There is much dithering over the move by the US Congress to scrap broadband privacy rules that would prevent ISPs from selling customer data without their permission. A lot of that dithering is politically motivated and misinformed, and really misses both the point of the repeal and the bigger picture in play here.
For a start, ISP customers aren’t losing privacy protections they already had, because the rules in question hadn’t actually taken effect yet. So the repeal at worst preserves the status quo, which is less alarming than some headlines make it sound.
Also, the difference between the status quo and the new rules is basically opt-out vs opt-in. The ISP rules were to implement a national opt-in policy, under which data privacy is protected by default. The status quo means customers have to contact the ISP to opt out – assuming the ISP offers it as an option and provided they make it easy. Privacy and consumer groups don’t trust ISPs to do either, and that may be a valid concern.
However, one valid reason the ISP lobby opposed the rules was because big-name OTT players like Google and Facebook are not covered by the same rules, even though they collect massive amounts of customer data and sell it to advertisers – indeed, it’s their entire business model. They’re regulated under the Federal Trade Council (FTC), whose rules are far less stringent.
Which is why it seems ironic to me that people freak out over the ability of (oh, let’s say) Comcast to sell your data and then post silly memes about it on Facebook, which is doing the exact same thing with far more freedom to do it.
None of this is to say that privacy concerns are overblown. They’re not. Consider: big data analytics is becoming the basis for just about every business model in the coming Digital Economy – not just ISPs, telcos, search engines and social media, but every business or vertical that connects to them, from retail stores and airlines to hospitals and smart cities. The ability to collect data will increase exponentially as we construct the Internet of Things (think of each “thing” as a data collection point connected to a distributed brain), and the ability to process it is getting better all the time. Once we apply machine learning and true AI to the mix, we will be headed into truly uncharted territory.
In other words, the issue of data collection and privacy has moved way beyond forcing ISPs to adopt an opt-in policy. Opt-in is just one aspect of data privacy. Any rules or legislation governing data privacy have to look at the bigger picture of where all this is heading.
What’s needed are strong policies with teeth that hold companies who collect and monetize big data accountable for misuse of it. They need to be transparent about who they sell to, follow best practices to ensure the data is used properly and legally (to include when intelligence agencies request access to it), and – most importantly – they need to be penalized if the data gets stolen.
Also importantly, the rules should be consistent for any organization who collects data and intends to sell it or share it. Sure, really sensitive data like bank details and health records may need more stringent regulation – then again, why shouldn’t all data be treated just as seriously?
I’m not holding my breath, of course – not when public debate over things like this get distorted by political agendas that do more to misinform than get a real discussion started.
For example, one meme claims that ISPs will use the repeal to “manipulate what you see”. Unless they mean targeted ads, I have no idea what they’re talking about.
Meanwhile, some clever clogs have started a campaign to buy the search histories of all of the Congressmen who voted in favor of repeal. Cute, except for one thing: that’s not how it works, as Vox explains here:
There also seems to be some confusion about how these ISP data-sharing plans would work in practice. One crowdfunding campaign, for example, is trying to raise $1 million to buy the browsing history of Republican officeholders like Senate Majority Leader Mitch McConnell, Speaker Paul Ryan, and FCC Chair Ajit Pai. It’s a funny gimmick, but no ISP is currently selling this kind of raw data on individual subscribers. And it’s unlikely they ever will.