On Thursday, the Federal Communications Commission put out a new set of rules regarding customer data privacy as it pertains to data collected by broadband providers of all shades, including wireless carriers. The rules effectively put all sorts of restrictions on handing user data over to third parties, including doing so for advertising or analytics purposes. Curiously, the restrictions do not apply to internet companies like Google and Facebook. The new regulations are a bit stricter than somewhat similar rules laid out by the Federal Trade Commission for all entities that deal with customers’ personal data, and are meant to supplement those rules, as well as provide a layer of choice and empowerment for users of such services. User consent is now required, in most cases, to use such data externally.
While it could be argued that the lack of enforcement for non-ISP entities is a bit nonsensical, the new rules are a step in the right direction when it comes to consumer privacy. For a good while, it has been no big hassle to share data with third party entities, even if those entities are not specifically disclosed, simply by slapping a clause in your privacy policy saying that you may do so for advertising or analytics purposes, like demographic sampling. According to Verizon, the new rules are more in line with the rules that the FTC has had in place than what companies previously had to govern themselves by, and they support the new rules.
AT&T, on the other hand, said that while they were glad that privacy was being addressed, the new rules could end up confusing consumers. They criticized the fact that the order does little to address users’ data such as history being harvested from apps and browsers, and the fact that the new rule set “falls short of recognizing that consumers want their information protected based on the sensitivity of the information collected, not the entity collecting it..”, referring to the lack of coverage for most non-ISP entities under the new rules. AT&T maintains that this could confuse consumers who will think that their personal data is completely protected, but continue to see targeted advertisements based on their browsing history, and perhaps their app history as well, depending on the device and provider involved.