"Every single ISP should have a responsibility to protect the privacy of its users – and as mobile internet access continues to grow, that responsibility rests even more squarely on the shoulders of mobile ISPs," the privacy-oriented organizations said in a statement.
"[S]tarting April 26, 2021, T-Mobile will begin a new program that uses some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services for our own and third-party advertising, unless you tell us not to."
Location tracking report: X-Mode SDK use much more widespread than first thoughtREAD MORE
T-Mobile US insists this information will not be linked to a subscriber name or identifier that directly identities the individual, but only to a mobile advertising identifier or other unique identifier, as if there would be no way to link the identifier to a person.
The telco has defended its policy revision by noting that many people prefer targeted ads because they find them to be more relevant. A 2016 study [PDF] from the Internet Advertising Bureau, a not-entirely disinterested party, found that 71 per cent of consumers surveyed prefer ads aimed at their interests.
At the same time, many people express the opposite opinion. A 1,000 person survey [PDF] conducted by polling firm Greenberg Quinlan Rosner earlier this year, however, found that 81 per cent of respondents support "[banning] companies from collecting people's personal data and using it to target them with ads."
A duty of care
The advocacy groups in their letter argue that internet service providers, particularly mobile carriers, need to limit how long they retain data and to be more transparent in how they store it and how it gets shared.
"We believe each and every customer paying for your internet service has the right to determine how their personal data will be used, on an opt-in basis," their letter says.
The privacy-focused orgs has asked for three commitments: To use DNS consumer data only for DNS resolution, unless the customer has opted for other uses; to delete DNS data after 24 hours unless the customer has opted to allow the data to be used for legitimate security purposes; and to refuse to sell, share, or license access to customer data without explicit informed consent.
"We are at a tipping point in consumer demand for stringent privacy protections and clear, honest communication from companies about how personal data is handled, modified, and stored," the letter says.
"Given the growing awareness among consumers about privacy issues, and constant news about data breaches and inappropriate data use by companies in many industries, this marks an opportunity for service providers to explicitly use privacy as a key selling point – using it as a competitive differentiator. "
AT&T, T-Mobile US, and Verizon did not immediately respond to requests for comment. ®