The U.S. Federal Trade Commission on Tuesday issued letters to several major internet service providers like AT&T and Comcast, ordering them all to detail their respective data collection practices.
The goal is to "better understand Internet service providers' privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content," the Commission said in a statement. Named corporations include AT&T, Comcast, Google Fiber, T-Mobile and Verizon.
The ISPs must identify not just what, how, and why data is collected, but how long it's kept, whether it's shared with third-parties, and any internal access policies. They must also explain if and how they notify customers about data use, and what options are in place for letting people read, correct or delete information.
The four major U.S. wireless carriers -- AT&T, T-Mobile, Verizon, and Sprint -- ran into a controversy earlier this year when Motherboard revealed that it was possible to pay a bounty hunter just $300 to track down a smartphone, thanks to third-party data aggregators. The carriers have been slow to wind down this data sharing ability, in some cases because of services like roadside assistance.
In 2018, in fact, the carriers had sent letters to Sen. Ron Wyden promising to deal with the same issue, following a scandal involving a firm called Securus. That company was not only selling location data to police forces, but found itself the victim of a hack that resulted in hundreds of police officers having their logins stolen.
The FTC's letters could be a precursor to regulatory action, though the body has largely shied away from enforcing data privacy with ISPs, a result of a Republican-led Congress reversing the Broadband Privacy Rule in 2017.