ILNews

Data privacy attorneys consider future of consumer protections

Olivia Covington
April 19, 2017
Back to TopCommentsE-mailPrintBookmark and Share

A rule designed to provide internet users with an extra layer of control over their web use history is dead before it ever fully came to life, but data privacy law experts say there’s little reason for consumers to panic.

A proposed Federal Communications Commission rule, which was first recommended last October, would have required internet service providers, such as Comcast, Verizon or AT&T, to obtain explicit permission before selling their customers’ personal online data, which includes the history of their app usage or browser searches. Such data is highly valuable to advertisers who try to target potential customers with online ads tailored to their specific interests. But under the FCC’s proposal, ISPs could not have sold that data to advertisers without first obtaining permission from consumers.

However, Congress voted to roll back those protections last month, sending the bill to President Donald Trump’s desk before the FCC rule ever took effect. Though public response to Congress’ decision and Trump’s approval was generally negative, data privacy attorneys say because the rule was never enforced, little about online privacy has changed.

“It effectively re-established the status quo,” said Fred Cate, a professor at the Indiana University Maurer School of Law and senior fellow at the IU Center for Applied Cybersecurity Research.

While in the past ISPs may have been hesitant to use consumer data without permission as they waited for Congress to decide whether such practices were permissible, they were never explicitly prohibited from selling the data, Cate said. The difference now is ISPs officially have a green light to capitalize on their customers’ online histories, though it remains to be seen how far service providers will go to profit from the data, he said.

McGinnis McGinnis

For data security and privacy attorneys, the vote to roll back the FCC recommendation creates more uncertainty in terms of where to draw the line on privacy regulations, said Brian McGinnis, a Barnes & Thornburg LLP partner and member of the firm’s Internet and Technology and Data Security and Privacy practice groups. The central question is where should the burden be placed, McGinnis said. Should consumers bear the responsibility of taking steps to protect their online data, or should ISPs be required to ask for permission before selling customer information to advertisers?

The FCC’s recommendation was meant to place more of the burden on ISPs by establishing an “opt-in” form of privacy protections, Cate said. In an opt-in policy, consumers must give their consent to the sale of their data before ISPs can share that data for profit. Opt-in policies are the norm in other parts of the world, McGinnis said, particularly in Europe.

But the system now reverts to an opt-out system in which ISPs can sell consumer data unless a customer explicitly says otherwise, placing more of the burden on consumers. U.S. policy decisions have generally been trending more toward opt-out systems, McGinnis said.

The proposed rule was further seen as leveling the playing field among ISPs and internet giants such as Facebook and Google, which can take their users’ data history and turn it into targeted advertising on their sites. But there are some notable differences between the likes of Comcast and Facebook, Cate said — namely the fact that consumers often have little choice in their ISP.

While no one is forced to create a Facebook account or to use Google for their online searches, consumers are generally only given two or three choices when it comes to their internet service provider, Cate said. Thus, in some areas where only one ISP is available, that provider could develop a virtual monopoly over consumers and their data in that area.

In those situations, Cate said the FCC protections were designed to hold ISPs to a higher standard of regulation and let customers know that their data was being collected for a possible commercial purpose. Congress’ decision represents a change in the country’s political climate regarding regulations and a continuation of the ongoing net neutrality debate, McGinnis said.

Gasper Gasper

Aside from the sale of consumer data, privacy experts are also examining how that data might be used outside the realm of advertising. This is a particularly poignant issue for those who specialize in the internet of things, a concept Ice Miller LLP partner George Gasper describes as “devices talking to each other.”

For example, a “smart” thermostat, or one controlled remotely by a smartphone, is considered part of the internet of things because the thermostat must communicate with the phone to perform the desired function. But performing those IoT functions naturally implicates large amounts of user data, which can then be collected to create a “profile” of the data consumer.

As with other online privacy concerns, there are multiple views on the implications of the collection of IoT data, said Gasper, a member of Ice Miller’s IoT team. While the information collected through IoT communications can enable ISPs to increase convenience to users, he said there is also the looming concern that such data will be somehow misused, either through its sale or some other form of dissemination.

merker Merker

To that extent, Nick Merker, a partner in Ice Miller’s Chicago office who specializes in data security and privacy and is a member of the firm’s IoT group, said allowing ISPs to sell consumer data can erode trust in IoT products. That loss of trust could cause a customer to abandon a particular brand, such as Amazon Alexa, in favor of a similar product from another brand, such as Google Home, if the customer believes Google handles its consumer data better than Amazon, Merker said.

But as Cate noted with the Facebook and Google comparison, such competition does not exist among ISPs, Merker said, so allowing service providers to self-regulate may be a more logical step than to impose federal guidelines.

As consumer privacy experts continue the ongoing net neutrality debate, the data privacy attorneys say there are steps consumers can take to actively protect their data if they have privacy concerns, such as purchasing a virtual private network.

Downloads of VPNs, which allow consumers to “mask” their online communications by routing them through another server, have shot up in the last month, Cate said. Describing VPNs as a tunnel, he said consumers can use them to shield and encrypt their data by making it seem as if the web data is coming from somewhere else. For example, if a consumer is in Europe but is using a VPN server located in the United States, the consumer’s web traffic will appear to websites to be coming from the United States.

“You can protect your communications from the prying eyes of parties that are transmitting your communications,” Cate said.•

ADVERTISEMENT

  • privacy
    Almost everything connects to internet these days. From your computers and Smartphones to wearable gadgets and smart refrigerators in your home, everything is linked to the Internet. Although this convenience empowers usto access our personal devices from anywhere in the world such as an IP camera, it also deprives control of our online privacy. Cyber criminals, hackers, spies and everyone else has realized that we don’t have complete control on who can access our personal data. We have to take steps to to protect it like keeping Senseless password. Dont leave privacy unprotected. Check out this article for more ways: https://www.purevpn.com/blog/data-privacy-in-the-age-of-internet-of-things/

Post a comment to this story

COMMENTS POLICY
We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
 
You are legally responsible for what you post and your anonymity is not guaranteed.
 
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in Indiana Lawyer editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
 
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
 
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.
 

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by
ADVERTISEMENT
Subscribe to Indiana Lawyer
  1. It's an appreciable step taken by the government to curb the child abuse that are happening in the schools. Employees in the schools those are selected without background check can not be trusted. A thorough background check on the teachers or any other other new employees must be performed to choose the best and quality people. Those who are already employed in the past should also be checked for best precaution. The future of kids can be saved through this simple process. However, the checking process should be conducted by the help of a trusted background checking agency(https://www.affordablebackgroundchecks.com/).

  2. Almost everything connects to internet these days. From your computers and Smartphones to wearable gadgets and smart refrigerators in your home, everything is linked to the Internet. Although this convenience empowers usto access our personal devices from anywhere in the world such as an IP camera, it also deprives control of our online privacy. Cyber criminals, hackers, spies and everyone else has realized that we don’t have complete control on who can access our personal data. We have to take steps to to protect it like keeping Senseless password. Dont leave privacy unprotected. Check out this article for more ways: https://www.purevpn.com/blog/data-privacy-in-the-age-of-internet-of-things/

  3. You need to look into Celadon not paying sign on bonuses. We call get the run

  4. My parents took advantage of the fact that I was homeless in 2012 and went to court and got Legal Guardianship I my 2 daughters. I am finally back on my feet and want them back, but now they want to fight me on it. I want to raise my children and have them almost all the time on the weekends. Mynparents are both almost 70 years old and they play favorites which bothers me a lot. Do I have a leg to stand on if I go to court to terminate lehal guardianship? My kids want to live with me and I want to raise them, this was supposed to be temporary, and now it is turning into a fight. Ridiculous

  5. Here's my two cents. While in Texas in 2007 I was not registered because I only had to do it for ten years. So imagine my surprise as I find myself forced to register in Texas because indiana can't get their head out of their butt long enough to realize they passed an ex post facto law in 2006. So because Indiana had me listed as a failure to register Texas said I had to do it there. Now if Indiana had done right by me all along I wouldn't need the aclu to defend my rights. But such is life.

ADVERTISEMENT