Pay-for-Privacy Schemes Put the Most Vulnerable People at Risk
The FCC has opened a proceeding on the rules and policies surrounding privacy rights for broadband service. One industry practice called into question in that proceeding could have a devastating impact on our most vulnerable populations.
Internet service providers charge broadband customers a ton for internet access. ISPs are increasingly finding new revenue streams too, by taking part in the multibillion-dollar market that’s evolved out of selling users’ personal information to online marketers.
As the debate around privacy has heated up, ISPs have tried to placate the public’s growing interest in privacy protections while maintaining revenues they can get when they auction off their customers’ valuable personal information.
One proposed solution that AT&T has largely “pioneered”? Having customers pay to preserve their privacy.
Threats to low-income people
The potential harms and discriminatory implications of this practice are obvious. It could mean that only people with the necessary financial means could protect their privacy and prevent their ISPs from sharing their personal information with predatory online marketers.
The FCC rulemaking proceeding seeks comments on whether to allow such “financial inducements” for the surrender of private information. If the agency decides not to ban such practices outright, it wants to know how it should regulate them.
As our lives have moved online, ISPs have gained access to our most sensitive personal information. Advanced technologies allow companies to track us invisibly, collecting and selling data on nearly every detail of what we do online.
But ISPs don’t just stop at knowing what we’re doing. The location tracking that’s needed to provide mobile service to our phones lets the ISPs know when and where we do it too. And they can figure out the people and organizations we associate with by looking at who we talk to and which websites we visit.
What ISPs know about you
As these companies track their customers, they create comprehensive dossiers containing sensitive information on each person’s finances, health, age, race, religion and ethnicity. Their reach is so pervasive that information like a visit to a website discussing mental health, a search on how to collect unemployment benefits, or a visit to a church or Planned Parenthood office could be swept up into their databases.
How do you feel about your ISP selling such a personal glimpse into your life to online advertisers? Under a pay-for-privacy scheme, you wouldn’t need to worry about it so long as you could afford to shell out the hush money. But those who aren’t so fortunate would have to relinquish any control over how their personal data is spread across the web.
The FCC raised concerns about this dynamic when it launched its rulemaking proceeding, noting that such pay-for-privacy practices might disadvantage low-income people and members of other vulnerable communities. But it didn’t make any specific recommendations or issue any proposals on how to regulate in this space.
Long before the FCC launched this inquiry at the end of March 2016, and even before the agency had clarified its authority to protect broadband users in the February 2015 Open Internet Order, AT&T’s GigaPower broadband service had become one of the first pay-for-privacy plans on the market. The AT&T deal allows customers to opt out of some information sharing if they pay an extra $29 a month or more.
For a struggling family, that could mean choosing between paying for privacy and paying for groceries or the public transportation needed to get to work. And while AT&T might be the first to launch this kind of service, an article in Fortune notes that other companies are eager to roll out similar plans.
Under pay-for-privacy models, consumers who are unable to pay the higher broadband cost will likely see their ISPs share their data with shadowy online data brokers who use this information to tailor marketing messages. While unregulated and unaccountable data brokers are a threat to everyone’s privacy, they’re notorious for targeting low-income communities, people of color and other vulnerable demographics.
One particularly damning report from the Senate Commerce Committee offered a glimpse into how these brokers categorize and label these target audiences.
The Senate committee’s report notes, for example, that the “Hard Times” category includes people who are “Older, down-scale and ethnically diverse singles typically concentrated in inner-city apartments.”
It continues: “This is the bottom of the socioeconomic ladder, the poorest lifestyle segment in the nation. Hard Times are older singles in poor city neighborhoods. Nearly three-quarters of the adults are between the ages of 50 and 75; this is an underclass of the working poor and destitute seniors without family support … ”
These classifications can influence not just what kinds of ads people see, but the interest rates they’re offered or the insurance premiums they pay. These targeted communities are precisely the ones who can’t pay extra to shield their personal information from these dangerous companies.
There may be some argument that if big companies are going to profit from our data anyway, it’s actually good if their customers get a share of that. The FCC’s rulemaking proposal notes that brick-and-mortar stores and websites alike offer all sorts of “free” services, discounts and perks in exchange for the data they mine from their customers and users.
But the nature of the broadband market — where users have no real options when it comes to choosing their providers, and no way to opt out short of staying offline — makes the tradeoffs here especially worthy of attention.
If users could get fair value for their data, and if they got a real discount on broadband and not just a privacy penalty, and if they were providing truly informed consent with full knowledge of all the pernicious uses data brokers have for their information, then maybe we could have a conversation about the fairness of such schemes. But those are some very big ifs.
We need better transparency rules for marketers and easy-to-use disclosures and opt-in mechanisms before we get there. We also need strong baseline privacy protections guaranteed for all, including rules that prohibit ISPs from using discriminatory schemes that jeopardize the rights of their most vulnerable customers.
We applaud the FCC for taking this crucial first step to protect privacy from broadband ISPs’ overreach and abuse. As gatekeepers to the internet, ISPs hold a wealth of information about their customers, and the Communications Act commands the FCC to establish strong safeguards for that private info.
But the FCC must remember that our rights are not for sale — and that privacy is not a luxury for the wealthy.