Earlier this year, the Federal Communications Commission accused all four major U.S. mobile carriers of violating the agency's privacy regulations by selling information about consumers' locations to outside companies.
Despite the agency's move, and proposed multimillion-dollar fines, AT&T and Verizon may still be engaged in problematic practices, FCC Commissioner Geoffrey Starks suggested this week.
“Again I find myself inquiring about data and privacy issues that lack transparency,” he said in letters sent Wednesday to AT&T CEO John Stankey and Verizon CEO Hans Vestberg.
He is asking both companies about their “practices and procedures for protecting consumer information -- particularly location data,” as well as their “commitment to data privacy.”
Starks is specifically questioning AT&T (which owns AppNexus) and Verizon (which owns AOL and Yahoo) about their involvement with real-time bidding for location data.
He asks the carriers whether they or any affiliates “have ever bought, sold, shared, or received ... 'bidstream' data.”
An AT&T spokesperson says the company is “reviewing the letter and will respond appropriately.”
His letter comes several days after federal lawmakers asked a different agency, the Federal Trade Commission, to conduct a broader investigation into how consumer data is traded via real-time bidding.
“Few Americans realize that companies are siphoning off and storing that 'bidstream' data to compile exhaustive dossiers about them,” Sens. Ron Wyden (D-Oregon), Bill Cassidy (R-Louisiana) and eight other lawmakers wrote to the FTC last week. “These dossiers include their web browsing, location, and other data, which are then sold by data brokers to hedge funds, political campaigns, and even to the government without court orders.”
Data offered through real-time bidding is typically described as “pseudonymous,” but privacy advocates argue that data brokers and other companies can sometimes piece together people's identity based on pseudonymized information.
Wyden and the others write that “unregulated data brokers have access to bidstream data and are using it in outrageous ways that violate Americans' privacy.”
They add that even companies that lose the bidding auction can end up gaining access to the consumer data.
“Hundreds of potential bidders receive this information, even though only one -- the auction winner -- will use it to deliver an advertisement,” the lawmakers write.
Wyden and the others cite media reports that Mobilewalla “used location and inferred race data” to profile participants in the Black Lives Matter protests.
(Mobilewalla itself issued a report in June that analyzed the demographics of protesters in Atlanta, Los Angeles, Minneapolis and New York.)
The lawmakers also noted that a group of publishers recently called for changes to real-time bidding by posting an an open letter to the ad industry.
“We believe the current system allows for a significant data breach by companies gaining access to the real-time bidding (RTB) infrastructure (i.e. the 'bid stream') for the sole purpose of harvesting both publisher-specific and audience-specific data,” that letter states.
The same day Wyden and the other lawmakers wrote to the FTC, Starks and Rep. Yvette Clark (D-New York) also urged that agency to investigate.
“Advertising companies have recklessly allowed personal data, specifically data generated for the purpose of deciding where to place advertisements, to be monetized and siphoned into massive dossiers on Americans and where they exercise their rights to worship and protest,” they stated. “That’s not just alarming; it’s dangerous."
Starks has asked AT&T and Verizon to respond to his questions by August 25.