Comcast, Verizon and AT&T have promised not to sell personal information or browsing history collected from customers following the decision by the United States Congress to r everse online privacy protections passed under President Barack Obama.
All three companies issued statements Friday in attempts to quell concerns from consumers that their internet activity may now be collected and sold to third-parties without their permission.
"We do not sell our broadband customers’ individual Web browsing history," Comcast chief privacy officer Gerard Lewis wrote in a blog post. "We did not do it before the FCC’s rules were adopted, and we have no plans to do so."
Bob Quinn, AT&T’s senior executive vice president of external and legislative affairs, echoed the sentiments in a blog post of his own posted to AT&T’s public policy website.”
“We had the same protections in place the day before the Congressional resolution was passed, and we will have the same protections the day after President Trump signs the CRA into law,” he wrote. “The Congressional action had zero effect on the privacy protections afforded to consumers.”
Verizon privacy officer Karen Zacharia said in a blog post that the carrier has two programs that makes use of customer browsing data: one that provides marketers with access to “de-identified information to determine which customers fit into groups that advertisers are trying to reach" and one that "provides aggregate insights that might be useful for advertisers and other businesses."
USTelcom CEO Jonathan Spalter joined in the concerted effort to push back against consumer fears in an op-ed written for Axios.
“No one is buying anyone's individual browser history and putting it online. Step away from the Kickstarter campaigns. Such activity remains patently illegal,” he wrote, dismissing the several crowdfunded campaigns that have cropped up in an effort to purchase the browsing history of members of Congress.
To some degree, the assessment from the telecommunications industry members is correct. The decision by the Congress and Senate blocked Federal Communications Commission rules passed in October 2016 that were not set to go into effect until December 2017. The delay was designed to allow telecom companies time to comply, but effectively nothing has changed other than the loss of the promise of more privacy in the future.
At the same time, the flat out dismissal of consumer concerns seems to ignore the reason the FCC passed the Broadband Consumer Privacy Rules in the first place: the commission deemed the data collection policy of telecom companies to be too intrusive and overreaching.
The FCC rules would have required internet service providers to get permission before collecting any sensitive personal data including information regarding finances, health, information from children, precise geolocation data, web browsing history and app usage history and content from unencrypted messages.
The CTIA—a lobbying group that represents a number of major wireless communications companies including AT&T, Verizon, T-Mobile and Sprint—issued a filing to the FCC that argued against classifying web browsing history and app usage data to be sensitive information, suggesting the companies have a vested interest in continuing to collect that data.
Another sentiment that appeared in all the statements issued by the telecom giants was the idea that there are still regulatory levers in place to protect consumer data. The Federal Trade Commission already has a framework for online privacy, the companies argued.
However, the FTC currently has no jurisdiction to regulate internet service providers. When the FCC decided to reclassify ISPs as common carriers under Title II of the Telecommunications Act, it took away the FTC’s ability to enforce regulation on the companies.
AT&T has actively argued that the FTC has no authority over any of the company’s services and won a court case that backed that view. Unless and until the FCC reverses the common carrier classification, AT&T and other ISPs are not subject to the FTC’s privacy rules.
AT&T also highlighted Section 222 of the Communications Act as another law under which carriers are governed, but the CTIA—of which AT&T is a member—has argued Section 222 doesn’t extend to broadband service. The Broadband Consumer Privacy Rules passed by the FCC would have clarified how the law is enforced on internet services but those rules are no longer on the books.
Most telecoms still offer the ability to opt out of most data collection programs, though the processes are often intentionally complicated and time consuming. Many consumers have turned to virtual private networks (VPNs) in the wake of the rules rollback to prevent ISPs from accessing their browsing history and online activity.