In April 2017, President Donald Trump signed legislation that repealed Federal Communications Commission privacy regulations that were to have taken effect in 2017 and would have required internet service providers (ISPs) to obtain your consent before they sell or share your data.
Among other things, FCC’s regulations would have prohibited ISPs from selling your browsing history, use-data and IP address to advertisers and data brokers that want to build a detailed profile of you, so they can send you personalized advertisements based on your interests and purchasing habits.
All ISPs sell your information without your consent or knowledge, and they’ve been doing so for years. Twenty-five experts tell Consumers Digest that consumers have no way to prevent ISPs from collecting at least some of their information, aside from not using the internet. Your use-data and browsing history include detailed information about you, which makes it easy for ISPs—and the advertisers and data brokers that buy your data—to know your contacts, habits, hobbies, interests, political leanings, search terms and anything else that you share or visit online.
What’s new is that in the past 3 years, ISPs and data brokers improved their capability to track your location and movement, experts say. ISPs and data brokers also improved their capability to deanonymize data, which means that they now create detailed profiles of individual users’ behaviors. In other words, data brokers can create maps of where you live, your route to work, and the places, restaurants and stores that you typically visit. Advertisers can buy this information and send personalized ads for, say, a hardware store to everyone who is within 5 miles of the hardware store who recently clicked on a hardware link or otherwise expressed an interest online in hardware.
Experts say it’s impossible for you to know which data brokers have your information or what they collect. We found that it’s possible to remove information from some data-broker websites, but we also found that the same information typically reappears a few weeks later.
“The concern about data brokers is definitely warranted, because it’s a really opaque industry with a lot of different players, and their practices aren’t transparent,” says Amul Kalia of Electronic Frontier Foundation, which advocates for digital privacy.
Privacy Rights Clearinghouse (PRC), which advocates for consumer-privacy rights, tells us that no ISP will allow you to opt out of all of its data collection. In the past 3 years, we noticed that most ISPs claim that they’ll let you opt out of some types of data collection. We read the privacy-policy pages of 12 ISPs. We found that they’re vague about the types of information that the ISP collects, and we have no way to know whether the ISPs’ opt-out procedures actually work. What’s more is that ISPs don’t allow you to opt out of allowing your mobile app use and browsing history to be stored and tracked. They only let you opt out of receiving some personalized ads based on your data, according to American Civil Liberties Union.
Furthermore, 51 percent of Americans have only one choice of ISP, according to ACLU. In other words, if an ISP’s policies make you uncomfortable, your only choice might be to unplug from the internet—an unrealistic choice.
WATCHING YOU. ISPs that gobble up your personal data—and sell it—aren’t the only risk that’s out there. All search engines and social-media websites collect information on consumers, and they have done so for years.
Facebook and Google are the two largest digital advertisers in the United States, and they’re the two websites on which U.S. consumers share the most information. Although the two companies claim that they don’t sell consumers’ data, Facebook and Google allow advertisers to send personalized ads to consumers who fit certain profiles. So, a manufacturer of, say, power tools can pay Facebook and Google to show one of its ads to a consumer who recently clicked on a link about power tools or otherwise expressed an interest in power tools.