ISPs under fire for privacy negligence

Mar 24, 2016, 1:29 PM EDT
Comcast cable box. (Source: Mr.TinDC/flickr)
Comcast cable box. (Source: Mr.TinDC/flickr)

The U.S. Federal Communications Commission is scheduled to vote next week on proposals that aim to change the way internet service providers use customer data. The F.C.C. says that there are grey areas when it comes to how much users know about where their data is going and how it’s being used when they sign up for internet service. It further notes broadband providers have not set adequate parameters for user safety or data security. Bolstering this claim is a report issued Wednesday by the Center for Digital Democracy that says that ISPs and other “leading video providers” have incorporated big data practices such as “programmatic advertising” that “buys and sells individual consumers” to other companies without the consumer’s knowledge. 

These violations are not new. For years privacy advocates have alleged that ISPs abuse user information by using it for advertising and marketing ends, even as users remain unaware of where their data is being sent. The report states:

“…ISPs have transformed TV and digital video into a vast new source of personal information, analyzing set-top box and streaming-video data for our viewing habits, and combining that information with sensitive online and offline data (including financial, health, racial, ethnic, and location) to compile detailed “digital dossiers” on millions of Americans.”

And it goes on to cite specific cases in which AT&T, Comcast, Verizon, and others have accessed and leveraged customer data.

The F.C.C. is proposing that consumers have increased choice, transparency, and security over their personal information as well as control over how broadband providers use it. It mentions that telephone networks have had “clear, enforceable privacy rules for decades, but broadband networks currently do not.” And that it is the ISP’s duty to keep user data secure.

These measures include a call for users to be notified when data breaches occur — something giant companies have handled poorly over the years as they weigh public humiliation with saving face. Some instances of these fumbled data breach cases have resulted in class action lawsuits. The F.C.C.’s proposal says that providers would be required to notify affected customers of breaches of their data no later than 10 days after discovery.

Of course, those who oppose these proposed measures say that the government should keep its hand out of the privacy pot, and leave the regulation of consumer data to the companies that host it.

If adopted, the proposals will be available for public comment before any sort of regulation is established. That period is likely to see even more polarizing opinions from consumer rights activists, privacy advocates, corporations, ISPs, general consumers, and politicians.