Congress Scraps FCC Data Privacy Restrictions
In October 2016, the Federal Communications Commission (FCC) issued sweeping rules restricting internet service providers (ISPs) from sharing users’ personal information without their consent. Recently, Congress passed legislation negating these new data privacy regulations, once again giving ISPs free rein over users’ browser history, app usage and mobile location data.
As The Washington Post explains, the FCC’s now-defunct rules include language requiring ISPs to safeguard the data they collect. If the new bill goes into effect, the FCC will not be allowed to issue similar rules in the future.
Large ISPs already monetize user data for their own advertising networks. For example, Verizon makes use of Verizon Selects and Relevant Mobile Advertising business lines, while AT&T has AdWorks. ISPs argued that the FCC rules gave organizations not governed by the FCC, including Google and Facebook, an unfair advantage in collecting user data for advertising.
Verizon told Reuters that its businesses provide aggregate insights about certain demographics to interested advertisers, along with de-identified user information that helps advertisers target customers within certain demographics. Verizon, AT&T and Comcast have all reported they wouldn’t sell user data to third parties.
The State of Data Privacy
U.S. data protection laws are somewhat laissez-faire compared to those in the European Union. The E.U. General Data Protection Regulation rolling out in 2018 will impose stricter consent requirements for data collection, including granting consumers the right to opt out at any point. Although some have suggested the rollback of FCC rules gives explicit permission for ISPs to sell American user data, the true impact will be how the new legislation sends U.S. consumer data privacy protections back to square one. Subscribers in America are no worse off than they were last October.
Yet in 2017, this deregulation takes place amid concerns about net neutrality and big data. The Electronic Frontier Foundation (EFF) characterizes the way businesses collect consumer data as “private-sector surveillance.”
“Very few consumers realize the power of statistical analysis and other big data algorithms,” the EFF states. “Even if consumers are aware of what specific data they are sharing, they may not understand what inferences could be made based on that data.”
Protective Measures Aren’t Perfect
Matt Hogan, CEO of DataCoup, tells Forbes he hopes ISPs will see data protection as a positive market differentiator.
“If [consumers] don’t like what a contracting service is doing, [they can] go down the street and subscribe to the contracting service that is taking their privacy more seriously,” Hogan told the source.
At the same time, Americans in many geographic areas have few ISPs to choose between. Federal statistics, The Washington Post points out, indicate many Americans have a choice of only one or two broadband providers.
The new congressional bill has increased consumer interest in virtual private networks (VPNs), anonymous browsers like Tor and incognito operating systems like Tails. The EFF also offers a Firefox, Chrome and Opera extension called HTTPS Everywhere, which causes browsers to default to encrypted communications between users and websites wherever encryption is available.
But as Krebs on Security points out, even these cautionary steps come with caveats. VPNs, for instance, can mask browsing data, but providers aren’t prohibited from sharing user data with third parties.