Future Tense

Congress Votes to Allow Broadband Providers to Sell Your Data Without Your Permission

Your ISP knows all.


In a defeat for digital privacy advocates, the House of Representatives voted Tuesday to allow internet service providers to sell information about consumers’ browsing history without their knowledge or consent.

The bill repeals FCC the broadband privacy rules passed during the final months of the Obama administration. In addition to protecting customer data, the rules, which never had a chance to go into effect, also required the providers to notify customers when they experienced a data breach. The Senate voted to revoke the rules last week.

The issue generally fell along party lines in Congress, with Democrats voting to keep the rules and Republicans voting to repeal them. The Republican argument? Google, Facebook and other large web companies aren’t subject to similar restrictions. Targeting just the ISPs, the reasoning goes, is unfair and puts them at a disadvantage in a market that includes apps and websites that can also collect your personal information. There should be a single, simple set of privacy rules to protect internet users, the Republicans say. The proponents of the FCC regulations countered that, while internet users can easily switch browsers, they often have little choice when it comes to broadband services and have to agree to their terms in order to stay connected. And ISPs know an enormous amount about theircustomers. In a Future Tense piece in February, Rep. Frank Pallone Jr., D-N.J., and FTC Commissioner Terrell McSweeny wrote, “Broadband providers potentially have access to every bit of data that flows from a consumer. That type of access demands a set of rules that matches the long held expectations of Americans—that we should have the freedom to control access to the most sensitive information about our daily lives.”

Since it doesn’t look like Congress will pass broad consumer protections anytime soon, ISPs can now track their customers’ data and sell it to advertisers eager to more precisely personalize their ads. That means knowledge of a customer’s location at a given time, as well as their browsing history, app usage history, and data about their health and finances, for example. Given that the majority of Americans feel their privacy is already vulnerable online, this seems like a problem.

And it’s not just privacy at stake. Some proponents of the FCC regulation argued that allowing ISPs to keep track of and sell consumers’ data exposes their information to more security threats. The Electronic Frontier Foundation notes that if internet providers want to sell customers’ data, they’ll have to collect it first, which makes for an appealing target for hackers. “Internet providers haven’t exactly been bastions of security when it comes to keeping information about their customers safe,” the EFF’s site says.

The Federal Trade Commission has the ability to protect consumers against unfair business practices, and it has brought cases against companies that act against consumers’ privacy interests. But that’s less preventative and more reactive. Furthermore, the FTC can’t apply its own privacy guidelines because the current rules on net neutrality placed the internet providers firmly in the FCC’s jurisdiction. For those hoping the FCC will fight back, there’s a problem: The bill that passed not only struck down the FCC rules, but it also prevented the FCC from proposing similar regulations in the future.

The federal government’s warming to the telecommunication companies doesn’t come as a surprise to those following Trump’s distaste for free speech on the internet and the buddy-buddy relationship between large telecom companies and the GOP. There’s always the hope the states will take up the cause of protecting internet users, but this bill is a clear indication this Congress does not value consumer protection for the digital era.