Broadband providers should obtain their subscribers'
“explicit and informed consent” before drawing on their web activity for ad targeting, advocacy groups urged Wednesday.
"We believe that each and every customer paying for your
internet service has the right to determine how their personal data will be used, on an opt-in basis,” Mozilla, the Internet Society, Public Knowledge and others said in an open letter to the CEOs of T-Mobile, AT&T, and Verizon.
“As companies with the ability to see and store much of their customers’ browsing history, ISPs have a special responsibility to protect their customers,” the groups add.
The watchdogs specifically ask the mobile companies to avoid harnessing information about web traffic for secondary purposes, without subscribers' opt-in consent.
“We are
calling on you to act in good faith and to meet the demands of your customers, who are increasingly concerned with how their personal data is handled,” the groups write. “This is
especially concerning as so many Americans have turned to mobile connections in the midst of this global pandemic.”
Mozilla's Kaili Lambe, who is spearheading the company's effort, says
broadband carriers should give consumers “a very clear, easy to understand” opt-in mechanism before their data is used for purposes other than to connecting them to websites.
“Opt-out isn't useful for consumers,” she says.
The letter comes the same week it emerged that T-Mobile plans to draw on users' web browsing and app usage for ad targeting, on
an opt-out basis.
T-Mobile says the data will be connected to ad identifiers consisting of alphanumeric strings. But advocates say those identifiers, when combined with other data, can be
linked to people's names.
T-Mobile isn't the only carrier to pursue revenue from ad targeting. AT&T's current privacy policy allows the company to use subscribers' web browsing activity
and app usage for ad targeting.
That policy says the “relevant advertising” program might use some of that data on an opt-out basis, while the “enhanced relevant
advertising” program uses that data on an opt-in basis.
A spokesperson says “relevant advertising” involves “more general audience segments,” and “enhanced
relevant advertising” is “more tailored ads using more data.”
Verizon Wireless also has an ad-targeting program that draws on web-browsing data obtained in its role as
broadband carrier. The company obtains users' opt-in consent before enrolling them in that program.
In 2016, the Federal Communications Commission passed regulations that would have barred
internet service providers from drawing on customers' web-browsing history or app usage for ad targeting, without their explicit consent.
The Republican-controlled Congress repealed those rules the following year. At the time, AT&T said the repeal “had zero effect on the privacy protections
afforded to consumers.”
A 2019 Maine privacy law requires broadband carriers to obtain subscribers' affirmative consent before “using, disclosing, selling or permitting access to
customer personal information” -- including web-browsing history and device identifiers.
Broadband providers contend they shouldn't be required to follow tougher privacy rules than other
companies that collect online data, like Google or Facebook. Those companies typically allow people to opt out of the use of web browsing data for ad targeting.
But consumer advocates have
long argued that broadband providers should be subject to heightened privacy standards, given that carriers can glean detailed knowledge of subscribers' online activity by examining all unencrypted
traffic.
AT&T, Verizon and T-Mobile haven't yet responded to MediaPost's request for comment regarding Wednesday's letter.