Skip to main content

FTC Report: ISPs Engage in Troubling Data Practices

An exterior view of the Federal Trade Commission building
(Image credit: Future)

The FTC has concluded that ISPs are collecting and sharing more data about their customers than those customers are aware of, including internet traffic and real-time location data, while "failing to offer consumers meaningful choices about how this data can be used."

FTC chair Lina Khan said the report would be part of an "ongoing conversation" about commercial data practices, but one that could be "incorporated" into FTC action.

That is according to a staff report culminating a two-year investigation into the data practices of AT&T, Cellco Partnership (Verizon Wireless), Charter, Comcast, T-Mobile and Google Fiber, a report the FTC said revealed "troubling aspects of some ISP data collection practices." The FTC also sought info from three affiliated ad entities, AT&T’s Appnexus (rebranded Xandr); Verizon’s Verizon Online; and Oath Americas (now Verizon Media).

Cable ISPs pushed back hard on the report and its "lumping" of their business with the Big Tech platforms NCTA-the Internet & Television Association suggested should be the FTC's focus.

Also Read: FTC Asked to Prevent Surveillance Advertising

The report pointed out that news outlets had reported that location data had been shared with third parties including "car salesmen, property managers, bail bondsmen, bounty hunters, and others without reasonable protections or consumers’ knowledge and consent."

It also said that while companies claim to give consumers choice, many make it tough to exercise that choice, and while they promise to keep data only as long as it is needed for a business purpose, what falls under that definition varies "widely."

The FTC said the report's findings underscore the need to restrict data collection and use.

The report was approved unanimously 4-1 by the commission, with Khan issuing a separate statement.

Khan said the report highlighted 1) problems with the notice-and-consent framework for data collection and sharing; 2) the expansion of ISPs into vertically integrated businesses including ones providing content for their broadband "pipes"; and 3) the potential use of "hyper-granular" online dossiers to discriminate against users.

Khan also said she thought the FCC had the expertise to "fully oversee internet providers," and that it should reassert that authority by "once again put[ting] in place the nondiscrimination rules, privacy protections, and other basic requirements needed to create a healthier market."

That was a reference to the FCC's decision during the Trump Administration to reclassify broadband access as an information service, eliminate those rules, and deed oversight of most of that to the FTC. To reassert that authority and return the rules, the FCC will need a third Democrat since the commission is currently at a 2-2 political tie.

While the FTC has appeared to be more focused on big edge players like Facebook and Twitter of late, it talked about how the ISPs had become tech giants offering "voice, content, smart devices, advertising, and analytics" that all implicated data collection on a big scale.

Among the "troubling" practices report found were that several of the ISPs "combine data across product lines; combine personal, app usage, and web browsing data to target ads; place consumers into sensitive categories such as by race and sexual orientation; and share real-time location data with third-parties."

The companies have privacy protections, but the FTC said that while a number of them promise not to "sell" data to third parties, they allow it to be shared and otherwise monetized "and hide disclosures about such practices in fine print of their privacy policies."

While the association's representing telecom ISPs provided cautious responses focusing on their support of federal privacy legislation, NCTA led with major pushback on both the report and the FTC's characterization of ISPs before joining in a call for consistent privacy rules across all sectors, including online platforms and other Big Tech.

“Consumers’ online safety and privacy is a top priority for the wireless industry, and federal legislation that uniformly protects users across all platforms is the best way forward," said CTIA, the wireless association. "We are looking forward to continuing to work with the FTC, lawmakers and companies across the ecosystem to ensure consumers are protected.”

“As the FTC has called for numerous times, and as previously urged by USTelecom, Congress must enact a national, comprehensive federal privacy framework that puts consumers first and applies uniformly to all companies operating online," said USTelecom, which represents wired telecom ISPs.

“The FTC’s report provides a highly distorted view of ISP data collection policies and inappropriately attempts to lump broadband providers into the same category as the Big Tech platforms. Cable broadband providers take seriously their responsibility to safeguard the personal information of their customers and do not surveil their customers or sell their location data. Viewed objectively, today’s presentation is a broad attack on online advertising generally, not specific ISP actions. And what is further missing from today’s report is the much larger story about Big Tech platforms that are premised on maximizing user attention. What is needed is a consistent set of privacy rules across the online marketplace on a technology-neutral basis. We look forward to continued engagement with policymakers to forge a strong, consistent framework for privacy protection.”