On the 3rd of April, 2017 President Donald Trump signed into legislation that destroys a key aspect of privacy and that is obtaining consent from a data subject prior to controlling/processing the data. This new legislation will enable internet service providers (ISPs) to share or sell your web browsing history and other sensitive information collected by the ISPs without your consent.
While the European Union moves further to protect data protection and privacy of its citizens for example with the introduction of the European Union General Data Protection Regulation (Regulation (EU) 2016/679) that unifies the data protection laws of all member states, it seems that the United States is going on the opposite spectrum i.e. taken power away from data subjects and giving it back to corporate entities such as ISPs.
The move has widely been criticised not just within the US but also internationally as undermining consumer privacy and rights. The new legislation has overturned the Barack Obama rule issued in 2016 under the remit of the Federal Communications Commission (FCC) in which consumers where given greater control over how their ISPs providers could share their information. Simply put the old rule required ISPs to ask you explicitly to “opt-in” to letting them share your personal browsing information. This rule brought the EU and the US approach to consent closer but now with the new law the EU and US approach is again polar opposite.
“This new legislation will enable internet service providers (ISPs) to share or sell your web browsing history and other sensitive information collected by the ISPs without your consent.”
Overview of the New Law
Briefly, the new law presents ISPs corporations with a golden goose of endless access to personal data by assuming your consent, including your health concerns, your financial history, your political views, your religious views, your educational views, your family circumstances, your sexual orientation, your shopping habits the types of information collected is limitless! Simply put your browsing history can reveal a lot about the type of person you regardless of where you are in the US.
One way arguably to go against this is by expressly writing to your ISPs corporation and request that you “opt-out” of any data processing by them of your browsing information. That being said the fact that you use the ISPs service automatically enables your consent and this potential solution is not a practical solution as it means your information is already being recorded and used by the ISPs provider. Not only that if you chose to “opt out” your service maybe be disrupted so it is not likely many people would choose to “opt-out”. This is like the cookies statement on websites if you decline the statement then you’re essentially rendering many functions of the website you are accessing being corrupted so while you have a choice with accepting cookies in practice you really don’t.
The Telecom Act of 1996 governs ISPs providers with the FCC being the regulatory body enforcing the Act. Under President Obama the FCC took a consumer-friendly approach whereas under President Trump the current FCC chairman Ajit Pai arguably is taking a different approach especially in light of the recent legal changes. It will be interesting to see how the current chairman of the FCC interprets the recent changes into practise.
While there does exist US Federal law that places privacy and data protection obligations of ISPs, these laws fail to spell out exactly what is expected of ISPs and how these ISPs providers can comply with the privacy obligations. With the clear absence of privacy rules, it means that the ISPs corporations have essentially personal leeway in how & who can monitor its customers and what they can do with the personal browsing history of their customers.
There are ways to evade ISPs providers from collecting your browsing data but these methods are not known to the common man (or woman). You can use virtual private networks or Tor but ISPs will know that you are using these services at the very least because it is important for them to know any issues that might arise in order to enable the network to work efficiently.
We know what the new law states it is now up to the FCC to set the parameter for regulatory enforcement on this new law regarding how the browsing information can be used by ISPs providers.