Tell Congress to Protect Our Personal InformationLearn More About Unauthorized Access to Data
In March of this year, the Center for Digital Democracy released a comprehensive report outlining the increasing use of subscriber data by Internet Service Providers and video providers. The report details the common practices of cable operators gathering their customers’ personal information, sharing and combining that information with third parties, and using it to target customers for advertising on an individual level.
Verizon, Comcast, Google, AT&T, Time Warner, Cablevision, and others have incorporated powerful layers of data collection and digital marketing technologies to better target individuals. The CDD report makes it clear that cable operators are harvesting consumer data. What is not clear is whether consumers are informed of the extent to which their information is being shared and combined with third parties.
Federal law requires cable and satellite providers to obtain permission from subscribers prior to collecting and using their information for advertising purposes. Cable operators are also required to provide subscribers with a written statement that clearly describes the nature of the use of their personally identifiable information. Currently, cable operators obtain opt-out consent from consumers to use their information, which is insufficient to constitute prior consent under the law. And their privacy policies often fail to adequately disclose the extent to which they are sharing and combining customer data with third parties.
While these practices are broadly indicative of the ways many cable operators improperly use subscriber data, AT&T, Cablevision, and Comcast are among the most egregious. This is why Public Knowledge, along with Center for Digital Democracy, Consumer Watchdog, Consumer Action, TURN - The Utility Reform Network, and Consumer Federation of America, filed a complaint with the Federal Communications Commission asking the agency to enforce the privacy laws and take action against Comcast, AT&T, and Cablevision. The groups also filed a complaint with the Federal Trade Commission alleging that the pervasive use of consumer data without opt-in consent amounts to an unfair and deceptive practice. (These two agencies work closely together on enforcement of consumer protection rules, and have shared jurisdiction over cable companies.)
The complaints outline a few of the common data practices employed by cable operators. AT&T’s targeting platform TV Blueprint, for example, “gives advertisers working with AT&T the ability to reach people based on factors like device, operating system, whether or not they’re heavy data users or the status of their carrier contract,” using “sophisticated second-by-second set-top box data” and other information. Cablevision leverages granular data and precise details of household viewing behavior, and combines that with third-party data covering other intimate details of consumers’ lives to analyze and target specific individuals with video advertising across a range of screens. In their own words, “this set-top box level targeting lets marketers target customers that fit particular trends, profiles, demographics and attributes, and they can also pair the Cablevision data with their own or third-party data.” Comcast recently acquired Visible World, which boasts of using data “from millions of enabled Smart TVs” as part of its advertising targeting service.
These programs illustrate how cable providers give advertisers the ability to easily access and use a customer’s information without that customer knowing the extent to which that information is being used. AT&T, Cablevision, and Comcast are powerful providers that have a lot of control over the video marketplace, which means fewer choices for consumers. With little to no choice, a consumer may not be able to avoid using a provider with questionable privacy practices.
Consumer advocates are in the midst of a public battle with cable companies over the FCC’s proposal to open up the set-top box marketplace. Cable operators’ objections to the proposal often focus on an obligation to protect the privacy of customer set-top box information. As we detail in our complaint, cable companies not only collect and analyze this data, but often license out this personal information to third parties, and often do not make that clear in their disclosures to customers. Cable providers should abide by the higher cable privacy standard they claim to embrace, and their practices to achieve this should be clear to both regulatory agencies and customers.
Additionally, Public Knowledge believes this provides another opportunity for the FCC and the FTC to show the virtues of having “two cops on the privacy beat,” and the special expertise each agency brings to protecting consumers. Representatives from each agency recently explained during a panel event that the two agencies aren’t like Batman vs. Superman, but rather, The Justice League. They each receive a privacy complaint on behalf of consumers in need of protection and use their unique skills and abilities to address the complaint accordingly.
We will see who comes to our rescue first, but we hope that both agencies will fully enforce consumer privacy laws and standards in light of our complaint. The FCC should ensure that customers can give the appropriate level of consent prior to their information being used and shared, and the FTC should ensure cable operators are being transparent with consumers about how extensively their information is being used and shared.
Image credit: Flickr user Mr.TinDC