Is Your ISP Selling Your Browsing History?

Is Your ISP Selling Your Browsing History?

Privacy protections designed to prevent U.S. internet service providers from sharing or selling subscribers’ personal information with third parties — without permission — was removed by U.S. Congress on last week. For people living in the United States this now means that information about the apps internet subscribers use, the websites they visit, and the things they purchase online — among other things — can potentially be tracked, shared, and monetized by third parties, unless those users opt out. With that in mind, you might be pleased to learn that here in Canada, which often follows the U.S. lead on technology issues, has taken a different approach. Here, internet service providers can only share your personal information with third parties with your express consent. 

The US Senate has voted to overturn consumer-friendly internet privacy rules that would have prevented internet providers from sharing your web browsing history without permission.

The privacy rules, passed last year by the FCC, required internet providers  to get each customer’s permission before sharing personal information like which websites they visit.

With that in mind, its been obvious that internet providers really want to be able to sell that data(with or without your permission) so it can be used to target specific ads to each person as they browse the internet.  Remember back in 2013, the privacy commissioner launched an investigation into a new Bell initiative called the “relevant advertising program.” The Canadian telco used network usage information, as well as account and demographic information, to build advertising profiles that could be used by third parties to target specific audiences with ads.

In other words, advertisers could target Bell users that visited certain websites. Browsing history or frequently used apps could also be used to infer users’ interests. Users could be further targeted by age, phone model or credit score. Bell also indicated that it might use home internet usage, television viewing history and calling patterns to build ad profiles in the future.

This sort of thing could be fine — but only if customers have that option to opt in, or choose to allow their personal information to be used in this way. In this case, however, Bell designed the relevant advertising program to be opt-out only, which was the default for their users which meant that everyone was automatically opted-in unless they said otherwise. This however, is now the current reality for internet users in the U.S.

So, a lot of times Canadian internet providers seem to follow their U.S. counterparts lead on technology issues. But at this point in time, you might be pleased to learn that Canadian internet providers have taken a different approach. Here, internet service providers can only share your personal information with third parties with your express consent – this is thanks to the privacy commissioner of Canada and the CRTC. Both organizations have released decisions in recent years that effectively limit the information internet service providers can collect and use for secondary purposes, such as marketing, without your consent.

Even though Canadian ISPs can’t share personal information with third parties without your consent, it doesn’t mean they’re not sharing any data at all.

All of the main ISP’s here in Canada, for example, say they may share de-identified information — data that has been stripped of personal information — with third parties, without your consent. They said it is done for “research, planning, or product and service development,” and  “to provide social benefits (such as assisting municipalities with traffic planning) and to develop analytic marketing reports.”

Researchers have shown that, in some cases, users can be re-identified when de-identified data is combined with other sources of data. It’s enough of a concern that some companies explicitly forbid re-identification in their terms of use.

But by and large, I would think the collection of de-identified data would be less of a concern as it really doesn’t tell you anything about any individual. Of course, knowing things about individuals is exactly what marketers want and need from ISPs so they can target you with the right ads. In Canada, they’ll have to keep waiting. In the U.S., not so much.



Leave a Reply

Your email address will not be published. Required fields are marked *


My Twitter Feed: