Column: Your ISP says it cares about your privacy. Not so much, actually, says FTC
Arguably, no one knows more about your online activities than your internet service provider. And every leading ISP says it takes users’ privacy very, very seriously.
“Your privacy is important to us,” says Verizon.
“Your privacy is important to Charter,” says the parent of cable heavyweight Spectrum.
Yet a recent report from the Federal Trade Commission concluded that, declarations such as these aside, six of the top ISPs are focused on gathering and exploiting as much of users’ personal information as they can — and keeping such activities hidden from customers.
Among the FTC’s findings:
- “While several ISPs in our study tell consumers they will not sell their data, they fail to reveal to consumers the myriad of ways that their data can be used, transferred or monetized outside of selling it, often burying such disclosures in the fine print of their privacy policies.”
- “There is a trend in the ISP industry to purport to offer consumers some choices with respect to the use of their data. However, problematic interfaces can result in consumer confusion as to how to exercise these choices, potentially leading to low opt-out rates.”
- “Although many of the ISPs in our study purported to offer consumers access to their information, the information was often either indecipherable or nonsensical without context, potentially leading to low access requests.”
- “While several of the ISPs in our study provided time frames for deleting information, many asserted that they keep information as long as it is needed for a business reason. However, many ISPs in our study have the ability to define (or leave undefined) what constitutes a business reason, giving them virtually unfettered discretion.”
The internet service providers examined by the agency include AT&T, Verizon Wireless, Charter Communications (Spectrum), Comcast, T-Mobile and Google Fiber. Together they represent about 98% of the mobile internet market, according to the FTC.
Privacy has been much on my mind this week after Tuesday’s column about a parking validation app from Los Angeles-based Metropolis Technologies. The app is used at parking facilities nationwide, including the garage of the Trader Joe’s store in Hollywood.
For the record, TJ’s says it has nothing to do with the operations of that garage; the store is just a building tenant.
Along with collecting a startling amount of user data, the policy says that Metropolis reserves the right to monitor “pages that you visit before, during and after” using the company’s online parking validation, as well as “information about the links you click.”
It says the company will track your online activities regardless of which device you use, and “may allow third-party advertising partners to set technologies and other tracking tools to collect information regarding your activities and your device.”
Let’s be real clear: Nearly all online companies, including the Los Angeles Times, have what I would deem to be aggressive data collection practices.
To my mind, however, there’s a difference between a Google or a Facebook, which provide valuable services in return for their prying eyes, and an app that serves a single, ostensibly benign purpose — parking validation.
That said, data mining by Big Tech is out of control, and the FTC’s examination of the internet’s gatekeepers shows that more legislative and regulatory safeguards are needed to protect people’s privacy.
I reached out to each of the ISPs listed in the agency’s report, as well as industry associations representing cable and wireless companies. Some responded. Some didn’t.
The answers I did get were predictable — and for the most part ducked any response to the FTC’s findings.
“T-Mobile shares the FTC’s focus on consumer privacy and building trust, and we also support federal legislation that would create one uniform standard for all online companies,” a company spokesperson said.
“Consumers’ online safety and privacy is a top priority for the wireless industry, and federal legislation that uniformly protects users across all platforms is the best way forward,” said a spokesperson for the wireless industry group CTIA.
“Congress must enact a national, comprehensive federal privacy framework that puts consumers first and applies uniformly to all companies operating online,” said a spokesperson for USTelecom, representing broadband providers.
I asked each whether there was any specific privacy legislation they support. No response.
Only the cable industry took a swing at the FTC’s conclusions. A spokesperson for NCTA — The Internet & Television Assn., an industry group, called the report “misleading and profoundly disappointing.”
The cable industry supports “federal legislation to codify strong protections into law with one set of rules that all companies are bound by,” the spokesperson said.
There are various bills making the rounds on Capitol Hill aimed at reining in Big Tech’s voracious appetite for consumer data. One would prohibit tech platforms such as Google or Amazon from favoring their own products or services. Another would establish more online protections for kids.
But I’m not aware of any pending legislation that would address the points cited by the FTC, or that would create consumer-oriented data collection limits similar to those in place in Europe and China.
Much of the tech industry’s stance on privacy is just posturing — and part of ongoing efforts to undermine strict privacy rules in California and other states.
When the industry says it supports federal privacy legislation, what it’s really saying is it wants watered-down national rules that would preempt tougher measures at the state level.
What consumers should be demanding are privacy regulations with teeth, not least a requirement that no company can collect or store user data without people’s permission.
Or, put another way, we need rules that say a parking validation app has to be, first and foremost, a parking validation app.