FTC Queries Internet Providers on Consumer Data Collection and Use

The Federal Trade Commission, which has been digging into the privacy practices of tech giants Facebook and Google, is now training its sights on the internet service providers that bring us all our online content.

In its role as a consumer protection agency, the FTC ordered Verizon, AT&T, T-Mobile, Comcast, Google Fiber, and other ISPs to submit sweeping reports on the subscriber data they collect, what they use it for, and who they share it with.

The federal agency is interested in what relationships the ISPs might have that depend on or deal in advertising while drawing on consumer data for the style of targeted marketing that’s become commonplace in the digital era. The inquiry looks at both external business partnerships and internal company affiliates that might use the data for marketing.

“The FTC is initiating this study to better understand Internet service providers’ privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content,” the agency stated as it announced the orders to ISPs Tuesday.

Commission members voted 5-0 to send an exhaustive list of questions to the seven providers of fixed and mobile internet access, which were given 45 days to submit their reports.

Among the company details FTC wants to see, going back to July 1, 2017, on the data collected by the ISPs:

—Personally identifying information, such as names, addresses, dates of birth, Social Security numbers, telephone numbers, email addresses.

—Location data, such as physical addresses visited, GPS coordinates

—Financial information, such as bank account numbers, credit card numbers

—Content, such as emails, text messages, videos and other digital images, audio, TV and cable viewing history, internet browsing history, search history

—Devices: IP addresses, device identifiers or fingerprints

—Medical records and other sensitive health information, including payments to health care providers

The agency wants to know the purpose for collecting the data, how long it is retained, how it is obtained, whether it is combined with data from other sources, and whether it is aggregated or anonymized.

The FTC also asked for company privacy policies, the options for consumers to access, correct, or delete their data, the methods used by the ISPs to protect the data, as well as reports on the number of consumers who have read or interacted with the privacy policies in each month covered by the reporting period.

The ISPs were ordered to provide detailed information about their corporate structures, including parent companies, subsidiaries, joint ventures, websites controlled, and “operations under assumed names.’’ The FTC asked for details about any unit that offers “ad services” that track, analyze, or otherwise identify consumers, their households, or their devices, for the purpose of advertising.

Photo credit: Depositphotos.

Trending on Xconomy