and streaming video providers to offer a wide range of quality content for children. Such programming should be free—and not behind paywalls. In the meantime, today’s decision by the FCC will be remembered as one in which the commission's three GOP members embodied the worst qualities of Dickens’ Ebenezer Scrooge." statement of Jeff Chester, executive director, Center for Digital Democracy. CDD’s predecessor group Center for Media Education led the campaign in the early the 1990’s that led to the Children’s Television Act rules that were weakened today. It did the report in the early 1990’s that revealed TV stations claimed that shows like The Jetsons and The Flintstones were allegedly educational: https://www.nytimes.com/1992/09/30/us/broadcasters-to-satisfy-law-define-cartoons-as-education.html?searchResultPosition=13 (link is external) -
FTC Must Effectively Penalize Google for Violating COPPA Privacy law
Concern that FTC actions will not protect privacy for children on Google platforms; Digital ad giant must be held accountable
Letter sent on June 3 2019 to Chairman Simons and FTC Commissioners in response to a call made by the Campaign for Commercial-Free Childhood and CDD, represented by our attorneys from the Institute for Public Representation (IPR), Georgetown University Law Center with the commission. -
Press Release
FTC must impose maximum fine and ensure Google’s YouTube business practices obey children’s privacy law, say groups
Google’s unprecedented violation requires an unprecedented FTC response and a 20-year consent decree to ensure Alphabet Inc. acts responsibly when it comes to serving children and parents; Google executives should also be held accountable.
June 25, 2019 The Honorable Joseph Simons The Honorable Noah Phillips Chairman Commissioner Federal Trade Commission Federal Trade Commission 600 Pennsylvania Avenue, NW 600 Pennsylvania Avenue, NW Washington, DC 20580 Washington, DC 20580 The Honorable Rohit Chopra The Honorable Rebecca Slaughter Commissioner Commissioner Federal Trade Commission Federal Trade Commission 600 Pennsylvania Avenue, NW 600 Pennsylvania Avenue, NW Washington, DC 20580 Washington, DC 20580 The Honorable Christine Wilson Commissioner Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Dear Chairman Simons, Commissioner Phillips, Commissioner Chopra, Commissioner Slaughter, and Commissioner Wilson: The Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD) have been encouraged by recent media reports that the Federal Trade Commission is preparing to take action against Google and YouTube for violating the Children’s Online Privacy Protection Act (COPPA). CCFC and CDD, represented by the Institute for Public Representation at Georgetown Law (IPR), are the organizations responsible for drafting the Request to Investigate Google and YouTube filed with the FTC on April 9, 2018. Previously, IPR filed on behalf of CCFC and CDD Requests to Investigate YouTube’s promotion of unfair and deceptive influencer marketing to children (October 21, 2016) and unfair and deceptive marketing practices on YouTube Kids (April 7, and November 24, 2015). As you are aware, YouTube has profited enormously by hosting channels and videos of nursery rhymes, unboxing videos, popular cartoons, and other content specifically designed for children on the main YouTube platform. But instead of getting the verifiable parental consent required before collecting children’s personal information, Google claims that YouTube is not for children under thirteen, and therefore, no consent is required. This defense is outlandish given that YouTube is the number one online destination for kids. In short, Google has profited by violating the law and the privacy of tens of millions of children. For this reason, the FTC must sanction Google at a scale commensurate with the company’s unprecedented and unparalleled violations of COPPA. As we pointed out in our Request to Investigate, the maximum civil penalties should be imposed because: Google had actual knowledge of both the large number of child-directed channels on YouTube and the large numbers of children using YouTube. Yet, Google collected personal information from nearly 25 million children in the U.S over a period of years, and used this data to engage in very sophisticated digital marketing techniques. Google’s wrongdoing allowed it to profit in two different ways: Google has not only made a vast amount of money by using children’s personal information as part of its ad networks to target advertising, but has also profited from advertising revenues from ads on its YouTube channels that are watched by children. [April 9, 2018 Request to Investigate at 26-27 (footnotes omitted)]. Moreover, any consent order must mandate meaningful changes to YouTube’s business practices. For example, all child-directed content should be placed on a separate platform where targeted advertising, commercial data collection, links to other sites or content, and autoplay are prohibited. Google must also live up to its Terms of Service – which stipulate YouTube is only for persons thirteen and older – by removing all kids’ content from the main YouTube platform. By ensuring such changes, the Commission will do a tremendous service to America’s families seeking to provide a healthy media environment for their children, while sending a clear message to all online and mobile operators that no one is above the law. Google’s disregard of children’s welfare is demonstrated not only by the evidence in our complaints, but by numerous reports of violent, sexual and other inappropriate content available to children on both YouTube Kids and on the main YouTube platform. Moreover, the company refused to turn off recommendations on videos featuring young children in leotards and bathing suits even after researchers demonstrated YouTube’s algorithm was recommending these videos to pedophiles. These ongoing and serious issues require that the FTC take strong action. We believe that Google should repay America’s families by creating a truly safe space for kids and fostering the production of quality non-commercial children’s programming. Attached you will find a list of recommended penalties and conditions to be included in a final consent order. We would be happy to meet with you to discuss our proposed remedies in greater detail. Thank you. Sincerely, Jeffrey Chester Executive Director Center for Digital Democracy Josh Golin Executive Director Campaign for a Commercial-Free Childhood Angela J. Campbell Director Institute for Public Representation Georgetown Law Encl.: Proposed Consent Order Penalties and Conditions Proposed Consent Order Penalties and Conditions The FTC should seek a 20-year consent decree which includes the following forms of relief: Injunctive relief Destroy all data collected from children under 13, in all forms in Google’s possession, including inferences drawn from this data, custody, or control of YouTube and all of Alphabet’s subsidiaries engaged in online data collection or commercial uses (e.g. advertising), including, but not limited to, Google Ads, Google Marketing Platform and their predecessors. Immediately stop collecting data from any user known to be under age 13, and any user that a reasonable person would likely believe to be under age 13, including, but not limited to, persons that are viewing any channel or video primarily directed to children, persons who have been identified for targeted ads based on being under 13 or any proxy for under 13 (e.g., grade in school, interest in toys, etc.), or any other factors. Identify, as of the date of this consent order, as well as on an ongoing basis, any users under age 13, and prohibit them from accessing content on YouTube. Prohibit users under age 13 from accessing content on YouTube Kids unless and until YouTube has provided detailed notice to parents, obtained parental consent, and complied with all of the other requirements of COPPA and this consent order. Remove all channels in the Parenting and Family lineup, as well as any other YouTube channels and videos directed at children, from YouTube. YouTube may make such channels and videos available on a platform specifically intended for children (e.g. YouTube Kids) only after qualified human reviewers have reviewed the content and determined that the programming comply with all of the policies for YouTube’s child-directed platform, which must include, but are not limited to: No data collection for commercial purposes. Any data collected for “internal purposes” must be clearly identified as to what is being collected, for what purpose, and who has access to the data. It may not be sold to any third parties. No links out to other sites or online services. No recommendations or autoplay. No targeted marketing. No product or brand integration, including influencer marketing. Consumer education Require Google to fund independent organizations to undertake educational campaigns to help children and parents understand the true nature of Google’s data-driven digital marketing systems and its potential impacts on children’s wellbeing and privacy. Require Google to publicly admit (in advertising and in other ways) that it has violated the law and warn parents that no one under 13 should use YouTube. Record keeping and monitoring provisions Google must submit to an annual audit by a qualified, independent auditor to ensure that Google is complying with all aspects of the consent decree. The auditor must submit their report to the FTC. The FTC shall provide reports to Congress about the findings. All of the annual audits must be publicly available without redaction on the Commission’s website within 30 days of receipt. Google may not launch any new child-directed service until the new service has been reviewed and approved by an independent panel of experts – including child development and privacy experts – to be appointed by the FTC. Google must retain, and make available to the FTC on request, documentation of its compliance with the consent decree. Civil penalties and other monetary relief Google will pay the maximum possible civil penalties – $42,530 per violation. Whether violations are counted per child or per day, the total amount of the penalty must be sufficiently high to deter Google and YouTube from any further violations of COPPA. Google to establish a $100 million fund to be used to support the production of noncommercial, high-quality, and diverse content for children. Decisions about who receives this money must be insulated from influence by Google. In addition, we ask the FTC to consider using its authority under Section 13(b) of the FTC Act to require Google and YouTube to disgorge ill-gotten gains, and to impose separate civil penalties on the management personnel at Google and YouTube who knowingly allowed these COPPA violations to occur. -
All Complaints (link is external) filed by Institute for Public Representation on behalf of Campaign for a Commercial-Free Childhood, the Center for Digital Democracy, and others
-
In response to a call (link is external) for submissions by the UN Committee on the Right of the Child (link is external) on the topic of children’s rights in relation to the digital environment, CDD joins academics and advocates in submitting comments. The group calls on the Committee to recognize the far-reaching harms caused by digital marketing and the personal data extraction on which it is predicated. Many digital marketing practices infringe many rights enshrined in the UN Convention on the Rights of the Child (link is external). The Committee ought to recognize the need to protect children from these harms so children can fully enjoy the opportunities digital environments offer for their development and fulfilment of their rights.
-
Press Release
Advocates Demand FTC Investigation of Echo Dot Kids Edition, Amazon violates COPPA in many ways, including keeping data that parents believe they deleted
Contact: Josh Golin, CCFC: josh@commercialfreechildhood.org (link sends e-mail); (617) 896-9369 Jeff Chester, CDD: jeff@democraticmedia.org (link sends e-mail); (202) 494-7100 Advocates Demand FTC Investigation of Echo Dot Kids Edition Amazon violates COPPA in many ways, including keeping data that parents believe they deleted BOSTON, MA — May 9, 2019 — Today, a coalition of 19 consumer and public health advocates led by the Campaign for a Commercial-Free Childhood (CCFC) and the Center for Digital Democracy (CDD) called on the Federal Trade Commission (FTC) (link is external) to investigate and sanction Amazon for infringing on children’s privacy through its Amazon Echo Dot Kids Edition. An investigation by CCFC and the Institute for Public Representation (IPR) at Georgetown Law revealed that Echo Dot Kids, a candy-colored version of Amazon’s home assistant with Alexa voice technology, violates the Children’s Online Privacy Protection Act (COPPA) in many ways. Amazon collects sensitive personal information from kids, including their voice recordings and data gleaned from kids’ viewing, reading, listening, and purchasing habits, and retains it indefinitely. Most shockingly, Amazon retains children’s data even after parents believe they have deleted it. CCFC and IPR have produced a video (link is external) demonstrating how Amazon ignores the request to delete or “forget” a child’s information it has remembered. The advocates’ FTC complaint also say Amazon offers parents a maze of multiple privacy policies, which violate COPPA because they are confusing, misleading and even contradictory. “Amazon markets Echo Dot Kids as a device to educate and entertain kids, but the real purpose is to amass a treasure trove of sensitive data that it refuses to relinquish even when directed to by parents,” said Josh Golin, CCFC’s Executive Director. “COPPA makes clear that parents are the ones with the final say about what happens to their children’s data, not Jeff Bezos. The FTC must hold Amazon accountable for blatantly violating children’s privacy law and putting kids at risk.” Amazon Echo Dot Kids Edition comes with a one-year subscription to FreeTime Unlimited, which connects children with entertainment like movies, music, audiobooks, and video games. The always-on listening device is often placed in the child’s bedroom, and kids are encouraged to interact with it as if Alexa was a close friend. Kids can download “skills,” similar to apps, to add functionality. In clear violation of COPPA, Amazon disavows responsibility for the data collection practices of Alexa skills for kids and tells parents to check the skill developers’ privacy policies. To make matters worse, 85% of skills for kids have no privacy policy posted. Amazon does not verify that the person consenting to data collection is an adult, let alone the child’s parent. The advocates also say the Echo Dot has a “playdate problem”: a child whose parents have not consented will have their conversations recorded and sensitive information retained when visiting a friend who owns the device. “We spent months analyzing the Echo Dot Kids and the device’s myriad privacy policies and we still don’t have a clear picture of what data is collected by Amazon and who has access to it,” said Angela Campbell, a CCFC Board Member and Director of IPR’s Communications and Technology Clinic at Georgetown Law, which researched and drafted the complaint. “If privacy experts can’t make heads or tails of Amazon’s privacy policy labyrinth, how can a parent meaningfully consent to the collection of their children’s data?” “By providing misleading tools that don’t actually allow parents to delete their children’s data, Amazon has made a farce of parents’ difficult task of protecting their children’s privacy,” said Lindsey Barrett, Staff Attorney and Teaching Fellow at IPR. “COPPA requires companies to allow parents to delete their children’s personal information, and Amazon is breaking the law— not to mention breaking parents’ trust.” “It’s shameful that Amazon is ensnaring children and their valuable data in its race to market dominance,” said Jeff Chester of CDD. "COPPA was enacted to empower parents to have control over their children’s data, but at every turn Echo Dot Kids thwarts parents who want to limit what Amazon knows about their child. The FTC must hold Amazon accountable to make clear that voice-activated, always-on devices must respect children’s privacy." Organizations which signed today’s complaint were the Campaign for a Commercial-Free Childhood, Center for Digital Democracy, Berkeley Media Studies Group, Color of Change, Consumer Action, Consumer Federation of America, Defending the Early Years, Electronic Privacy Information Center, New Dream, Open MIC (Open Media and Information Companies Initiative), Parents Across America, Parent Coalition for Student Privacy, Parents Television Council, Peace Educators Allied for Children Everywhere (P.E.A.C.E.), Public Citizen, Raffi Foundation for Child Honouring, Story of Stuff, TRUCE (Teachers Resisting Unhealthy Childhood Entertainment), and U.S. PIRG. In May 2018, CCFC and CDD issued a warning (link is external), supported by experts like Drs. Sherry Turkle, Jenny Radesky, and Dipesh Navsaria, that parents should steer clear of Echo Dot Kids. The advocates cautioned that Echo Dot endangers children’s privacy, and by encouraging young children to spend more time with and form “faux relationships” with digital devices, it threatens their healthy development. Added Josh Golin: “Echo Dot Kids interferes with children’s healthy development and relationships and threatens their privacy. Parents should resist Amazon’s efforts to indoctrinate children into a culture of surveillance, and say ‘no’ to Echo Dot Kids.” The investigation by CCFC and IPR was made possible by a generous grant from the Rose Foundation for Communities and the Environment (link is external). -
Privacy Rights Are Civil Rights
Over 40 Civil Rights, Civil Liberties, and Consumer Groups Call on Congress to Address Data-Driven Discrimination
-
Press Release
Press Briefing: Senators, Coalition Call for Sweeping National Digital Privacy Legislation
Experts to Demand Federal Action to Combat Growing digital-consumer and Civil Rights Threats
For Immediate Release: Feb. 26, 2019 Contact: Mike Stankiewicz, mstankiewicz@citizen.org (link sends e-mail), (202) 588-7779 Jeff Chester jeff@democraticmedia.org (link sends e-mail) (202) 494-7100 MEDIA ADVISORY Press Briefing: Senators, Coalition Call for Sweeping National Digital Privacy Legislation Experts to Demand Federal Action to Combat Growing digital-consumer and Civil Rights Threats WHAT: Staff briefing, open to the press and sponsored by U.S. Sens. Ed Markey (D-Mass.) Tom Udall (D-N.M.), at which consumer protection and civil rights advocates will explain the urgent need for sweeping federal digital privacy legislation with a new approach. It includes baseline legislation that doesn’t pre-empt state privacy laws, the creation of a new federal data protection agency and safeguards against data practices that lead to unjust, unfair, manipulative or discriminatory, outcomes. The briefing comes as Americans increasingly demand protection of their digital privacy in light of unethical privacy sharing and harvesting by tech giants. Without any constraints, Big Tech companies and their partners are collecting sensitive information on American citizens, ranging from financial and health information to data that tracks our Internet activity across all our devices, our location throughout the day and much more. Both the federal government and the states must be empowered to protect the public from this ever-growing online threat to their privacy, welfare and civil rights. Members of the Privacy and Digital Rights for All coalition, which has announced a Framework for Comprehensive Privacy Protection And Digital Rights (link is external) in the U.S. also will speak about the need for enduring privacy innovation and limiting government access to personal data. WHEN: 2 p.m. EST, Mon., March 4 WHO: Ed Mierzwinski, consumer program director, U.S. PIRG Jeffrey Chester, executive director, Center for Digital Democracy Brandi Collins-Dexter, senior campaign director, Color of Change Josh Golin, executive director, Campaign for a Commercial-Free Childhood Burcu Kilic, research director, Public Citizen’s Access to Medicines program Christine Bannan, administrative law and policy fellow, Electronic Privacy Information Center (EPIC) WHERE: Hart Senate Office Building Room 216 120 Constitution Ave NE Washington, DC 20002 ### -
Press Release
Groups Call for New Privacy Agency to Replace FTC - Ensure Role for States' Protections
Curbing Companies’ Bad Behavior Will Require Stronger Data Privacy Laws and a New Federal Data Privacy Agency Federal Privacy Laws Are Antiquated and Need Updating; New Data Privacy Legislation Must Include Civil Rights Protections and Enhanced Punishments for Violations Jan. 17, 2019 Contact: Don Owens, dowens@citizen.org (link sends e-mail), (202) 588-7767 Jeffrey Chester, jeff@democraticmedia.org (link sends e-mail), (202) 494-7100 WASHINGTON, D.C. – U.S. data privacy laws must be overhauled without pre-empting state laws and a new data privacy agency should be created to confront 21st century threats and address emerging concerns for digital customers, consumer and privacy organizations said today as they released a framework (link is external) for comprehensive privacy protection and digital rights for members of Congress. “Big Tech is coming to Washington looking for a deal that affords inadequate protections for privacy and other consumer rights but pre-empts states from defending their citizens against the tech companies’ surveillance and misuse of data,” said Robert Weissman, president of Public Citizen. “But here’s the bad news for the tech giants: That deal isn’t going to fly. Instead, the American people are demanding – and intend to win – meaningful federal restraints on tech company abuses of power that also ensure the right of states to craft their own consumer protections.” From the Equifax data breach to foreign election interference and targeted digital ads based on race, health and income, it’s clear that U.S. consumers face a crisis of confidence born from federal data privacy laws that are decades out of date and a lack of basic protections afforded them by digital conglomerates. These corporations, many of which dominate online spaces, are far more interested in monetizing every key stroke or click than protecting consumers from data breaches. For that reason, federal and state authorities must act, the groups maintain. The groups will push for federal legislation based on a familiar privacy framework, such as the original U.S. Code of Fair Information Practices and the widely followed Organization for Economic Cooperation and Development Privacy Guidelines. These frameworks should require companies that collect personal data and rights for individuals to: Establish limits on the collection, use and disclosure of sensitive personal data; Establish enhanced limits on the collection, use and disclosure of data of children and teens; Regulate consumer scoring and other business practices that diminish people’s physical health, education, financial and work prospects; and Prohibit or prevent manipulative marketing practices. The groups are calling for federal baseline legislation and oppose the pre-emption of state digital privacy laws. States have long acted as the “laboratories of democracy” and must continue to have the power to enact appropriate protections for their citizens as technology develops, the groups say. “Black communities should not have to choose between accessing the Internet and the right to control our data,” said Brandi Collins-Dexter, senior campaign director at Color Of Change. “We need privacy legislation that holds powerful corporations accountable for their impacts. Burdening our communities with the need to discern how complex terms of service and algorithms could harm us will only serve to reinforce discriminatory corporate practices. The privacy protection and digital rights principles released today create an important baseline for proactive data protections for our communities.” “For years now, Big Tech has used our sensitive information as a cash cow,” said Josh Golin, executive director of Campaign for a Commercial-Free Childhood. “Each innovation – whether it’s talking home assistants, new social media tools or software for schools – is designed to spy on families and children. We desperately need both 21st century legislation and a new federal agency with broad enforcement powers to ensure that children have a chance to grow up without their every move, keystroke, swipe and utterance tracked and monetized.” The United States is woefully behind other nations worldwide in providing these modern data protections for its consumers, instead relying solely on the Federal Trade Commission (FTC) to safeguard consumers and promote competition. But corporations understand that the FTC lacks rulemaking authority and that the agency often fails to enforce rules it has established. “The FTC has failed to act,” said Caitriona Fitzgerald, policy director at the Electronic Privacy Information Center. “The U.S. needs a dedicated data protection agency.” Alternately, many democratic nations like Canada, Mexico, the U.K., Ireland and Japan already have dedicated data protection agencies with independent authority and enforcement capabilities. Groups that have signed on to the framework include Berkeley Media Studies Group, Campaign for a Commercial-Free Childhood, Center for Digital Democracy, Center for Media Justice, Color of Change, Consumer Action, Consumer Federation of America, Defending Rights & Dissent, Electronic Privacy Information Center, Media Alliance, Parent Coalition for Student Privacy, Privacy Rights Clearinghouse, Privacy Times, Public Citizen, Stop Online Violence Against Women and U.S. PIRG. Read the groups’ proposal below. ### -
Press Release
Google Play Store Apps for Kids Threatens Privacy and Poses Other Harms - Groups call for FTC Action to Protect Children and Families
Contact: David Monahan, CCFC (david@commercialfreechildhood.org (link sends e-mail); 617-896-9397)Jeff Chester, CDD (jeff@democraticmedia.org (link sends e-mail); 202-494-7100)Apps which Google rates as safe for kids violate their privacy and expose them to other harmsAdvocates, lawmakers call on FTC to address how Google’s Play Store promotes children’s games which violate kids’ privacy law, feature inappropriate content, and lure kids to watch ads and make in-app purchases BOSTON, MA and WASHINGTON, DC — December 19, 2018 — Today, a coalition of 22 consumer and public health advocacy groups led by Campaign for a Commercial-Free Childhood (CCFC) and Center for Digital Democracy (CDD) called on the Federal Trade Commission (link is external) (“FTC”) to investigate and sanction Google for the deceptive marketing of apps for young children. Google represents that the apps in the “Family” section of the Google Play Store are safe for children, but the apps often violate federal children’s privacy law, expose children to inappropriate content, and disregard Google’s own policies by manipulating children into watching ads and making in-app purchases.The Play Store is Google’s one-stop shop for Android apps, games, and entertainment. Apps in the “Family” section are promoted with a green star and, in some cases, a recommended age, like “Ages 5 & Under,” or “Ages 6-8.” Google is aware from several recent academic studies that many of the apps in this section are a threat to children’s privacy and wellbeing, yet it continues to promote them with these kid-friendly ratings.“The business model for the Play Store’s Family section benefits advertisers, developers, and Google at the expense of children and parents,” said CCFC’s Executive Director Josh Golin. “Google puts its seal of approval on apps that break the law, manipulate kids into watching ads and making purchases, and feature content like kids cleaning their eyes with sharp objects. Given Google’s long history of targeting children with unfair marketing and inappropriate content, including on YouTube, it is imperative that the FTC take swift action.”Lawmakers echoed the call for FTC action. “We’re repeatedly confronted with examples of tech companies that are just not doing enough to protect consumer privacy – and I’m particularly concerned about what this failure means for our children,” said U.S. Senator Tom Udall (D-NM) regarding today’s action by the advocates. “When real-world products are dangerous or violate the law, we expect retailers to pull them off the shelves. Google’s refusal to take responsibility for privacy issues in their Play Store allows for app developers to violate COPPA, all while Google cashes in on our children’s activity. It is past time for the Federal Trade Commission to crack down to protect children’s privacy.”“Google’s dominance in the app market cannot come at the expense of its clear legal obligations to protect kids that use its products.” said David N. Cicilline (RI-01), the top Democrat on the House Antitrust Subcommittee, who raised his concerns about this issue when the Chairman of the FTC testified last week. “I am pleased that this coalition of consumer and children’s advocacy groups are urging the FTC to scrutinize whether Google is improperly tracking children and selling their data.”Google policies require apps in the Kids and Family section of its Play Store to be compliant with the Children’s Online Privacy Protection Act (COPPA). But, Google doesn’t verify compliance, so Play Store apps for children consistently violate COPPA. Many apps send children’s data unencrypted, while others access children’s locations or transmit persistent identifiers without notice or verifiable parental consent. Google has known about these COPPA violations since at least July 2017, when they were publicly reported by Serge Egelman, a researcher at the University of California, Berkeley Center for Long-Term Cybersecurity. Yet Google continues to promote such apps as COPPA-compliant.“Our research revealed a surprising number of privacy violations on Android apps for children, including sharing geolocation with third parties,” said Serge Egelman, a researcher at the University of California, Berkeley. “Given Google’s assertion that Designed for Families apps must be COPPA compliant, it’s disappointing these violations still abound, even after Google was alerted to the scale of the problem.”Google’s policies also require apps for children to avoid “overly aggressive” commercial tactics, but the advocates’ FTC complaint reveals that many popular apps feature ads that interrupt gameplay, are difficult to click out of, or are required to watch in order to advance in a game. In addition, games represented to parents as free often pressure children to make in-app purchases, sometimes going so far as to show characters crying if kids don’t buy locked items. The complaint also offers examples of multiple children’s apps that serve ads for alcohol and gambling, despite those ads being barred by Google’s Ad Policy.Other apps designated as appropriate for children are clearly not. Some contain graphic, sexualized images, like TutoTOONS Sweet Baby Girl Daycare 4 – Babysitting Fun, which has over 10 million downloads. Others model actively harmful behavior, like TabTale’s Crazy Eye Clinic, which teaches children to clean their eyes with a sharp instrument, and has over one million downloads."Parents who download apps recommended for ages 8 and under don’t expect their child to see ads which promote gambling, alcoholic beverages, or violent video games,” said Angela Campbell, Director of the Communications and Technology Clinic at Georgetown Law, which drafted the complaint. “But Google falsely claims that apps listed in the Family section only have ads which are appropriate for children. It’s important for the FTC to act quickly to protect children, especially in light of Google's dominance in the app market."The coalition has previously asked the FTC to investigate developers of children’s apps, citing research from the University of Michigan that revealed manipulative advertising is rampant in apps popular with preschoolers. Today’s complaint focuses on Google, whose misrepresentation and promotion of those apps has led to hundreds of millions of downloads.“Google (Alphabet, Inc.) has long engaged in unethical and harmful business practices, especially when it comes to children,” explained Jeff Chester, executive director of the Center for Digital Democracy (CDD). "And the Federal Trade Commission has for too long ignored this problem, placing both children and their parents at risk over their loss of privacy, and exposing them to a powerful and manipulative marketing apparatus. As one of the world’s leading providers of content for kids online, Google continues to put the enormous profits they make from kids ahead of any concern for their welfare," Chester noted. “It’s time federal and state regulators acted to control Google’s 'wild west' Play Store App activities.”Joining the Campaign for a Commercial-Free Childhood and the Center for Digital Democracy in signing today’s complaint to the FTC are Badass Teachers Association, Berkeley Media Studies Group, Color of Change, Consumer Action, Consumer Federation of America, Consumer Watchdog, Defending the Early Years, Electronic Privacy Information Center, Media Education Foundation, New Dream, Open MIC (Open Media and Information Companies Initiative), Parents Across America, Parent Coalition for Student Privacy, Parents Television Council, Peace Educators Allied for Children Everywhere (P.E.A.C.E.), Privacy Rights Clearinghouse, Public Citizen, the Story of Stuff, TRUCE (Teachers Resisting Unhealthy Childhood Entertainment), and USPIRG.In addition to filing an FTC complaint, CCFC has launched a petition (link is external) asking Google to adopt the Kids’ Safer App Store Standards, which would bar advertising in apps for kids under 5, limit ads in apps for kids 6 -12, bar in-app purchases, and require apps to be reviewed by a human before being included in the Kids and Family section of the Play Store.### -
Kathryn Montgomery, PhD
Research Director and Senior Strategist for the Center for Digital Democracy
Kathryn Montgomery, PhD. is Research Director and Senior Strategist for the Center for Digital Democracy (CDD). In the early 90s, she and Jeff Chester co-founded the Center for Media Education (CME), where she served as President until 2003, and which was the predecessor organization to CDD. CME spearheaded the national campaign that led to passage of the 1998 Children's Online Privacy Protection Act (COPPA) the first federal legislation to protect children's privacy on the Internet. From 2003 until 2018, Dr. Montgomery was Professor of Communication at American University in Washington, D.C., where she founded and directed the 3-year interdisciplinary PhD program in Communication. She has served as a consultant to CDD for a number of years and joined the full-time staff in July 2018. Throughout her career, Dr. Montgomery has written and published extensively about the role of media in society, addressing a variety of topics, including: the politics of entertainment television; youth engagement with digital media; and contemporary advertising and marketing practices. Montgomery's research, writing, and testimony have helped frame the national public policy debate on a range of critical media issues. In addition to numerous journal articles, chapters, and reports, she is author of two books: Target: Prime Time – Advocacy Groups and the Struggle over Entertainment Television (Oxford University Press, 1989); and Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet (MIT Press, 2007). Montgomery’s current research focuses on the major technology, economic, and policy trends shaping the future of digital media in the Big Data era. She earned her doctorate in Film and Television from the University of California, Los Angeles. -
The law that lets Europeans take back their data from big tech companies, November 11, 1918, CBS 60 Minutes Click to view video.
-
CDD’s Executive Director, Jeff Chester, on CBS 60 Minutes
The law that lets Europeans take back their data from big tech companies
"> " type="application/x-shockwave-flash">