FTC asks broadband providers to disclose how they collect user data

The FTC wants to know what user data broadband ISPs are collecting about their customers, and how they're doing it.

isp-jenga.jpg

The Federal Trade Commission sent letters today to seven of the biggest US broadband providers seeking information on how the companies collect, retain, use, and disclose information about consumers and their devices.

The letters were sent to AT&T Inc., AT&T Mobility LLC, Comcast Cable Communications (doing business as Xfinity), Google Fiber Inc., T-Mobile US Inc., Verizon Communications Inc., and Cellco Partnership (doing business as Verizon Wireless).

The commission sent the letters seeking information are part of a study, avoiding the use use the term inquiry in its official press release.

It said it wanted "to better understand Internet service providers' privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content."

Many technology experts have long warned that broadband providers are more dangerous than classic analytics firms like Google, Facebook, or Amazon.

They argued that ISPs have a deeper insight into users' internet habits and are most likely collecting larger quantities and more complete information about users when compared to their web-based counterparts.

Rules were set in place in 2016 that required US broadband providers to notify and obtain explicit consent from customers before collecting their data and tracking their activities, however, such consent can be easily hidden in popups and terms of service.

The FTC wants now to learn more about current user data collection practices, most likely in an attempt to gather information before passing new rules that better protect users and their privacy.

The FTC is viewed inside the US government as the best agency to do safeguard online privacy. Last month, the US Government Accountability Office recommended that the FTC be put in charge of enforcing any GDPR-like legislation Congress might want to pass in the US.

Per a copy of the letter sent to US broadband providers, these are the data points and details the FTC wants to learn from each ISP:

  • The categories of personal information collected about consumers or their devices, including the purpose for which the information is collected or used;
  • The techniques for collecting such information;
  • Whether the information collected is shared with third parties;
  • Internal policies for access to such data;
  • Data deletion and retention policies;
  • How long the information is retained;
  • Whether the information is aggregated, anonymized or deidentified;
  • Copies of the companies' notices and disclosures to consumers about their data collection practices;
  • Number of users who visited, viewed, or interacted with a provider's privacy policy;
  • Whether the companies offer consumers choices about the collection, retention, use and disclosure of personal information;
  • Whether the companies have denied or degraded service to consumers who decline to opt-in to data collection;
  • Percentage of users who have exercised such choices;
  • Procedures and processes for allowing consumers to access, correct, or delete their personal information.

More user privacy news: