The US Federal Trade Commission (FTC) on Tuesday demanded that the country’s largest broadband providers hand over their privacy policies and explain what data they collect from consumers, why, who they share it with, and how consumers can change or delete it.
In launching this broad inquiry into consumer data-handling practices, the FTC sent orders demanding answers from AT&T, Verizon, T-Mobile, Xfinity, and Google Fiber.
One of the purposes of the investigation is to figure out how consumers’ data gets used to fuel targeted advertising. From the FTC’s press release:
The FTC is initiating this study to better understand Internet service providers’ privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content. Under current law, the FTC has the ability to enforce against unfair and deceptive practices involving Internet service providers.
As it is, the lines have been blurring between digital media, social networking, search, and internet services provision, along with the many advertising bucks all those offerings present. Both Facebook and Google have dabbled in becoming ISPs, and even Amazon has reportedly mulled it over.
Besides digital players wanting to pull on their ISP pants, it goes the other way, too. When the FTC talks about the telecom industry’s evolution into vertically integrated platforms, it’s also talking about an industry that’s seen, for example, major content acquisitions by Verizon, with its purchase of AOL/Yahoo, and by AT&T, which last year acquired Time Warner as well as the advertising technology company AppNexus.
The buckets of data the FTC is after includes, according to its press release:
- The categories of personal information collected about consumers or their devices, including the purpose for which the information is collected or used; the techniques for collecting such information; whether the information collected is shared with third parties; internal policies for access to such data; and how long the information is retained;
- Whether the information is aggregated, anonymized or deidentified;
- Copies of the companies’ notices and disclosures to consumers about their data collection practices;
- Whether the companies offer consumers choices about the collection, retention, use and disclosure of personal information, and whether the companies have denied or degraded service to consumers who decline to opt-in to data collection; and
- Procedures and processes for allowing consumers to access, correct, or delete their personal information.
The orders went out on Tuesday, and the broadband providers have 45 days to respond.
This is the first time the FTC has flexed the new oversight muscle over broadband providers it acquired following the Federal Communications Commission’s (FCC’s) repeal of net neutrality, the rules for which went into effect last year.
The FCC said it welcomes the inquiry. Spokeswoman Tina Pelkey said it’s a good idea to have a single agency to police internet privacy:
We welcome this step by the Federal Trade Commission to examine broadband providers’ privacy practices. It could not have occurred without the FCC’s Restoring Internet Freedom Order, and the FTC’s focus on the evolution of broadband providers into ‘vertically integrated platforms that also provide advertising-supported content’ highlights the advantages of having a single agency able to police the entire Internet ecosystem with respect to the important issue of privacy.
The Hill reached out to the broadband providers for their take. Verizon said that it’s reviewing the FTC’s inquiry, while Margaret Boles, a spokeswoman for AT&T, sent this statement:
Our customers’ privacy is important to us, and the FTC plays a critical role in privacy regulation. In fact, we continue to support comprehensive federal legislation to protect consumers’ data throughout the internet ecosystem, and the FTC is the logical agency to enforce that legislation. If the FTC has any questions for us, we will respond appropriately.
Source : Naked Security