MAJOR HIGHLIGHTS OF FTC’s SPECIAL REPORT EXAMINING PRIVACY PRACTICES OF ISPs

MAJOR HIGHLIGHTS OF FTC’s SPECIAL REPORT EXAMINING PRIVACY PRACTICES OF ISPs

We, at Tsaaro, are here with a special summary article on this year’s “Federal Trade Commission (FTC) Staff Report” that examines the privacy practices of six major Internet Service Providers (ISPs) that constitute approximately 98.8 % of the mobile internet market.
1) AT&T Mobility LLC, 

2) Cellco Partnership d/b/a Verizon Wireless, 

3) Charter Communications Operating LLC, 

4) Comcast Cable Communications d/b/a Xfinity, 

5) T-Mobile US Inc., and 6) Google Fiber Inc.). 

The FTC Report highlights the ISP industry’s data surveillance and privacy practices. The ISPs were asked to provide information in regard to their data collection and use practices, as well as any tools provided to consumers to control these practices. The FTC Report provides an in-depth look at how these ISPs surveil consumers, use and distribute consumer data, and the privacy implications of such use and distribution. 

In general, many of these ISPs collect and use the information for four primary reasons: (1) to provide core communications services to consumers (2) to provide other services to consumers (e.g., Internet of Things, and video or website content); (3) advertising; and (4) to provide other services to businesses.

When it comes to the privacy practices of these ISPs, concerns were raised in four key areas:

1. Opacity – i.e. several ISPs failed to disclose to consumers the ways in which their data can be used, transferred, or monetized outside of selling it.
2. Illusory Choices – wherein consumers were offered some choices with respect to the use of their data, which resulted in consumer confusion and made it difficult for consumers to exercise their privacy intentions.
3. Lack of Meaningful Access – the information was often either unreadable or illogical without context.
4. Data Retention and Deletion – in several of the ISPs, deletion and retention of information was for a business reason, but they failed to define (or leave undefined) what constitutes a business reason, giving them virtually unrestrained discretion.

Four major Observations were made through the FTC Report:

1. Many ISPs Amass Large Pools of Sensitive Consumer Data – Several ISPs collected enormous volumes of consumer information from the range of products and services that they offer. This means a single ISP has the ability to track the websites, their subscribers visit, the shows they watch, the apps they use, their energy habits, their real-time whereabouts and historical location, the search queries they make, and the contents of their email communications. Moreover, they combine the data from their subscribers with additional information from third-party data brokers, which leads to insights and inferences into not just their subscribers but their subscribers’ families and households. This data is also used to create advertising segments, which reveal sensitive data such as race, religion, national origin, sexual orientation, financial status, health status, and political beliefs.
2. Several ISPs Gather and Use Data in Ways Consumers Do Not Expect and Could Cause Them Harm – Consumers are likely to be surprised at the extent of data that is collected and combined for purposes unrelated to providing the service they request. This data could be used in a number of ways that could be harmful to consumers.
3. Although Many ISPs in Our Study Purport to Offer Consumers Choices, These Choices are Often Illusory – some of the consumers  were offered choices which were unclear and led consumers toward more data sharing. 
4. Many ISPs Can be At Least As Privacy – Intrusive as Large Advertising Platforms- the privacy challenges that permeate the advertising ecosystem may be amplified by ISPs because: (1) many ISPs have access to 100% of consumers’ unencrypted internet traffic; (2) several ISPs are able to verify and know the identity of their subscribers; (3) many ISPs can track consumers persistently across websites and geographic locations; and (4) several ISPs in our study have the capability to combine the browsing and viewing history that they obtain from their subscribers with the large amounts of information they obtain from the broad range of vertically integrated products, services, and features that they offer.

The pandemic has fundamentally changed our way of life. We have become highly dependent on the Internet which proves how the significance of the Internet has immensely grown in the past years. Dependence on internet service providers (“ISPs”) to access essential services and communicate with others is increasing rapidly. As a result, the aggregation of data along with the privacy of consumer data, in general, requires increased attention. The FTC Report, therefore, highlights concerns and brings to the forefront privacy and competition issues associated with internet access. This report is based on materials provided by the country’s six largest ISPs on how information and documents related to the types of information are collected, the purposes for which information about consumers is used, the types of information shared with affiliated and unaffiliated entities, the notices and privacy choices provided to consumers, and consumers’ access and deletion rights.

To read the complete report on “A Look At What ISPs Know About You: Examining the Privacy Practices of Six Major Internet Service Providers” prepared by the Federal Trade Commission, check out  – p195402_isp_6b_staff_report