The FTC scrutinises ISPs’ practices as they become vertically integrated platforms that also provide advertising-supported content.

Background: The Federal Communications Commission passed rules in October 2016; these enforced an opt-in mechanism to gather and use customers’ sensitive data, and a right to opt-out from the use of non-sensitive data. They also enforced transparency obligations on what is done with customers’ data and how customers could change their preferences. The rules were repealed in 2017, under the FCC’s new leadership.

The FTC’s inquiry: The FTC is now seeking information from seven large ISPs. This will include: categories of information collected about consumers or their devices; purposes for which it is collected, and how; whether it is shared with third parties, and how long it is retained; and whether it is aggregated, anonymised or ‘deidentified’. The FTC will also investigate whether consumers are offered choices about collection and use of the data, and whether users have been denied or degraded service when they do not consent to use their data.

Why does it matter? Misuse of customer’s location data grabbed headlines in January 2019, when journalistic inquiries found that location aggregators bought them from ISPs and sold them to ill-intentioned agents such as bounty hunters. This caused some major telcos to halt the sale of such data, and lawmakers to promise regulatory intervention if necessary. The FTC’s inquiry could be a first step to the passing of new regulation.