Yesterday, August 14th, the Center for Digital Democracy, a nonprofit advocacy organization based in Washington, D.C., filed a request for investigation (see the executive summary and CDD’s complaints) with the Federal Trade Commission to investigate 30 companies that CDD alleges violate the U.S.-EU Safe Harbor agreement in various ways. In a statement, CDD Executive Director Jeff Chester argues that the FTC provides “little oversight and enforcement,” and CDD calls on the FTC to “investigate and sanction the companies named in our complaint.” CDD also calls for a temporary suspension of Safe Harbor until the establishment of an “overhauled” agreement.
The complaint emerges from CDD’s “ongoing investigation of data marketing and profiling companies” and “is intended to provide the FTC with factual information and legal analysis on probable violations of Safe Harbor commitments that materially mislead EU consumers.” Specifically, CDD recommended an investigation “under three related patterns of deception”:
- “Companies are misstating their actual purposes and practices of data collection and use”;
- “Companies are misrepresenting legal facts of importance to EU consumers”; and
- “Companies have merged with and acquired other companies, expanded their data collection and profiling capabilities, changed their entire corporate structure and business plan, but not updated their Safe Harbor disclosures or made clear to consumers their ongoing duties to protect personal information.”
CDD identified “five broad concerns that illustrate the inadequacy” of Safe Harbor, namely that:
- Safe Harbor fails to provide accurate and meaningful information to EU consumers;
- Participating companies “lack…candor” regarding their “data collection apparatus, including their networks of data broker partners and even their corporate affiliations”;
- EU consumers cannot “meaningful[ly]” identify and opt-out of data collection and processing;
- Claims of consumer “anonymity” are irrelevant because marketers need not know one’s name to track and target him or her; and
- Self-described “data processors” actually “play a central role” in consumer profiling and targeting.
The 30 companies CDD names in its complaints are: Acxiom, Adara Media, Adobe, Adometry, Alterian, AOL, AppNexus, Bizo, BlueKai, Criteo, Datalogix, DataXu, EveryScreen Media, ExactTarget, Gigya, HasOffers, Jumptap, Lithium, Lotame, Marketo, MediaMath, Merkle, Neustar, PubMatic, Salesforce.com, SDL, SpredFast, Sprinklr, Turn, and Xaxis. Reaction at this point to the CDD’s complaints and request for investigation is fairly limited. The FTC has so far declined to comment, as have representatives of most named companies. Neustar’s Chief Privacy Officer, Becky Burr, told one media outlet, “We have great respect for the work of the Center for Digital Democracy, but they seem to be missing key facts here.”