CDD

program areas Digital Consumer

  • News

    EU data protection rights at risk through trade agreements, new study shows

    Strong Safeguards on Privacy and digital-consumer Protection Required

    Researchers of the University of Amsterdam’s Institute for Information Law (IViR) have published an independent study today commissioned by BEUC (link is external), EDRi (link is external), CDD and TACD (link is external). The study shows that the European Union (EU) does not sufficiently safeguard citizens' personal data and privacy rights in its trade agreements. Modern digital markets rely on the processing of personal data, but regulations on how to protect these differ widely from country to country. A new generation of trade agreements increasingly allows unrestricted data transfers, including personal data, between countries. This ground-breaking studysheds light on how trade agreements – for example, the future EU-US trade deal (TTIP) –treat personal data and privacy. By looking at both EU and international law, the researchers conclude that the EU should protect its citizens’ personal data, and prevent their privacy from being weakened in trade agreements. To do so, the EU must take action to safeguard its rules on data protection from legal challenge by its trade partners. “It’s unacceptable that the EU’s privacy and data protection rules could be challenged through trade policy. Trade deals should not undermine consumers’ fundamental rights and their very trust in the online economy. We’re pleased to see this study clearly echoing the European Parliament’s call to keep rules on privacy and data protection out of trade agreements,” Monique Goyens, Director General of The European Consumer Organisation (BEUC), commented. "The EU has the responsibility to safeguard people's rights to privacy and data protection in trade agreements. The European Union has done a great job at setting high standards for these fundamental rights. This study shows how to ensure these high standards can be maintained when trade agreements are negotiated", said Joe McNamee, Executive Director of European Digital Rights (EDRi). "The United States is aggressively pushing for a trade deal with the EU that would permit the unprecedented expansion of commercial data collection, threatening both consumers and citizens. America’s data giants want the TTIP to serve as a digital `Trojan Horse’ that effectively sidesteps the EU’s human-rights-based data protection safeguards. This new study is a wake-up call for policy makers and the public: any trade deal must first protect our privacy and ensure consumer protection," added Jeffrey Chester, Executive Director of Center for Digital Democracy (CDD). "The EU’s opaque and inconsistent system of granting third countries so-called ‘adequacy’ status for transferring personal data of its citizens makes it vulnerable to legal challenge by trade partners. This is an important finding of this study, and particularly relevant in the week when the EU-US much-criticised Privacy Shield, is likely to be approved. The EU must not make some partners more equal than others when deciding on the adequacy of their data protection laws", said Anna Fielder, Senior Policy Advisor of the Transatlantic Consumer Dialogue (TACD). Note to editors: BEUC, the European Consumer Organisation, acts as the umbrella group in Brussels for its 42 national member organisations. Its main task is to represent these members at the European level and defend the interests of all Europe’s consumers. BEUC has a special focus on five areas identified as priorities by its members: Financial Services, Food, Digital Rights, Consumer Rights & Enforcement and Sustainability. European Digital Rights (EDRi), is an umbrella organisation of 31 civil and human rights organisations from across Europe. Our mission is to promote, protect and uphold civil and human rights in the digital environment. The Center for Digital Democracy (CDD), a U.S.-based NGO, works to protect the privacy and welfare of the public in the “Big Data” digitally driven marketplace. By combining advocacy, industry research, coalition- building, and media outreach, CDD helps hold accountable some of the most powerful forces shaping the destiny of the world—especially those companies that dominant the global Internet landscape. The Transatlantic Consumer Dialogue (TACD), is a forum of over 70 EU and US consumer organisations established in 1998 with the goal of promoting the consumer interest in the US and EU policy making.
    Jeff Chester
  • We the undersigned privacy scholars support the proposal of the Federal Communications Commission to apply and adapt the Communications Act’s Title II consumer protection provisions to broadband internet access services. We commend the Commission’s much-needed efforts to carry out its statutory obligation and to protect the privacy of broadband internet access customers. We agree with the Commission’s proposal and affirm the importance of giving consumers effective notice and control over their personal information by strengthening consumer choice, transparency and data security. In particular, we support the Commission’s proposal to require affirmative consent (opt-in) for use and sharing of customer data for purposes unrelated to providing communications services. As scholars who have studied, researched, taught, and thought about privacy in depth from a variety of perspectives, we believe it is important that Americans have their privacy protected as they access, use and reap the benefits of the internet, the most fundamental communications network of our times. Privacy is a core human need, and citizens should be able to access the internet without the fear of being watched or of having their data analyzed or shared in unexpected ways. Privacy protections are a vital part of life for free citizens in a democratic society, and make society as a whole more vibrant, equitable and just. There are many ways our privacy is under assault in our age of fast-moving technology, which makes it all the more important that we protect that privacy in our bedrock communications system. We welcome innovation and technological progress but do not believe in the necessity to advance them at the expense of privacy. Our fundamental right to privacy should not be sold off for short-term gains, and thus we urge the Commission to adopt its proposed rule, which would significantly advance privacy online. [see signatories in attachment]
    Jeff Chester
  • In Reply Comments to FCC, CDD Explains Why Consumers Require Privacy Protection from Broadband Network Providers

    Filing counters industry claims, including on consumer choice and role of digital ad market. Provided new evidence on growth of ISP "Big Data" commercial consumer profiling practices. CDD and colleagues also file on failure of multistakeholder process and also need to protect privacy of children and adolescents

    We believe that the absence of any FCC rulemaking to protect the privacy of broadband customers would significantly add to the already prevalent sense of confusion and sense of loss of control among broadband internet customers under the existing FTC regime. Instead, the proposed rules will give ISP customers much needed control over their data and are much more likely to increase consumer confidence. Second, we would like to emphasize that current BIAS provider data practices already undermine the privacy of their customers and that they are in the process of further building out their powerful data management capabilities. Due to these practices and their significant position in the data eco system, BIAS providers are a growing and significant marketplace force in digital advertising. Contrary to companies’ and trade associations’ claims, we see no evidence that giving BIAS providers’ customers effective privacy choices will limit the online advertising industry to flourish. The American public wants to see its privacy protected and needs the safeguards proposed by the Commission. Nothing less will limit the expansion of an unprecedented intrusion of BIAS providers into the most private aspects of American consumers’ lives. The Commissions’ proposed rules are needed to protect individual autonomy and the fundamental right to privacy and self-determination. see attached for the complete Reply Comment Also attached is joint filing showing how the so-called "Multistakeholder" Process on privacy, organized by the Department of Commerce, has repreatedly failed to protect the public.
  • Alvaro Bedoya, Center for Digital Democracy, Common Sense Kids Action, Consumer Action, Consumer Federation of America, Consumer Watchdog, Privacy Rights Clearinghouse, and U.S. PIRG The “Privacy Best Practice Recommendations for Commercial Facial Recognition Use” that have finally emerged from the multistakeholder process convened by the National Telecommunications and Information Administration (NTIA) are not worthy of being described as “best practices.” In fact, they reaffirm the decision by consumer and privacy advocates to withdraw from the proceedings. In aiming to provide a “flexible and evolving approach to the use of facial recognition technology” they provide scant guidance for businesses and no real protection for individuals, and make a mockery of the Fair Information Practice Principles on which they claim to be grounded. That is not surprising. It was clear to those of us who participated in this process that it was dominated by commercial interests and that we could not reach consensus on even the most fundamental question of whether individuals should be asked for consent for their images to be collected and used for purposes of facial recognition. Under these “best practices,” consumers have no say. Instead, those who follow these recommendations are merely “encouraged” to “consider” issues such as voluntary or involuntary enrollment, whether the facial template data could be used to determine a person’s eligibility for things such as employment, healthcare, credit, housing or employment, the risks and harms that the process may impose on enrollees, and consumers’ reasonable expectations. No suggestions are provided, however, for how to evaluate and deal with those issues. If entities use facial recognition technology to identify individuals, they are “encouraged” to provide those individuals the opportunity to control the sharing of their facial template data – but only for sharing with unaffiliated third parties that don’t already have the data, and “control” is not defined. Just as there is nothing that “encourages,” let alone requires, asking individuals for consent for their images to be collected and used for facial recognition in the first place, there is nothing that “encourages” offering them the ability to review, correct or delete their facial template data later. The recommendations merely “encourage” entities to disclose to individuals that they have that ability, if in fact they do. Further, if facial recognition is being used to target specific marketing to, for example, groups of young children, there is no “encouragement” to follow even these weak principles. There is much more lacking in these “best practices,” but there is one good thing: this document helps to make the case for why we need to enact laws and regulations to protect our privacy. If this is the “best” that businesses can do to address the privacy implications of collecting and using one of the most intimate types of individuals’ personal data – their facial images – it falls so short that it cannot be taken seriously and it demonstrates the ineffectiveness of the NTIA multistakeholder process.
  • Blog

    AT&T: See databrokers they use in attached doc. "Best Practices"

    How to optimize results on this groundbreaking platform

    Addressable TV was launched in 2012 by DIRECTV. Multi Video Program Distributors (MVPDs), such as DIRECTV, are currently the only entities offering true Addressable TV due to required access of both the video distribution system and data center. MVPDs offer Addressable TV in the ad breaks they receive from program networks, such as ESPN and CNN, as part of their carriage agreements. Currently, four MVPDs (DIRECTV, DISH, Comcast, and Cablevision) offer Addressable TV and that footprint is set to grow to 40 million households by end of year1. With AT&T’s acquisition of DIRECTV in 2015, AT&T AdWorks now has the largest national addressable platform, offering Addressable TV advertising across nearly 13 million DIRECTV households out of the 26 million combined DIRECTV and U-verse TV households. In a recent study conducted by Adweek and AT&T AdWorks, a survey of leading marketers indicated that current TV buying (without addressability) isn’t meeting marketing needs and there is both frustration and a desire to reach relevant audiences more effectively. Nearly all respondents agree that there is too much waste associated with TV and that traditional methods of measurement are outdated. As a result, over 80% are shifting TV dollars into digital for greater accountability and effectiveness. However, nearly all agree that TV would be more attractive if they “could target more finely.” As the leader in Addressable TV, AT&T AdWorks has run hundreds of campaigns across a wide array of advertisers and verticals. The purpose of this white paper is to share the learnings from those experiences to inform future campaigns and advertisers – and to demonstrate that TV still remains the most impactful advertising medium made even more effective by addressability. --- For more information, see the AT&T White Paper PDF.
  • In the Matter of Petition of Public Knowledge, Center for Digital Democracy, Consumer Watchdog, Consumer Federation of America, and TURN —The Utility Reform Network Introduction: 47 U.S.C. §551 and 47 U.S.C. § 338(i) (collectively referred to as “privacy rules”) require that cable and satellite providers (herein referred to as “cable operators”) obtain the “written or electronic consent of the subscriber concerned” prior to the collection and use of that information for advertising purposes. Cable operators are also required to provide a written statement to their subscribers, which clearly and conspicuously informs the subscriber of the nature of the use of their personally identifiable information. Through these rules, Congress and the Federal Communications Commission have emphasized the importance of giving consumer’s control over how their information is being used. Despite this, cable operators have continued to use large amounts of their customers’ data without properly obtaining customer consent or informing subscribers of the extent of the use of their information. The Commission should enforce the relevant privacy provisions to ensure that cable operators only use subscriber information when they have the consent required by law. Cable Operators Collect and Share Large Amounts of Customer Data to Generate Targeted Advertising. The use of consumer data to target consumers for advertising is on the rise. Exactly how and to what extent cable operators are leveraging their customer’s data has been extensively documented in a recent report by the Center for Digital Democracy. Cable operators increasingly gather their customers’ personal information, share and combine that information with third parties, and use it to target customers for advertising on an individual level. Verizon, Comcast, Google, AT&T, Time Warner, Cablevision and others have incorporated powerful layers of data collection and digital marketing technologies to better target individuals. AT&T’s TV Blueprint, for example, “gives advertisers working with AT&T the ability to reach people based on factors like device, operating system, whether or not they’re heavy data users or the status of their carrier contract,” using “sophisticated second-by-second set- top box data” and other information. AT&T pulls data “from millions of set-top boxes” and analyzes consumer viewing history and uses these data to target consumers based on their viewing profile. Companies like Cablevision leverage granular data and precise details of household viewing behavior, and combine it with third-party data covering other intimate details of consumers’ lives to analyze and target specific individuals with video advertising across a range of screens. In their own words, “this set-top box level targeting lets marketers target customers that fit particular trends, profiles, demographics and attributes, and they can also pair the Cablevision data with their own or third-party data.” Cablevision and AT&T are not alone in their pervasive use of consumer data. Comcast recently acquired Visible World, which boasts of using data “from millions of enabled Smart TVs” as part of its advertising targeting service. Data points used to target consumers include income, ethnicity, education level, what kind of car they drive, purchase history, and location of their residence. Further, Comcast has acquired companies like This Technology, which is capable of inserting personalized content into network streams—including advertising messages tailored for specific individuals. These programs illustrate how cable providers give advertisers the ability to easily access and use a customer’s information, without that customer knowing the extent to which that information is being used. While these practices are broadly indicative of the ways many cable operators improperly use subscriber data, AT&T, Cablevision, and Comcast are among the most egregious. The Commission should investigate these practices and find that they violate the privacy rules. --- Full filed complaint attached below.
  • CDD Calls on FCC to Protect Consumer Privacy on Broadband Networks

    Comments show ISP "Big Data" techniques used to target consumers and discusses limited capabilities of FTC

    The Center for Digital Democracy (CDD), a nonprofit organization representing the interests of consumers in the digital marketplace, strongly supports the Federal Communication Commission’s (FCC) proposal to empower individuals to make effective decisions regarding their privacy on broadband networks. Broadband Internet access service (BIAS) plays a powerful and distinctive role in the commercial digital media marketplace, requiring precisely the set of sensible safeguards offered by the Notice of Proposed Rulemaking (NPRM). CDD believes it is entirely necessary and consistent with the Communications Act that the commission extend longstanding consumer-protection policies for the telephone network into the modern broadband context. The role of the network in the broadband marketplace has a distinct purpose compared to so-called “edge” content providers: to facilitate a fairly managed and efficient connection between the subscriber/consumer and the content and/or services of their choice. Given their network-management role, BIAS providers have unique capabilities in terms of monitoring the communications and activities of their subscribers, enabling the capture and use of an extensive array of personal and other consumer information. Positioned by necessity at the center of subscribers’ wireline or wireless broadband use, and holding a “digital key” that can help analyze much of their users’ digitally connected behaviors, BIAS providers have unlimited opportunities to influence the decisions consumers make via data-collection-related applications and services. Consumers today confront a far-reaching and largely invisible data-gathering apparatus that tracks and analyzes their every move online. For example, as the FTC has acknowledged, the growth of cross-device tracking, enabling the identification of a particular consumer’s use of personal computers, mobile phones, tablets, and increasingly even television, and combining multiple sources of data for the development of a targeting profile, illustrates how recent advances in digital data collection pose growing threats to consumer privacy. Indeed, the journal of the Association of National Advertisers explained just last month, “cross-device marketing … allows unprecedented access to individual consumers via personal or shared household devices. … Data-driven cross-device marketers gain exclusive access to a slew of advantageous marketing enhancements, including consistent messaging across all devices … .” Leading BIAS providers promise such cross-device targeting capabilities. Lacking the ability to enact regulations to protect privacy (except for children 12 and under), the FTC has been powerless to ensure consumer protection from cross-device tracking practices, let alone from the growing myriad of practices that gather consumer data from social media, mobile app, online video usage, programmatic targeting, and many other practices. Without the authority to issue regulations on privacy-related matters connected to consumer financial services, for example, the FTC has been forced to rely on its Section 5 authority related to unfair and deceptive practices. In practical terms, this has enabled the digital-data industry to recognize that there are no real constraints to their rapidly expanding collection, analysis, and use of consumer data. The FTC has long recognized that its inability to issue regulations has placed the agency at a serious disadvantage, and has called for the enactment of new regulatory authority. For example, as former FTC Chairman Jon Leibowitz testified before Congress in 2009, in order for the agency “to perform a greater and more effective role protecting consumers … changes in the law and additional authority to promulgate needed rules …” are required. As CDD explained in its March 2016 report on the growth of digital data gathering by leading ISPs (and filed separately in this proceeding), companies such as ATT, Comcast, Verizon, Cablevision, and Charter have made significant investments in their ability to capture, process, and take advantage of a consumer’s information across all the devices they use daily. They are using cloud- and IP-based management systems to deliver data-connected advertising and marketing; have invested in or allied with real-time programmatic marketing technologies that, in milliseconds, make personalized ad-related decisions on which consumers to target and for what product; and have acquired numerous companies that strengthen their hold and use of consumer information, including data gathered by their consumers’ use of apps, online video, and mobile phones... Key characteristics of the BIAS data collection apparatus include: [see attached comments for full submission]
  • Blog

    Katharina Kopp Joins CDD as Deputy Director and Director of Policy

    Leading Privacy Advocate Will Direct CDD’s Work on Big Data and the Public Interest

    Katharina Kopp, Ph.D., will join the Center for Digital Democracy (CDD) on 6 June 2016 as its deputy director and director of policy. Dr. Kopp comes to CDD with decades of experience as an advocate, scholar, policy analyst, privacy expert, and corporate leader. She will develop and oversee a range of new initiatives at CDD, expanding the scope of its work on the role and impact of “Big Data” in contemporary society. Dr. Kopp will focus particularly on developing new policies to advance individual autonomy and consumer protections, as well as social justice, equity, and human rights. She will also play a leadership role in the organization’s ongoing constituency-building and grassroots efforts. Dr. Kopp worked with the Center for Media Education during the 1990’s and served as a key policy advocate during the passage and implementation of the Children’s Online Privacy Protection Act (COPPA). In addition to her work with the Aspen Institute, the Benton Foundation, and the Health Privacy Project, Dr. Kopp served as vice president at American Express, leading its global privacy risk management program. Most recently she was the director of the Privacy and Data Project at the Center for Democracy and Technology. “We are privileged to have Katharina Kopp join CDD,” said Jeff Chester, its executive director. “Her unique leadership qualities and rich background will shape the organization’s agenda in this important new phase of our work. This includes forging partnerships with global NGOs, research institutions, and community-based organizations.” Dr. Kopp, deputy director, added: “I look forward to exploring the effects of technology and discriminatory data practices on democracy and social justice, particularly the effects on individual autonomy and increasing inequality. How to respond to these trends with appropriate public policy will be core to my work. Furthermore, I want to see CDD engaged in shaping the public’s understanding of these processes and to frame the solutions not in individualistic but collective and systemic terms. I believe that this will be key to the success of any policy proposals.” The Center for Digital Democracy is a leading nonprofit organization focused on empowering and protecting the rights of the public in the digital era. Since its founding in 2001 (and prior to that through its predecessor organization, the Center for Media Education), CDD has been at the forefront of research, public education, and advocacy protecting consumers in the digital age.
    Jeff Chester
  • Set-top Box market should be open, but consumers and privacy protected, CDD tells FCC

    Calls for Safeguards for sensitive data, including protecting youth, seniors, and use of ethnic/racial information in FCC"s Navigational Device Proceeding

    The Center for Digital Democracy (CDD), which works to empower and protect consumers in the digital marketplace, endorses the Federal Communications Commission’s (FCC) important proposal to provide both choice and competition in the provision of navigational devices for video and related content. CDD strongly believes that the FCC should proceed with its plan to allow third parties to build and sell navigational devices. We support giving these developers/providers access to the information proposed in the NPRM, including Service Discovery, Entitlement, and Content Delivery data. For decades, a handful of powerful cable—and now also telephone—companies have held a monopoly over the design, availability, and use of set-top boxes. This has resulted in greater costs to subscribers, including an especially unfair burden on low- or limited-income consumers. The set-top stranglehold has impaired competition and programming diversity, and has undermined consumer privacy. --- Full PDF of filing attached.
  • Phone and cable ISPs pose a major threat to the privacy of their subscribers and consumers. They have a growing arsenal of “Big Data” capabilities that eavesdrop on their customers—including families. Internet Service Providers are gathering data on what we do and where we go, using sophisticated algorithms and predictive analytics to sell our information to marketers. As CDD documented in a report released last week, ISPs have been on a data buying and partnering shopping spree so they can build in-depth digital profiles of their customers (such as Verizon (link is external)/AOL/Millennial Media and Comcast/ (link is external)Visible World). Consumers should have the right to make decisions on how their information can be collected, shared or sold. With a set of FCC safeguards, Americans will have some of their privacy restored. We look forward placing on the record all the ways those ISPs now—and will—threaten the privacy of Americans. Several commissioners appear uninformed about the ability of the FTC to protect consumer privacy. The FTC does not have the regulatory authority to ensure privacy of Americans is protected (except in rare cases, such as the Children’s privacy law we helped develop). The FTC’s framework has failed to do anything to check the massive collection of our data that everyone online confronts. It’s the role of the FCC to ensure that broadband networks operate in the public interest, including protecting consumers. Today’s vote reaffirms that the FCC takes its mission to do so seriously.
    Jeff Chester