• by Wendy Davis  @wendyndavis, March 10, 2021

Broadband providers should obtain their subscribers' “explicit and informed consent” before drawing on their web activity for ad targeting, advocacy groups urged Wednesday.

"We believe that each and every customer paying for your internet service has the right to determine how their personal data will be used, on an opt-in basis,” Mozilla, the Internet Society, Public Knowledge and others said in an open letter to the CEOs of T-Mobile, AT&T, and Verizon.

“As companies with the ability to see and store much of their customers’ browsing history, ISPs have a special responsibility to protect their customers,” the groups add.

The watchdogs specifically ask the mobile companies to avoid harnessing information about web traffic for secondary purposes, without subscribers' opt-in consent. 

“We are calling on you to act in good faith and to meet the demands of your customers, who are increasingly concerned with how their personal data is handled,” the groups write. “This is especially concerning as so many Americans have turned to mobile connections in the midst of this global pandemic.”

Mozilla's Kaili Lambe, who is spearheading the company's effort, says broadband carriers should give consumers “a very clear, easy to understand” opt-in mechanism before their data is used for purposes other than to connecting them to websites.

“Opt-out isn't useful for consumers,” she says.

The letter comes the same week it emerged that T-Mobile plans to draw on users' web browsing and app usage for ad targeting, on an opt-out basis.

T-Mobile says the data will be connected to ad identifiers consisting of alphanumeric strings. But advocates say those identifiers, when combined with other data, can be linked to people's names.

T-Mobile isn't the only carrier to pursue revenue from ad targeting. AT&T's current privacy policy allows the company to use subscribers' web browsing activity and app usage for ad targeting.

That policy says the “relevant advertising” program might use some of that data on an opt-out basis, while the “enhanced relevant advertising” program uses that data on an opt-in basis.

A spokesperson says “relevant advertising” involves “more general audience segments,” and “enhanced relevant advertising” is “more tailored ads using more data.”

Verizon Wireless also has an ad-targeting program that draws on web-browsing data obtained in its role as broadband carrier. The company obtains users' opt-in consent before enrolling them in that program.

In 2016, the Federal Communications Commission passed regulations that would have barred internet service providers from drawing on customers' web-browsing history or app usage for ad targeting, without their explicit consent.

The Republican-controlled Congress repealed those rules the following year. At the time, AT&T said the repeal “had zero effect on the privacy protections afforded to consumers.”

A 2019 Maine privacy law requires broadband carriers to obtain subscribers' affirmative consent before “using, disclosing, selling or permitting access to customer personal information” -- including web-browsing history and device identifiers.

Broadband providers contend they shouldn't be required to follow tougher privacy rules than other companies that collect online data, like Google or Facebook. Those companies typically allow people to opt out of the use of web browsing data for ad targeting.

But consumer advocates have long argued that broadband providers should be subject to heightened privacy standards, given that carriers can glean detailed knowledge of subscribers' online activity by examining all unencrypted traffic.

AT&T, Verizon and T-Mobile haven't yet responded to MediaPost's request for comment regarding Wednesday's letter.