The Federal Trade Commission (FTC) is putting pressure on internet broadband providers to reveal exactly what data they’re collecting – and how they are using it.
The FTC on Tuesday issued orders to seven U.S. ISPs requesting that they detail how they collect, retain, use and disclose information about consumers and their devices. The seven companies are: AT&T, AT&T Mobility, Comcast Cable/Xfinity, Google Fiber, T-Mobile USA, Verizon Communications and Cellco Partnership (Verizon Wireless).
“The FTC is initiating this study to better understand internet service providers’ privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content,” the FTC said in a Tuesday statement. “Under current law, the FTC has the ability to enforce against unfair and deceptive practices involving internet service providers.”
Specifically, the FTC is seeking out different categories of personal information collected, copies of companies’ disclosures to consumers regarding data-collection practices and the purpose behind collecting certain streams of data.
When asked how the commission picked the seven firms, an FTC spokesperson told Threatpost that “the seven recipients of our Order represent a range of large and small ISPs, as well as fixed and mobile internet providers.”
The FTC’s order said that the seven companies have 45 days to complete its request. Requested collection must be from July 1, 2017, it said.
“It is important for the federal agency to get an understanding of what the ISPs intend to do with their uniquely powerful window into our online activities after having aggressively and successfully lobbied Congress to repeal our broadband privacy rights just two years ago,” Ernesto Falcon, legislative counsel with the Electronic Frontier Foundation, told Threatpost. “ISPs are the only internet market entity that can can connect the dots of your entire internet experience as you have to tell them where you are going online for them to render you the broadband service.”
The FTC and ISPs have long butted heads when it comes to data privacy, particularly because of the troves of data that ISPs maintain between the various devices that consumers utilize.
In 2015, Verizon drew flak for an ad-targeting program that relies on the supercookie identifier that was inserted into the web requests users send. More recently, in 2018, reports also emerged that four large U.S. cell carriers – AT&T, Sprint, T-Mobile and Verizon – were selling real-time location data to companies like LocationSmart, Zumigo and others.
While major ISPs like Comcast, AT&T and Verizon have made informal pledges to not sell customers’ individual internet browsing information, that hasn’t stopped ISP privacy regulations from coming to the forefront, with 22 states drafting their own ISP privacy rules.
In the past, measures have been taken attempting to prevent ISPs from collecting and selling web browsing histories, app usage histories and other private user information to advertisers and other companies. In 2016, the Federal Communications Commission (FCC) debuted rules that would have prevented broadband ISPs from tracking and selling its customers’ online information. However, in April 2017, President Trump repealed these efforts.
Moving forward, an FTC spokesperson told Threatpost that the commission will “determine next steps after we receive and evaluate the requested information.”
