Earlier this year, the Federal Communications Commission accused all four major U.S. mobile carriers of violating the agency's privacy regulations by selling information about consumers' locations
to outside companies.
Despite the agency's move, and proposed
multimillion-dollar fines, AT&T and Verizon may still be engaged in problematic practices, FCC Commissioner Geoffrey Starks suggested this week.
“Again I find myself inquiring about
data and privacy issues that lack transparency,” he said in letters sent Wednesday to AT&T CEO John Stankey and Verizon CEO Hans Vestberg.
He is asking both companies about their
“practices and procedures for protecting consumer information -- particularly location data,” as well as their “commitment to data privacy.”
Starks is specifically
questioning AT&T (which owns AppNexus) and Verizon (which owns AOL and Yahoo) about their involvement with real-time bidding for location data.
He asks the carriers whether they or any
affiliates “have ever bought, sold, shared, or received ... 'bidstream' data.”
An AT&T spokesperson says the company is “reviewing the letter and will respond
appropriately.”
His letter comes several days after federal lawmakers asked a different agency, the Federal Trade Commission, to conduct a broader investigation into how consumer data is
traded via real-time bidding.
“Few Americans realize that companies are siphoning off and storing that 'bidstream' data to compile exhaustive dossiers about them,” Sens. Ron Wyden
(D-Oregon), Bill Cassidy (R-Louisiana) and eight other lawmakers wrote to the
FTC last week. “These dossiers include their web browsing, location, and other data, which are then sold by data brokers to hedge funds, political campaigns, and even to the government without
court orders.”
Data offered through real-time bidding is typically described as “pseudonymous,” but privacy advocates argue that data brokers and other companies can
sometimes piece together people's identity based on pseudonymized information.
Wyden and the others write that “unregulated data brokers have access to bidstream data and are using it in
outrageous ways that violate Americans' privacy.”
They add that even companies that lose the bidding auction can end up gaining access to the consumer data.
“Hundreds of
potential bidders receive this information, even though only one -- the auction winner -- will use it to deliver an advertisement,” the lawmakers write.
Wyden and the others
cite media reports that Mobilewalla “used location and inferred race data” to profile participants in the Black Lives Matter protests.
(Mobilewalla itself issued a report
in June that analyzed the demographics of protesters in Atlanta, Los Angeles, Minneapolis and New York.)
The lawmakers also noted that a group of publishers recently called for changes to real-time bidding by posting an an open letter to the ad industry.
“We believe the current system allows for a significant
data breach by companies gaining access to the real-time bidding (RTB) infrastructure (i.e. the 'bid stream') for the sole purpose of harvesting both publisher-specific and audience-specific
data,” that letter states.
The same day Wyden and the other lawmakers wrote to the FTC, Starks and Rep. Yvette Clark (D-New York) also urged that agency to investigate.
“Advertising companies have recklessly allowed personal data, specifically data generated for the purpose of deciding where to place advertisements, to be monetized and siphoned into massive
dossiers on Americans and where they exercise their rights to worship and protest,” they stated. “That’s not just alarming; it’s dangerous."
Starks has asked AT&T
and Verizon to respond to his questions by August 25.