FTC votes 5-0 to examine privacy practices of internet service providers and mobile broadband providers
The Federal Trade Commission (FTC) has issued seven letters to internet service providers (ISPs) and mobile broadband providers in the United States demanding a special report regarding their privacy practices. The FTC resolution was formally called the “Resolution Directing Use of Compulsory Process to Collect Information Regarding ISP Privacy” and was issued under the FTC’s stated powers from Section 6(b) of the FTC Act. The ISPs and mobile data providers that have been served with this request are:
- AT&T Inc.
- AT&T Mobility LLC
- Comcast Cable Communications (Xfinity)
- Google Fiber Inc.
- T-Mobile US Inc.
- Verizon Communications Inc.
- Cellco Partnership (Verizon Wireless)
The broadband providers have 45 days to turn in their special privacy report.
FTC orders data providers to report on their privacy practices
The special report will need to include a host of information that will allow the FTC to properly judge whether these ISPs are protecting their customers’ rights to the extent required by law. The providers will need to report what kinds of personally identifiable information is stored, whether/how it is deanonymized and stored, what third parties get to access it and under what circumstances, and how a consumer can request for said data to be deleted. The FTC is also looking for existing deceptive practices that negatively impact consumer privacy.
The FTC is likely to find privacy violations
Specifically, one of the important questions that the ISPs will need to answer is this:
Irrespective of whether on a trial or test basis, regional level, or national level, has the Company ever offered different levels of service, quality of service, rates, pricing, rewards, or other incentives for consumers who opt-in to the collection of information about themselves, their Devices, their communications, their viewing history, or their online activities?
We already know that many ISPs such as Verizon have taken similar privacy damaging actions in the past – essentially monetizing the user’s privacy and allowing it, if not outright encouraging it, to be sold. The FTC has stated that they are specifically investigating “whether the companies have denied or degraded service to consumers who decline to opt-in to data collection.”
Additionally, the fact that third parties could get personally identifiable information about consumers, such as real-time location, from these providers, is likely also a catalyst for this inquiry. FTC Chairman Joseph Simons reminded consumers and data providers in his announcement:
“Under current law, the FTC has the ability to enforce against unfair and deceptive practices involving Internet service providers.”