Posted by: Bob Quinn on May 27, 2016 at 8:02 am
Today, we will file our official comments in the Commission’s privacy proceeding. The fundamental message will be that the FCC should follow the FTC’s lead and adopt a notice and consent framework for privacy that is entirely consistent with the FTC framework that has governed since the inception of the Internet. That is contrary to the FCC’s current proposal neatly summarized by FCC Chairman Wheeler at a recent hearing: “For decades, the Commission has steadfastly protected consumers against misuse of their information by [telephone companies] …. It only makes sense that consumers should enjoy similar privacy protections in the world of broadband.” The problem with the FCC’s current approach is that it doesn’t reflect the reality of how the internet actually works.
That “misperception” is captured by a wrong-headed conclusion in the NPRM that ISPs are uniquely in a position to develop highly detailed and comprehensive profiles of their customers. It is just not true. In a prior blog, I talked about Prof. Peter Swire’s paper commissioned to help educate the FCC on the different data collection capabilities of all the platforms operating in the internet ecosystem. [Not] surprisingly, that paper was neither cited nor referenced in the NPRM.
So, it shouldn’t be a shock that a recent Future of Privacy Forum blog post explained that the FCC’s proposed rules reflect “a fundamental misunderstanding of the current online advertising ecosystem, which is fully capable of tracking individual behavior across the Internet as well as between devices.” The post visually illustrates how a consumer’s visit to a single website (WebMD.com) actually results in information being shared with, and received from, 24 third party sites. Once these connections are established, these ad networks are then able to track the consumer and link data about that consumer as she/he browses the internet. If the connection is to a party that has personal information about you (e.g., a social media or email platform), that third party can easily append this new web browsing information back to your personal profile of your internet activity. If the connection is made via a mobile device, the unique device advertising id allows the third party to add to or build a similar profile of the internet activity specific to that device. So, when the Chairman testified that when you make a decision to access Google, WebMD or Facebook that “only one entity collects all of that information,” he was just flat out wrong.