Ed's Blog

U.S. PIRG and Leading Groups Support Findings of Norwegian Privacy Report

By Ed Mierzwinski
Senior Director, Federal Consumer Program

Today, in support of a report by colleagues from the Norwegian Consumer Council (NCC) on whether the data sharing and privacy practices of a number of dating and other smartphone apps were in compliance with European privacy rules (GDPR) or the new California Consumer Privacy Act (CCPA), U.S. PIRG and other leading groups sent joint letters to key policymakers, including the California, Oregon and Texas Attorneys General, the Federal Trade Commission and all members of the U.S. House and Senate

The report, Out of Control: How consumers are exploited by the adtech industry, by NCC, a leading European consumer group with which we have often collaborated, has already been featured in both the New York Times and Consumer Reports. The subtitle to the New York Times story accurately summarized the report: "Norwegian research raises questions about whether certain ways of sharing of information violate data privacy laws in Europe and the United States."

My comment in our US coalition press release (full release below) explained why Congress must not accept the claims of industry proponents seeking to enact a federal privacy law that eliminates, or preempts, stronger state action. 

“U.S. PIRG is not surprised that U.S. firms are not complying with laws giving European consumers and citizens privacy rights. After all, the phalanx of industry lobbyists besieging Washington, D.C., has been very clear that its goal is simply to perpetuate a 24/7/365 surveillance capitalism business model, while denying states the right to protect their citizens better and denying consumers any real rights at all.”

U.S. PIRG and other members of the Privacy and Digital Rights for All coalition plan to continue to oppose efforts by powerful Internet, telephone, cable and advertising industry lobbyists to enact a such a preemptive federal law. Instead, we urge Congress to enact legislation such as the Consumer Online Privacy Rights Act proposed by Senator Maria Cantwell (WA) and others.

Our full joint press release in support of the Norwegian Consumer Council report Out of Control, followed by comments from leading experts from each group, appears below. 

Popular Dating, Health Apps Violate Privacy

Leading Consumer and Privacy Groups Urge Congress, the FTC, State AGs in California, Texas, Oregon to InvestigatePrivacy Groups Urge Congress, the FTC, State AGs in California, Texas, Oregon to Investigate

WASHINGTON, D.C. – Nine consumer groups today asked the Federal Trade Commission (FTC), congressional lawmakers and the state attorneys general of California, Texas and Oregon to investigate several popular apps available in the Google Play Store. A report released today by the Norwegian Consumer Council (NCC) alleges that the apps are systematically violating users’ privacy. 

The report found that 10 well-known apps – Grindr, Tinder, OkCupid, Happn, Clue, MyDays, Perfect365, Qibla Finder, My Talking Tom 2 and Wave Keyboard – are sharing information they collect on users with third-party advertisers without users’ knowledge or consent. The European Union’s General Data Protection Regulation forbids sharing information with third parties without users’ knowledge or consent.

When it comes to drafting a new federal privacy law, American lawmakers cannot trust input from companies who do not respect user privacy, the groups maintain. Congress should use the findings of the report as a roadmap for a new law that ensures that such flagrant violations of privacy found in the EU are not acceptable in the U.S.

The new report alleges that these apps (and likely a great many others) are allowing commercial third parties to collect, use and share sensitive consumer data in a way that is hidden from the user and involves parties that the consumer neither knows about nor would be familiar with. Although consumers can limit some tracking on desktop computers through browser settings and extensions, the same cannot be said for smartphones and tablets. As consumers use their smartphones throughout the day, the devices are recording information about sensitive topics such as our health, behavior, religion, interests and sexuality.

“Consumers cannot avoid being tracked by these apps and their advertising partners because they are not provided with the necessary information to make informed choices when launching the apps for the first time. In addition, consumers are unable to make an informed choice because the extent of tracking, data sharing, and the overall complexity of the adtech ecosystem is hidden and incomprehensible to average consumers,” the letters sent to lawmakers and regulators warn.

The nine groups are the American Civil Liberties Union of California, Campaign for a Commercial-Free Childhood, the Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumer Reports, the Electronic Privacy Information Center (EPIC), Public Citizen and U.S. PIRG. In addition to calling for an investigation, the groups are calling for a strong federal digital privacy law that includes a new data protection agency, a private right of action and strong enforcement mechanisms.

Below are quotes from groups that signed the letters:

“Every day, millions of Americans share their most intimate personal details on these apps, upload personal photos, track their periods and reveal their sexual and religious identities. But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people’s knowledge. Industry calls it adtech. We call it surveillance. We need to regulate it now, before it’s too late.”

-- Burcu Kilic, digital rights program director, Public Citizen

“The NCC’s report makes clear that any state or federal privacy law must provide sufficient resources for enforcement in order for the law to effectively protect consumers and their privacy. We applaud the NCC’s groundbreaking research on the adtech ecosystem underlying popular apps and urge lawmakers to prioritize enforcement in their privacy proposals.”

-- Katie McInnis, policy counsel, Consumer Reports

“U.S. PIRG is not surprised that U.S. firms are not complying with laws giving European consumers and citizens privacy rights. After all, the phalanx of industry lobbyists besieging Washington, D.C., has been very clear that its goal is simply to perpetuate a 24/7/365 surveillance capitalism business model, while denying states the right to protect their citizens better and denying consumers any real rights at all.”

-- Ed Mierzwinski, senior director for federal consumer programs, U.S. PIRG

“This report reveals how the failure of the U.S. to enact effective privacy safeguards has unleashed an out-of-control and unaccountable monster that swallows up personal information in the EU and elsewhere. The long unregulated business practices of digital media companies have shred the rights of people and communities to use the internet without fear of surveillance and manipulation. U.S. policymakers have been given a much-needed wake-up call by Norway that it’s overdue for the enactment of laws that bring meaningful change to the now lawless digital marketplace."

-- Jeff Chester, executive director, Center for Digital Democracy

“For those of us in the U.S., this research by our colleagues at the Norwegian Consumer Council completely debunks the argument that we can protect consumers’ privacy in the 21st century with the old notice-and-opt-out approach, which some companies appear to be clinging to in violation of European law. Business practices have to change, and the first step to accomplish that is to enact strong privacy rights that government and individuals can enforce.”

-- Susan Grant, director of consumer protection and privacy, Consumer Federation of America

“The illuminating report by our EU ally the Norwegian Consumer Council highlights just how impossible it is for consumers to have any meaningful control over how apps and advertising technology players track and profile them. That’s why Consumer Action is pressing for comprehensive U.S. federal privacy legislation and subsequent strong enforcement efforts. Enough is enough already! Congress must protect us from ever-encroaching privacy intrusions.”

-- Linda Sherry, director of national priorities, Consumer Action

“For families who wonder what they’re trading off for the convenience of apps like these, this report makes the answer clear. These companies are exploiting us – surreptitiously collecting sensitive information and using it to target us with marketing. It’s urgent that Congress pass comprehensive legislation which puts the privacy interests of families ahead of the profits of businesses. Thanks to our friends at the Norwegian Consumer Council for this eye-opening research.

-- David Monahan, campaign manager, Campaign for a Commercial-Free Childhood

“This report highlights the pervasiveness of corporate surveillance and the failures of the FTC notice-and-choice model for privacy protection. Congress should pass comprehensive data protection legislation and establish a U.S. Data Protection Agency to protect consumers from the privacy violations of the adtech industry.”

-- Christine Bannan, consumer protection counsel, EPIC

 

Support Us

Your donation supports NJPIRG's work to stand up for consumers on the issues that matter, especially when powerful interests are blocking progress.

CONSUMER ALERTS

Join our network and stay up to date on our campaigns, get important consumer updates and take action on critical issues.
Optional Member Code



NJPIRG is part of The Public Interest Network, which operates and supports organizations committed to a shared vision of a better world and a strategic approach to getting things done.