[ad_1]
The Federal Trade Commission, in what could be seen as a prelude to a new regulatory measure, issued an order to several major Internet service providers, requiring them to share every detail of their data collection practices. The information could reveal patterns of abuse or use of disturbing data against which the FTC – or the states – may wish to take action.
The letters requesting information (detailed below) were sent to Comcast, Google, T-Mobile and both the Verizon and AT & T sub-companies, both fixed and wireless. These "represent a range of large and small ISPs, as well as providers of fixed and mobile Internet access," said a spokesman for the FTC. I do not know what is supposed to be the smallest, but any information that the agency can extract from them is welcome.
Since the Federal Communications Commission has waived its role in respect of consumer privacy with these Internet service providers, while Congress had authorized the reversal of the confidentiality rule for broadband, the Commission said: others have taken over, including California and even cities like Seattle. But for companies in the country, surveillance at the national level is preferable to a mosaic approach. It is therefore possible that the FTC is preparing to take a firmer stance.
To be clear, the FTC has already put in place consumer protection rules and could already attack an ISP if it violates the privacy of its users – you know, sell their site to any person who asks for it. (Still no action there, by the way.)
But the evolution of the media and telecom landscape, in which we see huge companies devouring themselves to provide as many additional services as possible, requires constant reassessment. As the agency writes in a press release:
The FTC launched this study to better understand the privacy practices of Internet service providers, in light of the evolution of vertically integrated telecommunications carriers, which also provide advertising-funded content. .
Although the FTC is always extremely cautious in its comments, this statement gives a good idea of what concerns them. If Verizon (the parent company of our parent company) wants to offer not only the connection you get on your phone, but also the media you request, the ads you broadcast and the follow-up you've never heard of it must show that these companies are not. somehow fleeing the rules behind the scenes.
For example, if Verizon Wireless says that he does not collect or share information about the sites you visit, but about the mysterious VZ Snooping Co (fictitious, I must add) gets all that and then sells it to his sister company for peanuts, which could be a deceptive practice. Of course, it is rarely so simple (although it is not excluded), but the only way to be sure is to interview everyone involved and carefully compare responses to real world practices.
If not, how could we adopt dubious tax-free practices, zombie cookies, backdoor deals, or superficial talk about privacy laws? There is a lot of data and complaints from the regulators to find solutions.
For this purpose, letters to ISPs require a wealth of information about business data practices. Here is a summary:
- Categories of personal information collected on consumers or devices, including objectives, methods and sources of collection
- how the data was or is used
- third parties who provide or receive these data and what limitations are imposed on them
- how are these data combined with other types of information and how long are they kept?
- internal policies and practices restricting access to this information by employees or service providers
- any confidentiality assessment conducted to assess risks and associated policies
- how the data is aggregated, anonymized or unidentified (and how these terms are defined)
- how aggregated data is used, shared, etc.
- "Data cards, inventories or other diagrams, diagrams or graphic representations" of the collection and storage of information
- total number of consumers who "consulted or consulted or consulted" the privacy policy
- if consumers have a choice in data collection and retention, and what are the default choices
- total number and percentage of users who made such a choice, and what choices they made
- if consumers are encouraged (or threatened) to opt for data collection and how these programs work
- any process that allows consumers to "access, correct or delete" their personal information
- data removal and retention strategies for this information
Substantial, no?
Needless to say, some of this information may not be particularly flattering to ISPs. If only 1% of consumers have already chosen to share their information, for example, the sharing of this information has negative consequences. And if the data can be combined across categories or services in order to anonymize them, even potentially, this is another major concern.
The representative of the FTC refused to specify whether there would be any collaboration with the FCC in this company, if it was a preliminary step to any other action and if it may or will independently verify the information provided by the ISPs contacted. This is an important point given the mediocrity with which these same companies submitted their coverage data to the FCC for its annual Broadband Deployment Report. A confrontation with reality would be welcome.
You can read the rest of the letter here (PDF).
[ad_2]
Source link