Internet Service Provider (ISP) Privacy is the topic of a Notice of Proposed Rulemaking (NPRM) recently passed by the Federal Communications Commission (FCC). The language requires that consumers opt in, in order for their personal data to be used by the ISP.
In this era where big data is all the rage, this could have a chilling effect on online advertising. Advertisers that contract with ISPs or their affiliates, including ad-technology companies fall under the new regulations.
Before this ruling was passed, much of the data used for the targeting of advertisements was available for collection unless a person specifically opted out and requested that their information be kept private. This practice placed the burden on the consumer who needed to be aware that the data was being collected and know how they could opt out. By mandating opt in, the NPRM turned this on its head and placed the burden on the companies, who must solicit consent before using any information.
Differing Data Types
The NPRM covers two types of data, the first of which is personally identifiable information. Financial and medical information fall under this umbrella as well as shopping and browsing history and geolocation. This category also includes information that can identify devices like cookies and MAC addresses. The second group of data, customer proprietary network information, or CPNI, adds details which can identify the type of broadband service being used.
It must be pointed out that the mandate as stated in the NPRM only applies to information coming from ISPs. It does not affect edge providers or other companies so advertisers will still have access to data they need to target advertising. However, consumers who do not give consent for their ISP information to be used may be unhappy if they are still receiving targeted online ads. This could lead to pressure on the FCC to extend regulation to companies other than ISPs.
Critics of the NPRM included the National Cable Telecommunications Association, which has expressed concern over the focus on ISPs, while companies like Google, Facebook, and other online companies are currently not included in the ISP privacy proposal. Republican senators also have questioned the NPRM’s targeting of ISPs, but the FCC maintains that it does not have control over the other types of companies. They are under the jurisdiction of the Federal Trade Commission (FTC). Other telecom industry groups, as cited by Politico, maintain that while nothing has changed regarding the way ISPs have been collecting and using data, what has changed is the FCC’s authority over them.
Last year, the FCC reclassified ISPs as common carriers, which means that they can be governed like a telecommunications provider rather than one of information services. This has to do, in part, with an effort to bring about net neutrality, which is loosely defined as the equal treatment of data traversing the Internet.
As an enforcement agency, the FTC took action regarding ISP privacy only when violations occurred. The FCC could have chosen to take the same approach when it assumed responsibility of the ISPs, according to Fortune.
Changing the Status Quo
The practice had been successful in promoting innovation while at the same time holding companies accountable. Instead, The Washington Post explains, the FCC decided to regulate ISPs and by doing so has layered compliance costs on them and taken away some of their ability to monetize data, the way a company like Google will continue to be able to.