The House of Representatives in the United States of America has voted for legislation that will allow Internet Service Providers (ISPs) to sell private browsing data of users, to monetise with advertisers and third parties. Already cleared by the Senate, the bill now awaits President Donald Trump's signature, following which every Internet provider in the USA will be able to sell your browsing history to advertisers. This will allow ISPs to cash in on available data and sell user statistics for more targeted advertisements.
Previously existing rules and regulations under Barack Obama's presidency were imposed by the Federal Communications Commission, which required ISPs to take explicit permission from users before anyone's private browsing data could be sold to third party advertisers. While this has kept user privacy in reasonable sanctity so far, the Congressional Review Act, 1996 allows repelling such regulations in urgency, which is exactly what is being done here.
This privacy-ending move will allow ISPs to generate significant additional revenue, on top of what they generate by charging users for services. ISPs have always been privy to private usage statistics of users, and the likes of AT&T have leveraged the advantageous position before as well. Prior to the Internet privacy regulations imposed by the FCC under Obama, major US telecom operator AT&T introduced a $29 premium on its users subscribed to the fiber connectivity services, unless they agreed to sharing usage details – a deal that was categorised under 'Internet Preferences'. Stricter Internet privacy norms set precedent for operators across the world to follow, and removed such practices, albeit temporarily.
In light of the latest legislation, the ISPs argue that this is not essentially different from the operations put forth by the likes of Google, Amazon and Facebook. On such platforms, users maintain a profile, the data of which is accessible by the tech houses. This further allows them to provide private data like recently searched and preferences to participating advertisers and lead them to better targeting of audience. However, advocates of user privacy are counter-arguing that while the likes of Facebook and Google do share such information, the same is less invasive and grave in comparison to the kind of user data that ISPs have in hand. For operators, they are privy to the entire array of websites that a user surfs, and as such, has greater responsibility to protect such sensitive information unless explicit permission is obtained.
In India, the rules of privacy governing telecom operators on user data access are established by Sections 72A and 43A of the Information Technology Act, 2000. Section 72A states that "disclosure of information, knowingly and intentionally, without the consent of the person concerned and in breach of the lawful contract has been also made punishable with imprisonment for a term extending to three years and fine extending to INR 5,00,000." The Section 43A states, "a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing and maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected. It is important to note that there is no upper limit specified for the compensation that can be claimed by the affected party in such circumstances."
While such moves do not affect our telecommunications sector and the privacy rules stand firm till now, the victory for ISPs in USA will certainly be frowned upon by most. It is yet to come to fruition, but the coming days will reveal further concrete details.