Congratulations! Digital privacy policy made it to the general-interest news hole this week. Shame it’s not under better circumstances, but, well, at least it’s a reliable conversation-starter, that Congress voted to nix proposed changes to FCC policy to require a user’s opt-in before ISPs could be allowed to sell their browsing history to advertisers…
This is a development a lot of people might not have predicted a year ago, for a number of reasons. New FCC regulations were set to take effect later in 2017 that would have prevented ISPs from selling this kind of data without user opt-in, so this week’s news marks a step in the opposite direction, straight up.
There was a time when digital privacy was an easy bipartisan issue in Washington: Among the broader public, digital targeting is a convenient (even facile) bogeyman, and challenges to it enjoy wide support. Most people don’t fully understand how their data is used in ad targeting, but many know they don’t like it and are frightened of what it implies. Meanwhile, major digital players like Google and Facebook were slow to pony up those lobbying dollars that would convince lawmakers to side with their industry over voters’ distrust of targeting. Republicans and Democrats alike have introduced countless digital privacy bills over the years, and co-signing lawmakers have gladly jumped on those bandwagons. Whether any one of those bills might actually be helpful to users or enforceable by authorities is another story.
Clearly, we’re in a new place now. FCC Chairman Ajit Pai didn’t want ISPs to lose that power over user browsing data, and neither does Congress.
The thing is, it’s not too steep a request to require user opt-ins in order for ISPs to sell browsing data. (AdMonsters’ Gavin Dunaway has walked through the rationale in past POVs.) Arguably, when you pull up any publisher website, you’re opting in implicitly—many media companies are in the habit nowadays of politely informing users upfront that their data may be used in ad targeting. And if you think the ad experience on a particular site stinks, there are probably tons of other places you can go for similar content. Offering an opt-in/opt-out from the ISP (which is already charging users for service anyway) demonstrates transparency and gives users choices, which in theory encourages people to use and engage with the service.
The argument that ISPs need that data in order to compete with the big platforms is debatable. We’ve seen consolidation among telecoms and other service providers over recent years. Verizon, one of the biggest ISPs in the U.S., bought AOL in 2015. AOL then bought Millennial Media that same year to help expand its mobile ad capabilities. Not to single out Verizon, but let’s face it, there are only so many ISPs to single out. We’re not talking about an underdog company here, not in audience size and not in tech chops.
I called this week’s vote a step in the opposite direction of where the industry had been heading, but basically it’s a step backwards, full stop. It’s a reversion to a paradigm of clandestine data aggregation and execution. It breeds distrust of digital media among users and discourages them from browsing freely, which can’t be good for either publishers or advertisers. We will be hearing questions increasingly about who has a right to whose data. While privacy advocates had quieted down for a long time, with a relative shortage of issues to shout about, we’ll be hearing the shouting again very soon. Chances are someone will re-light the old Do Not Track torch. Look, this issue made it to Stephen Colbert’s monologue on The Late Show, where the host chided Congress for granting ISPs power hardly anyone actually wants them to have. A lot of people are going to get engaged with digital privacy issues now who hadn’t been, and they’re going to start pressuring the industry wherever they can.
The decision to keep things as they are, to allow ISPs to sell user browsing data without consent, looks less like a chance for the ISPs to compete with the Duopoly and more like a chance to squeeze it. Broadband and wireless companies will have a ton of data to run through the tech stacks they’ve been buying and bulking up. ISPs already have unique device IDs from user accounts. To tie that to browsing data is a powerful option, and it also means processing a whole lot of data. The question is whether that volume of data is too great for ISPs to actually do anything useful with it. We’re skeptical they’ll be able to process the data well enough to become a veritable threat to Google and Facebook, but we’ll have an eye on them.