The US Federal Trade Commission has asked seven American providers of mobile broadband service to provide details about how they deal with customer and device data.
The trade watchdog issued an order [PDF] on Tuesday directing AT&T, AT&T Mobility, Comcast (Xfinity), Google Fiber, T-Mobile US, Verizon, and Cellco Partnership, aka Verizon Wireless, to detail their privacy policies, procedures, and practices.
Recent revelations of cellular network giants selling subscriber location data to pretty anyone who vaguely looked like a cop or bounty hunter prompted 15 senators in January ask America's broadband overseer the Federal Communications Commission to investigate the practice, and it has grudgingly agreed to do so.
Now the FTC, derided for years by critics as a regulatory lapdog, has stepped in, too, "in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content."
The agency suggests it will rely on its remit of going after unfair and deceptive trade practices to punish companies that say one thing then do another, perhaps unaware that industry behavior tends to be disclosed in the lengthy, ambiguous privacy policies that no one actually reads.
This is the same agency the the Electronic Privacy Information Center slammed on Tuesday in a letter [PDF] to the the House Oversight Committee for a hearing on strengthening the oversight powers of consumer-focused agencies like the FTC and Consumer Protection Bureau.
In conjunction with the hearing, the Government Accountability Office, said in a report [PDF] that the FTC and CPB lack the tools to deal with poor data handling related to incidents like the exposure of 145 million consumer records at credit bureau Equifax in 2017.
Give us the tools and we, er, won't do the job
But as EPIC put it, the issue for the FTC is not lack of tools but lack of will. Data protection challenges, said EPIC president Marc Rotenberg and policy director Caitriona Fitzgerald, "will not be solved by granting the FTC more authority: the agency has failed to use the authority it already has."
AT&T, Sprint, Verizon, T-Mobile US pledge, again, to not sell your location to shady geezers. Sorry, we don't believe themREAD MORE
Oblivious to EPIC's request that House members support the creation of a dedicated data protection agency, as seen in Europe, the FTC set out on a quest to find out more about the above-mentioned mobile firms and their ad habits. After more than a decade of smartphone data shenanigans, perhaps the time seemed right.
The agency asked for information about: the categories of personal data collected from consumers and their devices; the ways such data gets gathered; whether the data gets shared with third parties; and the internal policies governing data access and retention.
It also wants to know about: how companies provide notice and consent for data processing; how data gets aggregated, anonymized and processed; whether consumers are given choices about data handling; whether declining to accept data collection leads to degraded service; and whether companies provide a way to access, correct, or delete personal data.
Don't expect meaningful action soon. A year ago, the FTC, following pressure from EPIC, said it would investigate Facebook for potential violations of the 2011 consent decree the social ad biz struck with the regulator. If you listen and remain as still as a US regulator, you can hear the silence of companies not shaking in their boots. ®