For many years, the Federal Trade Commission has policed privacy violations by companies that collect data from Web users.
But now that the Federal Communications Commission has reclassified broadband as a utility service, that agency is expected to exercise oversight over how broadband providers treat consumers' privacy.
That prospect unsettles some consumer advocates, who think the FTC is better suited to wade into privacy controversies. But FCC Chairman Tom Wheeler said this week that his agency is more than capable of protecting broadband users' privacy.
“We didn't just fall off the turnip truck,” Wheeler said this week at the Center for Democracy & Technology's annual Tech Prom. “For the last couple of decades, the FCC has had responsibility for telecommunications carriers and privacy
He added that the FCC will conduct a workshop next month to address how it should handle broadband providers' privacy practices.
The FCC's net neutrality order, released in full today, suggests that the agency is still figuring out how to evaluate privacy practices of Internet service providers.
“Broadband providers serve as a necessary conduit for information passing between an Internet user and Internet sites or other Internet users, and are in a position to obtain vast amounts of personal and proprietary information about their customers,” the order states. “Absent appropriate privacy protections, use or disclosure of that information could be at odds with those customers’ interests.”
At the same time, the agency says that the rules related to telephone callers' privacy aren't necessarily suited to broadband service. “The existing ... rules do not address many of the types of sensitive information to which a provider of broadband Internet access service is likely to have access, such as (to cite just one example) customers’ web browsing history,” the order says.
The FCC's new oversight over privacy comes as broadband providers are increasingly attempting to use data collected from the networks for ad targeting. AT&T recently said that it would offer cheaper U-Verse service to subscribers in Austin, Texas and Kansas City who are willing to receive ads targeted based on their Web activity.
Verizon Wireless recently had to revise an ad-targeting program that involved inserting tracking headers into all mobile traffic. Verizon used those headers to track people's activity online and send them targeted ads. In the past, the company allowed people to eschew receiving targeted ads powered by its own ad program, but didn't allow them to prevent header insertions.
Consumer advocates warned that the headers could be used by outside companies, but Verizon played down those concerns. Recently, however, it emerged that the ad company Turn was drawing on Verizon's headers to track people for behavioral advertising purposes. Even when users deleted their cookies, Turn was able to use Verizon's headers to recreate the deleted files.
Faced with that revelation -- and pressure from Capitol Hill -- Verizon said in January that it would allow customers to direct the company to stop injecting the headers into mobile traffic.