The Federal Trade Commission (FTC) released a report on Thursday that detailed the “staggering breadth” of how much personal data six large internet service providers (ISPs) collect on their users and how that data is used.
The staff report was presented during an open meeting on Thursday afternoon. The report, which was made public today, went into detail about how AT&T, Verizon, Comcast, Charter, Google Fiber, and T-Mobile used personal data they collect on users and how that data is often given to advertisers. Those ISPs made up approximately 98.8 percent of the mobile internet market, the FTC said.
In March 2019, the FTC sent orders to the ISPs and some of their advertising arms to give it information on how they collected, retained, used, and disclosed information about consumers and their devices.
Andrea Arias, who presented the FTC’s report, said that customers often don’t know how that data is used by the ISPs. Overall, the report found that ISPs “amass large pools of sensitive consumer data,” that they “gather and use data in unexpected ways that could cause harm to consumers,” that the companies can be “at least as privacy-intrusive as large advertising platforms,” and that while the companies often purport to offer consumers choices about their data privacy, the “choices are often illusory.”
The report showed that some ISPs combine collected data across product lines, used web browsing data to target ads, used “sensitive characteristics” to target ads, combined app usage and web browsing data for advertising purposes, and even shared real-time location data with third parties.
That real-time location data, Arias said, was used by “car salesmen, property managers, bail bondsmen, bounty hunters, and others.” Arias also said that ISPs often collected data that was “unnecessary” to provide internet services.
“In our study, we learned that some ISPs … collect data from their customers beyond what is necessary to provide ISP services and use that additional data to enhance their ability to advertise to consumers,” Arias said. “For example, several ISPs in our study collect information about consumers’ apps usage history to use in connection with advertising.”
Rules required the FTC to release the data on an aggregated and anonymized basis, as to not reveal trade secrets. The data provided to the agency was from July 2019 to July 2020.
FTC Chairwoman Lina Khan said the report showed the “staggering breadth and granularity” of information collected by ISPs.
“As the internet has become increasingly essential for navigating modern life, scrutinizing the practices of the firms that provide these key services is critical,” Khan said, adding: “The staff report does a terrific job of documenting the data privacy practices of internet service providers, including their extensive collection, consolidation, and use of customer data. The findings are striking … in short, internet service providers are surveilling users across a broad swath of activities, enabling hyper granular targeting in the service of ads and other services.”
During the meeting, Commissioner Rebecca Kelly Slaughter said the report highlighted that it was an “error” for the Federal Communications Commission (FCC), then under Republican control, to rescind the 2015 Open Internet Order, which enshrined net neutrality rules and gave the FCC authority over ISPs.
Slaughter added that she hoped the FCC would restore its authority over ISPs. The agency is highly unlikely to do that until President Joe Biden finally fills out the FCC. It is currently in a 2-2 partisan deadlock.
“The FCC is our country’s expert telecommunications regulator. It should be able to investigate, and regulate the practices of internet service providers—a critical part of telecommunications infrastructure,” Slaughter said. “This report shows how, absent the FCC’s oversight, many ISPs participated in a race to the bottom to partake in a lucrative market of monetizing their customer’s personal information. I hope the FCC is able to return ISPs to their proper classification as telecom services under Title II and to provide appropriate protections for these essential services.”
Khan echoed that sentiment earlier in the meeting, saying that the FCC has the “clearest legal authority and expertise to fully oversee internet service providers.” Khan also said she would “fully support” efforts to reassert that authority.
The FCC passed rules in 2016 that would have blocked ISPs from collecting, sharing, or storing personal information without users’ consent. However, Congress used the Congressional Review Act (CRA) to overturn that order and former President Donald Trump signed the legislation rolling back the order in 2017.
You can read all of the FTC’s report on the ISPs here.
This week’s top technology stories
|A fundraiser for a Catholic school is the force behind the swelling conspiracy that Trump is still really president|
|How long will it take Biden’s new FCC picks to restore net neutrality?|
|You don’t know Q: QAnon 4 years later|
|Leaked docs show how Facebook tries to keep costs down when it polices hate speech|
|Biden FCC nominee doesn’t waver in net neutrality support during confirmation hearing|
|Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.|