ISPs Should Obtain Users Consent To Use Content For Ad Targeting, FTC Says

by , , Staff Writer @wendyndavis, June 1, 2016

Internet service providers should obtain consumers’ opt-in consent before using a broad array of information — including users’ search queries, email messages, social media posts, and titles of books read or movies viewed — for ad purposes, according to staff at the Federal Trade Commission.

But the FTC also recommends that broadband providers need only allow consumers to opt out of the use of other, “non-sensitive” information for ad targeting.

The agency’s suggestions come in response to the Federal Communications Commission’s potential privacy rules for Internet service providers. The FCC currently is considering regulations that would prohibit broadband providers from using data about consumers’ Web activity for ad-targeting purposes without their opt-in consent. The rules would only apply to Internet service providers, and not companies that offer Web content or services — like Google, Facebook, Netflix and ad networks.

The major ad industry trade groups — including the IAB, Association of National Advertisers, Digital Advertising Alliance and Digital Marketing Association — oppose the FCC’s proposal; Advocacy groups and digital rights organizations, including the ACLU, Electronic Frontier Foundation and Public Knowledge, support the potential regulations.

The FTC apparently isn’t entirely endorsing the FCC’s proposal, but is urging tougher rules than those favored by the telecom and cable industry.

Specifically, the FTC says in its comments that it supports the proposal for opt-in consent for “sensitive” data, but not “non-sensitive” information. But the FTC’s definition of sensitive is much broader than the ad industry’s. The FTC says sensitive information includes not only geolocation data, Social Security numbers and health and financial data, but also all “content” — which the FTC defines as follows: “Consumer communications such as contents of emails; communications on social media; search terms; web site comments; items in shopping carts; inputs on web-based forms; and consumers’ documents, photos, videos, books read, movies watched.”

The FTC continues: “Content data can be highly personalized and granular, allowing analyses that would not be possible with less rich data sets. It also can be used to infer additional information about consumers, including sensitive information, and to make decisions about consumers that may harm them, especially if the data or the inferences are inaccurate.”

The agency also recommends that the FCC define “personally identifiable information” as including any data that’s “reasonably linkable” to a consumer or a device — even data that the ad industry argues is anonymous.

“This definition would capture persistent identifiers such as cookies, static IP addresses, MAC addresses, and other device identifiers,” the FTC says.

That conception of “personally identifiable” is considerably broader than the online ad industry’s view of the term. The self-regulatory group Network Advertising Initiative, for instance, says personally identifiable information includes names, addresses, phone numbers, and other data that can be used to “identify, contact, or precisely locate a person.”

 

MediaPost.com: Search Marketing Daily

(27)