Network connectivity map in a city showing FTC looking at privacy practices of big internet providers
FTC Probing into Privacy Practices at Big Internet Providers by Nicole Lindsey

FTC Probing into Privacy Practices at Big Internet Providers

Amidst growing concerns about privacy practices at big Internet providers, the FTC consumer watchdog agency has issued orders to seven U.S. Internet providers – AT&T, AT&T Mobility, Comcast Cable (doing business as Xfinity), Google Fiber, T-Mobile USA, Verizon and Verizon Wireless – to handover information related to the way they collect, retain, use and disclose information about consumers and their devices. The orders are officially part of an FTC study, and not a formal investigation, but it is easy to see how information gathered during this study could be used to develop new rules and guidelines for large Internet providers.

A closer look at privacy practices of Internet providers

The Federal Trade Commission (FTC), which is responsible for enforcing unfair and deceptive practices involving Internet services, says it has initiated this study in order to understand the privacy practices at top Internet providers. The 7 companies will have 45 days in order to comply with the request, meaning that a formal review of these privacy practices at Internet providers will likely not begin until the summer.

Companies are being asked to provide information in a variety of different categories. For example, the Internet providers must submit information about the categories of personal information they collect, including the purpose of collecting that information, the techniques used to collect that information, the extent of third-party sharing of that information, the internal use of that information, and how long such data is kept on record.

In addition, the Internet providers must provide updates on whether any data is aggregated, anonymized or deidentified. And they must hand over copies of any privacy notices or disclosures sent to customers, as well as information about options or choices that consumers have about the collection, retention, use and disclosure of their personal data. Finally, as part of this broad-reaching study into privacy practices, the Internet providers must provide information about the procedures and processes for consumers to access, correct or delete their personal information.

The goal, of course, is to see whether the big Internet providers are conforming to their stated privacy practices, and to check that they are not engaging in any unfair or deceptive business practices. In the past, the major Internet providers have made pledges not to sell or exchange customer information with unsanctioned third parties, and this study could possibly uncover whether they have been abiding by those promises.

The context and background of this new study into privacy practices

So why is the FTC suddenly so curious about the privacy practices at the big Internet providers? One big reason why the FTC is initiating this study to understand Internet service providers has to do with the fact that these Internet providers have morphed into giant Internet conglomerates. For example, both Verizon and AT&T have engaged in major content acquisitions, and that has raised the prospect that they might be using customer data improperly as part of advertising-supported content initiatives.

According to the official FTC statement about this current study, one major concern is the evolution of telecommunications companies and their business practices involving Internet service. Big Internet providers have evolved into “vertically integrated platforms that also provide ad-supported content.” In theory, at least, that would make them even more dangerous than data collecting tech firms like Google or Facebook. Internet providers, by virtue of the fact that they always know your location when you are plugged into the Internet, would have deeper insight into consumer Internet habits, as well as a much more complete profile of these users. Typically, when someone signs up for Internet service, he or she signs up a variety of devices. Thus, ISPs have a much more comprehensive view of how you use the Internet.

Certainly, the track record of these companies has been sketchy at best in recent years. Verizon, for example, has been linked to an unblockable “supercookie” that tracks subscribers. And companies like AT&T and T-Mobile have been implicated in location data-sharing scandals, in which the big Internet providers were found to be sharing customer location data with a wide range of third-party data brokers. In turn, these data brokers were selling off this location data to a mixed bag of clients, including bail bondsmen and bounty hunters. In some cases, this location data was so specific that it could be used to identify the exact location of just about any cell phone number in the nation.

Implications of the study

Even if the FTC does uncover glaring problems, weaknesses or consistencies, it does not necessarily imply that there will be a “crackdown” on the Internet providers or that the FTC will move quickly to enforce against unfair practices. However, the FTC could ask them to adjust their practices. Earlier, the FTC did not have the necessary legal and regulatory purview in order to do this. However, after the Federal Communications Commission (FCC) changed the classification of mobile data to be an “information service,” it made it possible for the FTC to take a much broader look at the privacy practices of the big Internet providers.

FTC has issued orders to 7 internet providers to share how they collect, retain, use and disclose information about consumers and their devices. #privacyClick to Tweet

Over the past 18 months, the FTC has emerged as the one government agency that is best able to check into the business practices of Big Tech, and more specifically, the privacy practices of the big Internet providers. And, indeed, when a group of 12 U.S. Senators called for an investigation into the location data-sharing scandal in January 2019, they specifically called on the FTC to lead the charge. In issuing the new orders, the FTC did not refer to this location-data scandal, but it is interesting to note that the FTC did request information about cell tower data collection and GPS data collection from the Internet providers. That’s surely a sign that they are looking into how all of this data fits into the bigger picture.

New regulatory action on the horizon

In initiating this study, the FTC is obviously concerned that, where there is smoke, there is fire. In other words, the big Internet providers’ practices in light of recent history have not exactly inspired confidence. Now that the big Internet providers are becoming huge vertically integrated platforms, it’s important to put a halt to any unfair and deceptive practices before it is too late. The study to better understand the data collection, retention and use policies of the Internet providers will make it much easier for the FTC’s ability to enforce a fair and level playing field in the future.