This week, President Donald Trump signed the widely-criticized bill repealing FCC ISP privacy rules, which would have required internet service providers to get opt-in consent before selling customers’ web browsing history. The rules hadn’t actually gone into effect, but the bill’s passage was a wake-up call for American internet users, who suddenly realized: Wait, what the hell, my ISP can sell my browsing history? And it’s not just that they can: they don’t have to make it easy, or even possible, to opt out.
Why you’re screwed
Without the repealed rules, the law dictating how ISPs get your consent for selling your data is very murky. In terms of browsing information, “each company can interpret what kind of consent is required,” according to Katharina Kopp, deputy director at the Center for Digital Democracy. The Communications Act requires that customers opt in before ISPs share their “proprietary information,” but without an FCC rule to interpret the statute, it’s unclear whether browsing history should count as proprietary information, and that lack of clarity means providers can decide for themselves that it doesn’t count. And without rules, there isn’t a standard for if or how they should provide options to opt out of data sharing, either. Even if ISPs’ data policies were in violation of the law, the lack of interpretation and the lack of will at the FCC means they’re unlikely to get in trouble for it.
Several ISPs, including Verizon and Comcast, signed onto voluntary set of principles on privacy earlier this year, which include a commitment to “offer an opt-out choice to use non-sensitive customer information for personalized third-party marketing.” (Non-sensitive information includes web browsing history, according to them.) Of course, as Dallas Harris, a policy fellow at the internet advocacy group Public Knowledge, told Gizmodo, “I can’t trust my ISP to come between noon and three, so the idea they say, we’ll promise we’ll do this, is not very reassuring.”