Consumer protection: FCC ruling means users must 'opt in' to let data be sold

A new ruling passed by the Federal Communications Commission states that broadband companies, including Verizon, Comcast, and AT&T, can only use certain users' data with explicit consent.

Soon it may become harder for broadband companies to use your internet browsing data to target advertisements at you. 

A Federal Communications Commission (FCC) rule passed on Thursday will require broadband internet providers such as Comcast and Verizon to obtain customers' explicit consent before using or sharing certain data collected from various activities through the broadband companies.

"Seldom do we stop to realize that our Internet Service Provider – or ISP – is collecting information about us every time we go online," FCC Chairman Tom Wheeler wrote in a blog post earlier this month. "In today’s digital world, consumers deserve to be able to make informed choices about their privacy and their children’s privacy online. After all, it’s your data – shouldn’t you have a say over how it’s used?"

The unprecedented move marks one of the strongest privacy regulations in the sector. It follows a bid by the agency to tackle online privacy that began earlier this year. One concern revolves around the proliferation of targeted advertising that draws on huge caches of data gleaned from a person’s online activities: Recent surveys by Pew Research show that majority of adults feel like they’ve lost control of the information gathered by online companies and nearly half of them are confused on what to do about it.

With this FCC ruling, some advocacy groups think that internet users will finally be able to gain control by requiring less action in part of the user to figure out how to "opt out" of information sharing.

"For the first time, internet service providers are going to be required to ask their consumers before they use certain categories of information that has been deemed sensitive," Dallas Harris, policy fellow with advocacy group Public Knowledge tells The Christian Science Monitor in a phone interview. "It allows those who do care the ability to decide whether or not to participate."

Consumers will have to choose to "opt in" before "sensitive" data such as geolocation, financial and health information, Social Security numbers, content of communication, web browsing and app usage history can be used by the companies, while individually identifiable data will require an "opt out." The information has to be provided during signups and updates to security policies.

"Really, we’re protecting consumers to put as much as possible in the opt-in category," Ms. Harris says. "Right now to opt out, I don’t know if anyone knows how to go to their ISP website to opt out."

Much is potentially at stake for broadband companies if consumers choose not to share their information. For one, the FCC regulations do not apply to websites such as Google and Facebook, which employ similar data tracking strategies for targeted advertising. Placing this restriction on broadband companies only will benefit its competitors, the companies argue.

As Bloomberg reported in April based on data by research firm 451 Research, revenue from selling targeted advertising for telecommunication companies can reach $5 billion this year and can rise to $20.5 billion by 2020.

"There is no sound reason to subject broadband providers to a different set of rules than other Internet companies," AT&T complained in a regulatory filing. "This would only confuse consumers and deny broadband providers the same opportunity other Internet companies have to participate in the fast-growing digital advertising market."

The company also argued that the FCC’s approach to categorize all web browsing and app usage data as sensitive is overreaching, since "the fact that someone has accessed CNN.com or ESPN.com should not be considered sensitive."

Those type of non-sensitive web-browsing data, Omri Ben-Shahar, a professor of Law at University of Chicago tells the Monitor in a phone interview, is what fuels internet companies and gives users free services. Such regulations undermines the deal where users provide their non-sensitive data in exchange for services, mostly in the form of targeted advertising, he says.

"There is very little data to show that people have been injured such that the lawmakers should regulate," Professor Ben-Shahar says. "In my view it’s not necessary and not effective."

Of course, all these protections will only work if consumer actually read disclosure forms before signaling consent. Harris says the next step by FCC might be to look at how the companies may be required to present the information. In a paper in April, Ben-Shahar found that warning boxes and simplified disclosures do not influence consumers' decisions when it comes to signing agreements. 

"A large amount of social research shows that people will not blink before they sign," he says. "It is more of a paperwork regulation than consumer protection."