Data privacy attorneys consider future of consumer protections

Olivia Covington
April 19, 2017
Back to TopCommentsE-mailPrintBookmark and Share

A rule designed to provide internet users with an extra layer of control over their web use history is dead before it ever fully came to life, but data privacy law experts say there’s little reason for consumers to panic.

A proposed Federal Communications Commission rule, which was first recommended last October, would have required internet service providers, such as Comcast, Verizon or AT&T, to obtain explicit permission before selling their customers’ personal online data, which includes the history of their app usage or browser searches. Such data is highly valuable to advertisers who try to target potential customers with online ads tailored to their specific interests. But under the FCC’s proposal, ISPs could not have sold that data to advertisers without first obtaining permission from consumers.

However, Congress voted to roll back those protections last month, sending the bill to President Donald Trump’s desk before the FCC rule ever took effect. Though public response to Congress’ decision and Trump’s approval was generally negative, data privacy attorneys say because the rule was never enforced, little about online privacy has changed.

“It effectively re-established the status quo,” said Fred Cate, a professor at the Indiana University Maurer School of Law and senior fellow at the IU Center for Applied Cybersecurity Research.

While in the past ISPs may have been hesitant to use consumer data without permission as they waited for Congress to decide whether such practices were permissible, they were never explicitly prohibited from selling the data, Cate said. The difference now is ISPs officially have a green light to capitalize on their customers’ online histories, though it remains to be seen how far service providers will go to profit from the data, he said.

McGinnis McGinnis

For data security and privacy attorneys, the vote to roll back the FCC recommendation creates more uncertainty in terms of where to draw the line on privacy regulations, said Brian McGinnis, a Barnes & Thornburg LLP partner and member of the firm’s Internet and Technology and Data Security and Privacy practice groups. The central question is where should the burden be placed, McGinnis said. Should consumers bear the responsibility of taking steps to protect their online data, or should ISPs be required to ask for permission before selling customer information to advertisers?

The FCC’s recommendation was meant to place more of the burden on ISPs by establishing an “opt-in” form of privacy protections, Cate said. In an opt-in policy, consumers must give their consent to the sale of their data before ISPs can share that data for profit. Opt-in policies are the norm in other parts of the world, McGinnis said, particularly in Europe.

But the system now reverts to an opt-out system in which ISPs can sell consumer data unless a customer explicitly says otherwise, placing more of the burden on consumers. U.S. policy decisions have generally been trending more toward opt-out systems, McGinnis said.

The proposed rule was further seen as leveling the playing field among ISPs and internet giants such as Facebook and Google, which can take their users’ data history and turn it into targeted advertising on their sites. But there are some notable differences between the likes of Comcast and Facebook, Cate said — namely the fact that consumers often have little choice in their ISP.

While no one is forced to create a Facebook account or to use Google for their online searches, consumers are generally only given two or three choices when it comes to their internet service provider, Cate said. Thus, in some areas where only one ISP is available, that provider could develop a virtual monopoly over consumers and their data in that area.

In those situations, Cate said the FCC protections were designed to hold ISPs to a higher standard of regulation and let customers know that their data was being collected for a possible commercial purpose. Congress’ decision represents a change in the country’s political climate regarding regulations and a continuation of the ongoing net neutrality debate, McGinnis said.

Gasper Gasper

Aside from the sale of consumer data, privacy experts are also examining how that data might be used outside the realm of advertising. This is a particularly poignant issue for those who specialize in the internet of things, a concept Ice Miller LLP partner George Gasper describes as “devices talking to each other.”

For example, a “smart” thermostat, or one controlled remotely by a smartphone, is considered part of the internet of things because the thermostat must communicate with the phone to perform the desired function. But performing those IoT functions naturally implicates large amounts of user data, which can then be collected to create a “profile” of the data consumer.

As with other online privacy concerns, there are multiple views on the implications of the collection of IoT data, said Gasper, a member of Ice Miller’s IoT team. While the information collected through IoT communications can enable ISPs to increase convenience to users, he said there is also the looming concern that such data will be somehow misused, either through its sale or some other form of dissemination.

merker Merker

To that extent, Nick Merker, a partner in Ice Miller’s Chicago office who specializes in data security and privacy and is a member of the firm’s IoT group, said allowing ISPs to sell consumer data can erode trust in IoT products. That loss of trust could cause a customer to abandon a particular brand, such as Amazon Alexa, in favor of a similar product from another brand, such as Google Home, if the customer believes Google handles its consumer data better than Amazon, Merker said.

But as Cate noted with the Facebook and Google comparison, such competition does not exist among ISPs, Merker said, so allowing service providers to self-regulate may be a more logical step than to impose federal guidelines.

As consumer privacy experts continue the ongoing net neutrality debate, the data privacy attorneys say there are steps consumers can take to actively protect their data if they have privacy concerns, such as purchasing a virtual private network.

Downloads of VPNs, which allow consumers to “mask” their online communications by routing them through another server, have shot up in the last month, Cate said. Describing VPNs as a tunnel, he said consumers can use them to shield and encrypt their data by making it seem as if the web data is coming from somewhere else. For example, if a consumer is in Europe but is using a VPN server located in the United States, the consumer’s web traffic will appear to websites to be coming from the United States.

“You can protect your communications from the prying eyes of parties that are transmitting your communications,” Cate said.•


  • privacy
    Almost everything connects to internet these days. From your computers and Smartphones to wearable gadgets and smart refrigerators in your home, everything is linked to the Internet. Although this convenience empowers usto access our personal devices from anywhere in the world such as an IP camera, it also deprives control of our online privacy. Cyber criminals, hackers, spies and everyone else has realized that we don’t have complete control on who can access our personal data. We have to take steps to to protect it like keeping Senseless password. Dont leave privacy unprotected. Check out this article for more ways:

Post a comment to this story

We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
You are legally responsible for what you post and your anonymity is not guaranteed.
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in Indiana Lawyer editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by
Subscribe to Indiana Lawyer
  1. Building social-media presence is inevitable for Law Firms. These tips are very useful to strengthen social media presence. Thank you for sharing this.

  2. Mr. Levin says that the BMV engaged in misconduct--that the BMV (or, rather, someone in the BMV) knew Indiana motorists were being overcharged fees but did nothing to correct the situation. Such misconduct, whether engaged in by one individual or by a group, is called theft (defined as knowingly or intentionally exerting unauthorized control over the property of another person with the intent to deprive the other person of the property's value or use). Theft is a crime in Indiana (as it still is in most of the civilized world). One wonders, then, why there have been no criminal prosecutions of BMV officials for this theft? Government misconduct doesn't occur in a vacuum. An individual who works for or oversees a government agency is responsible for the misconduct. In this instance, somebody (or somebodies) with the BMV, at some time, knew Indiana motorists were being overcharged. What's more, this person (or these people), even after having the error of their ways pointed out to them, did nothing to fix the problem. Instead, the overcharges continued. Thus, the taxpayers of Indiana are also on the hook for the millions of dollars in attorneys fees (for both sides; the BMV didn't see fit to avail itself of the services of a lawyer employed by the state government) that had to be spent in order to finally convince the BMV that stealing money from Indiana motorists was a bad thing. Given that the BMV official(s) responsible for this crime continued their misconduct, covered it up, and never did anything until the agency reached an agreeable settlement, it seems the statute of limitations for prosecuting these folks has not yet run. I hope our Attorney General is paying attention to this fiasco and is seriously considering prosecution. Indiana, the state that works . . . for thieves.

  3. I'm glad that attorney Carl Hayes, who represented the BMV in this case, is able to say that his client "is pleased to have resolved the issue". Everyone makes mistakes, even bureaucratic behemoths like Indiana's BMV. So to some extent we need to be forgiving of such mistakes. But when those mistakes are going to cost Indiana taxpayers millions of dollars to rectify (because neither plaintiff's counsel nor Mr. Hayes gave freely of their services, and the BMV, being a state-funded agency, relies on taxpayer dollars to pay these attorneys their fees), the agency doesn't have a right to feel "pleased to have resolved the issue". One is left wondering why the BMV feels so pleased with this resolution? The magnitude of the agency's overcharges might suggest to some that, perhaps, these errors were more than mere oversight. Could this be why the agency is so "pleased" with this resolution? Will Indiana motorists ever be assured that the culture of incompetence (if not worse) that the BMV seems to have fostered is no longer the status quo? Or will even more "overcharges" and lawsuits result? It's fairly obvious who is really "pleased to have resolved the issue", and it's not Indiana's taxpayers who are on the hook for the legal fees generated in these cases.

  4. We are a Finance Industry Company professionals with over 15 Years Experience and a focus on providing Bank Guarantee and Standby Letter of Credit from some of the World Top 25 Prime Banks primarily from Barclays, Deutsche Bank, HSBC,Credit Suisse e.t.c. FEATURES: Amounts from $1 million to 5 Billion+ Euro’s or US Dollars Great Attorney Trust Account Protection Delivered via MT760, MT799 and MT103 Swift with Full Bank Responsibility Brokers Always Protected Purchase Instrument of BG/SBLC : 32%+2% Min Face Value cut = EUR/USD 1M-5B Lease Instrument of BG/SBLC : 4%+2% Min Face Value cut = EUR/USD 1M-5B Interested Agents/Brokers, Investors and Individual proposing international project funding should contact us for directives.We will be glad to share our working procedures with you upon request. We Facilitate Bank instruments SBLC for Lease and Purchase. Whether you are a new startup, medium or large establishment that needs a financial solution to fund/get your project off the ground or business looking for extra capital to expand your operation,our company renders credible and trusted bank guarantee provider who are willing to fund and give financing solutions that suits your specific business needs. We help you secure and issue sblc and bank guarantee for your trade, projects and investment from top AA rated world Banks like HSBC, Barclays, Dutch Ing Bank, Llyods e.t.c because that’s the best and safest strategy for our clients.e.t.c DESCRIPTION OF INSTRUMENTS 1. Instrument: Funds backed Bank Guarantee(BG) ICC-600 2. Currency : USD/EURO 3. Age of Issue: Fresh Cut 4. Term: One year and One day 5. Contract Amount: United State Dollars/Euros (Buyers Face Value) 6. Price : Buy:32%+1, Lease: 4%+2 7. Subsequent tranches: To be mutually agreed between both parties 8. Issuing Bank: Top RATED world banks like HSBC, Barclays, ING Dutch Bank, Llyods e.t.c 9. Delivery Term: Pre advise MT199 or MT799 first. Followed By SWIFT MT760 10. Payment Term: MT799 & Settlement via MT103 11. Hard Copy: By Bank Bonded Courier Interested Agents,Brokers, Investors and Individual proposing international project funding should contact us for directives.We will be glad to share our working procedures with you upon request. Name:Richardson McAnthony Contact Mail :

  5. Affordable Loan Offer ( NEED A LOAN?Sometime i really wanna help those in a financial problems.i was wondering why some people talks about inability to get a loan from a bank/company. have you guys ever try Eric Benson lending cost dollars to loan from their company. my aunty from USA,just got a home loan from Eric Benson Lending banking card service.and they gave her a loan of 8,000,000 USD. they give out loan from 100,000 USD - 100,000,000 USD. try it yourself and testimony. have a great day as you try.Kiss & Hug. Contact E-mail: