The Federal Trade Commission has issued orders to numerous U.S. Internet broadband providers and related entities seeking information the FTC will use to examine how the companies collect, retain, use and disclose information about consumers and their devices.
The orders seeking information about privacy policies, procedures and practices were sent to AT&T Inc., AT&T Mobility LLC, Comcast Cable Communications (d/b/a Xfinity), Google Fiber Inc., T-Mobile US Inc., Verizon Communications Inc., and Cellco Partnership (d/b/a Verizon Wireless).
According to the FTC, the agency has initiated the examination in order to better understand Internet service providers’ privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content.
Under current law, the FTC has the ability to enforce against unfair and deceptive practices involving Internet service providers. The information that the FTC is seeking includes: (i) the categories of personal information collected about consumers or their devices, including the purpose for which the information is collected or used, the techniques for collecting such information, whether the information collected is shared with third parties, internal policies for access to such data and how long the information is retained; (ii) whether the information is aggregated, anonymized or deidentified; (iii) copies of the companies’ notices and disclosures to consumers about their data collection practices; (iv) whether the companies offer consumers choices about the collection, retention, use and disclosure of personal information, and whether the companies have denied or degraded service to consumers who decline to opt-in to data collection; and (v) procedures and processes for allowing consumers to access, correct, or delete their personal information.
The data privacy analysis into the practices of U.S. ISPs comes amidst broader privacy inquiries into the practices of leading tech companies and big data.
While FTC hearings, investigations and enforcement actions related to data privacy and consumer protection continue in earnest, state-based privacy bills are popping-up nationwide.
Washington’s Privacy Act has passed the state Senate. It looks like Washington will be the second state in the country to pass a comprehensive privacy statute following California’s Consumer Privacy Act. Washington’s proposed privacy law is similar to California’s new law and the GDPR – at least foundationally – with some distinctions.
The Washington law’s key provisions include, without limitation, rights to access and erasure, rights to restrict processing, rights to portability, enhanced transparency, injunction and monetary fines, a broad application, data brokering and direct marketing disclosure requirements, documented risk assessments.
Utah also just introduced new privacy legislation. It is expected to become effective in May 2019. While not as comprehensive as the California Consumer Privacy Act or Washington’s proposed legislation, the law requires government entities to obtain a warrant in order to access data from third parties.
Contact an FTC defense lawyer to discuss emerging privacy and data security law compliance requirements that impact the digital marketing community.
Richard B. Newman is an Internet marketing attorney at Hinch Newman LLP focusing on advertising and data privacy matters. He is a member of the International Association of Privacy Professionals. Follow him on LinkedIn @FTCLawFirm.
Informational purposes only. Not legal advice. Attorney advertising.