Privacy purists prickle at T-Mobile US plan to proffer people's personal web, app pursuits to ad promoters

Moz urges ISPs told to commit to opt-in data usage – as if one more scolding might make a difference in decades of opt-out


In the wake of a T-Mobile US privacy policy change that will automatically share US users' web and mobile app data with marketers, Mozilla, the Electronic Frontier Foundation, the Internet Society, and others, have published an open letter asking internet service providers to do more to promote privacy, particularly as it applies to the DNS data that reflects online interaction.

"Every single ISP should have a responsibility to protect the privacy of its users – and as mobile internet access continues to grow, that responsibility rests even more squarely on the shoulders of mobile ISPs," the privacy-oriented organizations said in a statement.

T-Mobile US's privacy policy revision, which also applies to acquired Sprint customers and Metro by T-Mob subscribers, was published in February but has only recently received widespread attention. People who don't want to share their data now have around six weeks to opt out.

"[S]tarting April 26, 2021, T-Mobile will begin a new program that uses some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services for our own and third-party advertising, unless you tell us not to."

Illustration of location tracking in a city

Location tracking report: X-Mode SDK use much more widespread than first thought

READ MORE

T-Mobile US insists this information will not be linked to a subscriber name or identifier that directly identities the individual, but only to a mobile advertising identifier or other unique identifier, as if there would be no way to link the identifier to a person.

The telco has defended its policy revision by noting that many people prefer targeted ads because they find them to be more relevant. A 2016 study [PDF] from the Internet Advertising Bureau, a not-entirely disinterested party, found that 71 per cent of consumers surveyed prefer ads aimed at their interests.

At the same time, many people express the opposite opinion. A 1,000 person survey [PDF] conducted by polling firm Greenberg Quinlan Rosner earlier this year, however, found that 81 per cent of respondents support "[banning] companies from collecting people's personal data and using it to target them with ads."

A duty of care

The advocacy groups in their letter argue that internet service providers, particularly mobile carriers, need to limit how long they retain data and to be more transparent in how they store it and how it gets shared.

"We believe each and every customer paying for your internet service has the right to determine how their personal data will be used, on an opt-in basis," their letter says.

The privacy-focused orgs has asked for three commitments: To use DNS consumer data only for DNS resolution, unless the customer has opted for other uses; to delete DNS data after 24 hours unless the customer has opted to allow the data to be used for legitimate security purposes; and to refuse to sell, share, or license access to customer data without explicit informed consent.

"We are at a tipping point in consumer demand for stringent privacy protections and clear, honest communication from companies about how personal data is handled, modified, and stored," the letter says.

"Given the growing awareness among consumers about privacy issues, and constant news about data breaches and inappropriate data use by companies in many industries, this marks an opportunity for service providers to explicitly use privacy as a key selling point – using it as a competitive differentiator. "

AT&T, T-Mobile US, and Verizon did not immediately respond to requests for comment. ®


Biting the hand that feeds IT © 1998–2021