Publishings Digital Citizen

Washington, DC: The Center for Digital Democracy (CDD), along with U.S. PIRG, Consumer Watchdog, and Public Citizen, called on the Federal Trade Commission to launch an investigation into the impact on the American public of growing consolidation in consumer offline and online data sources and digital marketing applications. The groups also asked for the FTC to hold a public workshop focused on ensuring Americans receive 21st century safeguards protecting their privacy in online transactions, and a truly competitive marketplace.The letter comes after the approval by the Department of Justice of the “Big Data”-driven acquisition by the Oracle Corporation of data broker Datalogix. The merger—announced in late December and approved just three weeks later—would create, in Oracle’s words, “the world’s most valuable data cloud” for digital marketing, connecting and unifying “a consumer’s various identities across all devices, screens and channels.” The deal is the second recent major data broker acquisition by Oracle, which purchased leading online consumer information firm BlueKai last year. The Oracle/Datalogix transaction should have triggered involvement by the FTC, given its expertise on the digital data industry, the groups noted.The letter to FTC Chairwoman Ramirez also underscored that the Oracle/Datalogix merger raised serious privacy and consumer concerns, which required scrutiny by the Bureau of Consumer Protection as well. The combined companies’ datasets include financial, racial, location, and other sensitive data, as well as issues involving the EU/U.S. Safe Harbor agreement and the Google and Facebook Consent Decree settlements. The merger also implicates a number of consumer-protection matters, such as financial marketing and auto sales, where the FTC has a congressional mandate to protect the public.The group’s letter to the FTC (attached below) provides an inside look at the role of consumer data in today’s digital marketplace, in which companies not only amass enormous amounts of information on consumers’ online and offline activities, but exchange that information with partners and affiliates for the purposes of analytical scrutiny and personalized targeting. “This transaction,” the letter explains, “highlights the crosscutting dimensions of the contemporary ‘Big Data’ digital marketplace, where competition and consumer-protection issues are intertwined.”“The American public deserves to know how the consolidation and use of their information affects their daily lives,” the letter concludes, “from the prices they pay and the services they are offered to what this transaction means for their privacy. We urge the FTC to develop a more effective approach to identifying new problems and threats to competition and consumer protection in the Big Data era.”“The Oracle/Datalogix deal reflects the digital data ‘arms race’ underway where companies are amassing powerful and detailed sets of information to track and target a consumer anywhere, anytime,” explained Jeff Chester, CDD’s executive director. “Control over an individual’s information, and the capabilities to use it effectively in today’s Big Data era, are falling into fewer hands. Unfortunately, these critical mergers suffer from ‘premature approval syndrome,’ sanctioned by regulators without adequate analysis and discussion. As the country’s chief regulatory agency protecting privacy and the online consumer marketplace, the FTC needs to show greater leadership by fostering 21st Century safeguards.”“Our letter also urges antitrust authorities to update their market analysis to reflect that digital markets aren’t the same as markets for groceries or steel,” said Ed Mierzwinski, consumer program director for U.S. PIRG. “21st century markets need a 21st century analysis that takes into account the unique ways that fewer, bigger firms leverage even greater market power over consumer data through partnerships and joint ventures.”“The Oracle/Datalogix deal is an example of how powerful companies are amassing unprecedented amounts of data, distorting traditional markets, limiting competition and consumer control,” said John M. Simpson, Consumer Watchdog’s Privacy Project director. “The FTC needs to act quickly and decisively to ensure its regulatory procedures keep pace with the threats of 21st century data-driven markets.”“As evidenced now by Oracle’s acquisition of Datalogix, a handful of Data Titans hope to aggregate personal and private data about everyone, so they know where we go, what we do, whom we see, what we want, what we think and what we say,” said Rob Weissman, president of Public Citizen. “The marketers’ intrusion on our privacy is vastly outpacing public protections, or even public awareness. Consumer protection authorities need to take a very hard look at the Oracle deal and industry concentration more generally. There’s no reason for us to be racing toward a dystopian future of total surveillance.”

The Federal Trade Commission has issued a powerful and disturbing privacy wake-up call. The report reveals the largely invisible Big Data-driven complex that regularly spies on every American, comprehensively following our activities both online and off. It delivers a critical “black eye” to the data-broker industry, which has cynically expanded its surveillance on Americans without regard to their privacy. Unlike the White House’s Big Data reports issued earlier this month, the FTC study provides a much more realistic—and chilling—analysis of an out-of-control digital data collection industry. However, the commission’s calls for greater transparency and consumer control are insufficient. The real problem is that data brokers—including Google and Facebook—have embraced a business model designed to collect and use everything about us and our friends—24/7. Legislation is required to help stem the tide of business practices purposefully designed to make a mockery of the idea of privacy for Americans.******Here are the key findings from the FTC report that illustrate how the data industry requires major reform:VIII. FINDINGS AND RECOMMENDATIONS This report reflects the information provided in response to the Orders issued to nine data brokers, information gathered through follow-up communications and interviews, and information gathered through publicly available sources. Based primarily on these materials about a cross-section of data brokers, the Commission makes the following findings and recommendations: A. Findings 1. Characteristics of the Industry ⊲⊲ Data Brokers Collect Consumer Data from Numerous Sources, Largely Without Consumers’ Knowledge: Data brokers collect data from commercial, government, and other publicly available sources. Data collected could include bankruptcy information, voting registration, consumer purchase data, web browsing activities, warranty registrations, and other details of consumers’ everyday interactions. Data brokers do not obtain this data directly from consumers, and consumers are thus largely unaware that data brokers are collecting and using this information. While each data broker source may provide only a few data elements about a consumer’s activities, data brokers can put all of these data elements together to form a more detailed composite of the consumer’s life. ⊲⊲ The Data Broker Industry is Complex, with Multiple Layers of Data Brokers Providing Data to Each Other: Data brokers provide data not only to end-users, but also to other data brokers. The nine data brokers studied obtain most of their data from other data brokers rather than directly from an original source. Some of those data brokers may in turn have obtained the information from other data brokers. Seven of the nine data brokers in the Commission’s study provide data to each other. Accordingly, it would be virtually impossible for a consumer to determine how a data broker obtained his or her data; the consumer would have to retrace the path of data through a series of data brokers. ⊲⊲ Data Brokers Collect and Store Billions of Data Elements Covering Nearly Every U.S. Consumer: Data brokers collect and store a vast amount of data on almost every U.S. household and commercial transaction. Of the nine data brokers, one data broker’s database has information on 1.4 billion consumer transactions and over 700 billion aggregated data elements; another data broker’s database covers one trillion dollars in consumer transactions; and yet another data broker adds three billion new records each month to its databases. Most importantly, data brokers hold a vast array of information on individual consumers. For example, one of the nine data brokers has 3000 data segments for nearly every U.S. consumer. ⊲⊲ Data Brokers Combine and Analyze Data About Consumers to Make Inferences About Them, Including Potentially Sensitive Inferences: Data brokers infer consumer interests from the data that they collect. They use those interests, along with other information, to place consumers in categories. Some categories may seem innocuous such as “Dog Owner,” “Winter Activity Enthusiast,” or “Mail Order Responder.” Potentially sensitive categories include those that primarily focus on ethnicity and income levels, such as “Urban Scramble” and “Mobile Mixers,” both of which include a high concentration of Latinos and African Americans with low incomes. Other potentially sensitive categories highlight a consumer’s age such as “Rural Everlasting,” which includes single men and women over the age of 66 with “low educational attainment and low net worths,” while “Married Sophisticates” includes thirty-something couples in the “upper-middle class . . . with no children.” Yet other potentially sensitive categories highlight certain health-related topics or conditions, such as “Expectant Parent,” “Diabetes Interest,” and “Cholesterol Focus.” ⊲⊲ Data Brokers Combine Online and Offline Data to Market to Consumers Online: Data brokers rely on websites with registration features and cookies to find consumers online and target Internet advertisements to them based on their offline activities. Once a data broker locates a consumer online and places a cookie on the consumer’s browser, the data broker’s client can advertise to that consumer across the Internet for as long as the cookie stays on the consumer’s browser. Consumers may not be aware that data brokers are providing companies with products to allow them to advertise to consumers online based on their offline activities. Some data brokers are using similar technology to serve targeted advertisements to consumers on mobile devices.

Twenty-eight consumer, child advocacy and public health groups submitted this letter today to President Obama's review on "Big Data" team. Among the groups signing the letter included the African American Colloboraative Obesity Research Network, American Academy of Child & Adolescent Psychiatry, Consumers Union, Children Now, Common Sense Media, CFA, Interfaith Center on Corporate Responsibility, Momsrising, National Consumers League, Praxis Project and Salud America! "A broad coalition of child, public health and consumer advocacy groups have come together to send a strong message that children and adolescents need serious protections in this age of Big Data, " explained CDD's associate director Joy Spencer. "The White House should adopt recommendations that ensure that this vulnerable group is protected from Big Data practices that undermine their health, well being and privacy."

The new FTC rules designed to better protect children's privacy kick-in on July 1, 2013. CDD and colleagues led a four-year campaign to help create these safeguards. The new rules better protect kids from stealth online tracking, the collection of their geo-location information by apps and mobile devices, data gathered by social media, etc. Here's a guide for parents to help them understand how to make COPPA work for them. Groups interested in learning how they can monitor online sites to ensure they are following the new safeguards, as well as file complaints with the FTC, can email us for a free COPPA compliance guide.

Today, the United States Trade Representatives convenes two days of hearings (see attached agenda) to help it formulate a negotiating policy for the forthcoming EU/U.S. trade pact--known as the Transatalantic Trade and Investment Partnership (TTIP). CDD is one of the consumer groups that has been asked to brief its Policy Staff Committee.A number of U.S. industry groups, including the "Digital Trade Coalition" (Sidley & Austin) and the Coaltion for Privacy & Free Trade (Hogan Lovells)--in what illustrates how healthy fiction writing is at some law firms--paint a picture of a robust system protecting privacy here (we've attached their comments to USTR as well because they are worth reviewing to illustrate what the online data lobby agenda is). These coalitions want the U.S. to seek a trade deal that would allow our ineffective privacy regime to be considered "interoperable" with the EU's human rights and civil liberties robust approach. As we will explain later today, the U.S. is just at the very beginning in its efforts to protect consumer privacy in the digital era--hampered by many of the very forces these business coalitions represent. A number of U.S. online data companies, for example, are even unwilling to support even a modest Do Not Track standard, or stronger rules to protect youth, let alone serious privacy legislation.Consumer and privacy groups which are also members of the Transatantlic Consumer Dialogue will also speak on the TTIP, including on its impact on health, food safety, IP and other issues.

This letter was sent today to new FTC Chairwoman Edith Ramirez by three-dozen NGOs--including the national leaders in the consumer and privacy fields.