FTC: ISPs Collect and Monetize Far More User Data Than You’d Think
The Federal Trade Commission (FTC) found that the six largest internet service providers (ISPs) in the U.S. collect and share customers’ personal data without providing them with info on how it’s used or meaningful ways to control this process.
“Many internet service providers (ISPs) collect and share far more data about their customers than many consumers may expect—including access to all of their Internet traffic and real-time location data—while failing to offer consumers meaningful choices about how this data can be used,” the FTC said.
This was found as part of a study, started in 2019, into the privacy practices of U.S. broadband companies and related entities and how they collect, retain, use, and disclose info about consumers and their devices.
The six broadband providers included in FTC’s report are AT&T Mobility, Cellco Partnership (aka Verizon Wireless), Charter Communications Operating, Comcast (aka Xfinity), T-Mobile U.S., and Google Fiber.
The FTC also included in the study three advertising entities affiliated with these companies: AT&T’s Appnexus rebranded as Xandr, Verizon’s Verizon Online, and Oath Americas rebranded as Verizon Media.
Together, the six companies currently control roughly 98 percent of the nation’s mobile Internet market, according to the FTC.
The FTC also noted that these tech giants have expanded beyond fixed residential internet and mobile internet services into other areas.
By including voice, content, smart devices, advertising, and analytics services, they could further increase the volume of customer data they can collect and share with third parties.
Troubling data collection, protection, and sharing practices
“The report identified several troubling data collection practices among several of the ISPs, including that they combine data across product lines; combine personal, app usage, and web browsing data to target ads; place consumers into sensitive categories such as by race and sexual orientation; and share real-time location data with third-parties,” the FTC said.
As the FTC further discovered, the ISPs amass huge pools of sensitive consumer data and use it in ways their customers do not expect and could cause them harm, primarily when classifying them by demographic characteristics, including race, ethnicity, gender, or sexuality.
Although many ISPs claim to offer consumers choices, the choices they provide are often a sham, at times nudging them toward even more data sharing.
“Even though several of the ISPs promise not to sell consumers personal data, they allow it to be used, transferred, and monetized by others and hide disclosures about such practices in fine print of their privacy policies,” the FTC added.
“For example, several news outlets noted that subscribers’ real-time location data shared with third-party customers was being accessed by car salesmen, property managers, bail bondsmen, bounty hunters, and others without reasonable protections or consumers’ knowledge and consent, according to the report.”
Furthermore, because of their problematic privacy practices and protections, they can be at least as privacy-intrusive as large advertising platforms, given that they have direct access to their consumers’ entire unencrypted internet traffic.
Even when connecting to sites that encrypt their traffic or using VPNs, ISPs can still collect the domains their customers connect to and analyze their browsing behavior.
Former FCC Chair Ajit Pai blamed for current state of things
U.S. Senator Ron Wyden said in a statement following FTC’s report that Ajit Pai, the former head of the FCC, is likely the one who made it possible for tech firms to disregard their users’ privacy by harvesting and using their data for business purposes.
“If Congress needed any more proof that America desperately needs a consumer privacy law, the Federal Trade Commission’s report about internet service providers’ rampant abuse of their customers’ private, personal browsing information should be enough to get Washington to act,” Wyden said.
“Whether it’s advertisers, tech companies or Big Cable, corporate America is showing absolute contempt for the idea that consumers can control personal details about their lives. Democrats have introduced multiple comprehensive privacy bills that would crack down on this flagrant abuse.
“Finally, it’s worth remembering that former Federal Communications Commission Chair Ajit Pai opened the floodgates to ISPs’ unchecked use of browsing data when he repealed the Obama-era broadband privacy and net neutrality regulations.
“The FCC needs every tool available to stop cable companies from gouging consumers and selling their data.”
Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.
PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Privacy Ninja provides GUARANTEED quality and results for the following CORE SERVICES: