Are Broadband Providers Putting Consumers’ Privacy at Risk?

Font Size:

Advocacy groups push the FCC to address data sharing among Internet companies.

Font Size:

While deciding whether to pursue a career in law, Cate Barrett did what many potential law school students do: she enrolled in an online prep class for the Law School Admission Test and visited several schools’ websites.

It did not take long for Cate to start seeing law school-related advertisements in her web browser every time she went online. She received emails containing ads for universities, and her personal Facebook account displayed information about admission test tutoring sessions.

“I was already worried about uprooting my life and going back to school,” she said, recalling the stress caused by the prospect of starting school in another city. “It was even more stressful to have this private decision seem so public.”

Cate’s experience is typical of many other online users who receive tailored ads based on recent web browsing—a common practice called “behaviorally targeted” advertising.

Consumer protection groups are increasingly expressing concern that high-speed Internet service providers are sharing subscribers’ data with entities like advertisers that use online information for targeted advertising.

In a January 2016 letter to the U.S. Federal Communications Commission (FCC), over fifty advocacy groups pushed for the agency to propose privacy rules that would prevent broadband providers from sharing subscribers’ data without first obtaining consent. The groups have also asked for rules that would require broadband providers to be transparent about their data collection procedures and allow subscribers to learn who can access their data.

The letter noted that, although broadband providers have significant insight into consumers’ online behavior, their legal duties relating to privacy safeguards remain unclear. Specifically, supporters of privacy protections have pointed to concerns about discriminatory practices that can result from unregulated use of behaviorally targeted advertising and data sharing.

By profiling users through their online habits and interests, advertisers can identify the highest price that different consumers will pay and present these maximum price points, said Nathan Newman, director of Data Justice. He then asserted that certain companies use this strategy to identify particularly vulnerable consumers—like the less educated or elderly—to tempt them with bad deals such as subprime credit offers. According to Newman, this selective targeting could actually deepen economic disparities by preying on consumers with lower incomes.

“The increasing information asymmetry in consumer markets, driven by data mining and facilitated by online services may be an additional significant cause of this overall increase in economic inequality,” Newman stated.

Additionally, a 2014 report from the U.S. Federal Trade Commission raised the issue that targeted advertising could result in consumers receiving ads focused on sensitive issues like finances or health, which could trouble some users and cause consumers to distrust the online marketplace.

The FCC recently voted to re-categorize broadband Internet service as a telecommunications service under the Communications Act, enabling the agency to apply consumer privacy protections to broadband providers. Although the FCC issued an “enforcement advisory” indicating that broadband providers must have effective privacy protections in place, the agency has not yet published any detailed privacy rules addressing this issue.

Digital rights advocates claim the reclassification of the Internet affords an opportunity to publish rules that would protect consumers. For example, the FCC could require broadband providers to get affirmative consent when they collect and share consumers’ personal data.

But some telecommunications journalists have suggested that strict privacy rules are unrealistic given current technology and consumer expectations. Many users want online devices that seamlessly manage their lives, which necessitates considerable data collection and information exchange. Consequently, getting subscribers’ permission in every instance of data sharing may not always be feasible.

Even with privacy rules in place, it may still be challenging for a company to obtain meaningful consent from subscribers. One telecommunications writer argued that, if the FCC promulgates privacy rules, “all that will happen is that consumers will be faced with a massive privacy document filled with legal speak that no one understands or has the time to read.” His prediction is that consumers will hastily agree without reading the fine print, and therefore little will change.

Privacy experts have raised concerns about broadband providers sharing subscriber data with advertising companies. Verizon made headlines last year, for instance, by apparently giving customer information to the advertising company Turn without users’ consent. Turn allegedly used the information to track Verizon subscribers’ website and app use.

Websites and advertising networks also track consumers’ browsing activity through cookies, or codes that are stored on a web browser after a user views a website. That information is then used for targeted advertising. Consumers can delete their cookies if they want to cover up their online trail.

However, Turn’s tracking system apparently could not be removed, and it regenerated even after consumers attempted to delete it. Privacy advocates said this resulted in a covert and unavoidable monitoring device that could potentially be misused because users had no way of maintaining their privacy or preventing third parties from tracking their online movements.

Verizon has emphasized that the data provided to Turn did not contain personally identifiable information. But after facing a class action lawsuit over the tracking system, Verizon apparently announced that its customers could opt out of the company’s data sharing system. Turn also issued a statement indicating that its tracking system could no longer restore itself after a consumer deletes it.

Another broadband provider, AT&T, has also allegedly tried to implement a similar tracking system but stopped after receiving critical media coverage.

The January letter from consumer advocates also asked the FCC to “hold broadband providers accountable for any failure to take suitable precautions to protect personal data collected from users” and to inform subscribers of any data breaches.

The FCC has not yet responded to the letter. Although not remarking specifically on the letter, an FCC spokesperson has referenced recent comments from FCC Chair Tom Wheeler, who reportedly stated he intends to tackle the problem soon.