The Federal Trade Commission is investigating the privacy practices of major Internet service providers, and has ordered top ISPs to disclose whether they share user web browsing histories, device location information, and other sensitive data with third parties. third. ISPs also have to provide details on how they collect and use personal information to target ads at customers.
FTC yesterday sent order demanding information to AT&T, Comcast, Google Fiber, T-Mobile, and Verizon. In the cases of AT&T and Verizon, the FTC issued separate information requests for the companies’ home Internet and mobile broadband divisions.
All major ISPs refused to sell or share their users’ browsing histories and other sensitive information in 2017, when they allowed Congress and President Trump to avoid enforcing broadband privacy laws. But since then, it has been reported that T-Mobile, Sprint, and AT&T are selling their mobile customers’ location information to third-party data brokers despite promising not to do so.
The FTC beginning tells ISPs that they must provide even confidential information in response to the agency’s requests, though it’s unclear whether the FTC will make any of that public.
FTC Chairman Joseph Simons yesterday said the commission plans “much more,” including hearings, workshops, investigations, “and strong enforcement actions.” according to Politics. When issuing the orders, the FTC noted that it has the authority to “enforce unfair and deceptive practices involving Internet service providers.”
“The FTC is initiating this investigation to understand the privacy practices of Internet service providers in light of the evolution of telecommunications companies into vertically integrated platforms that also provide ad-supported content,” the commission said.
Definition of “personal information”
ISPs must file the necessary reports containing all the information requested within 45 days of receiving the orders. The FTC voted 5-0 to grant the orders.
To comply with the mandates, ISPs must (among other things) describe in detail the personal information they collect about their customers and devices, how ISPs combine personal information from different sources, such as they store and protect personal information, what they use personally. information for, and “whether such information is disclosed to any third party.” ISPs must identify each third party that has received personal information and “fully describe the types of information disclosed to each third party.” ISPs must also state whether they receive personal information about customers from third parties.
The FTC regulations define “personal information” as follows:
Information about a particular user or device, including: (a) first and last name; (b) home or other physical address, including street name and city or town name, or other information about the individual’s location, including but not limited to location from cellular tower information, fine or coarse location, or GPS coordinates ; (c) email address or other online contact information, such as an instant messaging user identifier or screen name; (d) telephone number; (e) a persistent identifier, such as a customer number contained in a “cookie,” a static Internet Protocol (“IP”) address, a device identifier, a device fingerprint, a hashed identifier, or a processor serial number; (f) non-public communications and content, including, but not limited to, email, text messages, photos, videos, audio, or other digital images or audio content; (g) Internet browsing history, search history, or list of URLs visited; (h) video, audio, cable, or TV viewing; (i) biometric data; or (j) health or medical information.
If ISPs collect and/or share any of the data described above, they must notify the FTC. They also have to describe how any targeted advertising services rely on the personal information the ISPs collect.
For each ISP program or service that collects personal information, ISPs must disclose the number of subscribers and the number of “unique customers targeted, tracked, or otherwise identified by its advertising services.”
Worst service for users who choose privacy?
In cases where consumers are given a choice about whether to collect personal information, ISPs must also tell the FTC how much consumers have opted for more privacy and whether the ISPs are providing poor service to consumers. who chooses privacy.
For example, ISPs must tell the FTC if they have “offered different levels of service, quality of service, rates, pricing, rewards, or other incentives to customers who access the collection of information about themselves, devices (AT&T used to charge home Internet customers extra for privacy but ended that particular program in 2016. The FTC’s data request only covers the time from July 1, 2017 to the present.)
The FTC also asked each ISP if it had “ever denied service, or otherwise degraded the quality of service” to customers who did not access such data collection. ISPs also have to inform the FTC if they have conducted an internal investigation about this type of practice.
“(F)however, publish any internal surveys, analyses, tests, marketing research, or experiments that the company has conducted or caused to be conducted on the provision of various service levels, service quality, rates, pricing, rewards, or other incentives for consumers who engage in the collection of information about themselves, their devices, their communications, their viewing history, or their online activities,” the FTC’s letters to ISPs said.