Internet service providers – ISPs – are the inevitable middlemen of our digital daily lives. Without someone providing and maintaining the infrastructure that brings Twitter to our screens, we’d have to find new ways to be miserable. But is your internet service provider profiting from you? Is it possible that ISPs are selling our personal data?
In short: can ISPs sell your data?
If you live in the US, the ISPs can sell your user data to third parties. If you live in the EU, they can’t. If you live anywhere else, then it depends on the local law.
Can ISPs sell my data in the US?
Yes, ISPs in the US can absolutely sell your personal data, and this has been the case since 2017. After the law that allows sale of data was implemented, all ISPs were granted the right to sell your data to basically whomever. Data brokers are obviously among the most interested in buying and selling your data. A convenient way to opt out from data brokers in bulk is to use a service like Incogni.
Technically, a user can get on their internet service provider’s website and opt-out of the ISP selling data. However, if you’re one of the ordinary web users who aren’t even aware that it’s a thing, you’re tacitly agreeing that they can sell your data.
Let’s take a look at the largest ISPs in the US!
Does Comcast sell my data?
The Xfinity website uses weasel words like “We do not sell information that identifies who you are to anyone,” so they may not be selling your browsing history data, but there’s a lot of wiggle room there.
Does Charter/Spectrum sell my data?
Does Cox sell my data?
It takes some digging, but it appears that Cox only sells some data related to TV viewership but not online services, that’s why we put an asterisk there.
Does Altice sell my data?
Does Mediacom sell my data?
Again, these are but preliminary impressions based on reading into the privacy policies. There’s still cause for concern, at least in the eyes of the FTC, which has recently released a report on just how deep the ISP data collection practices go. Said report also remarks that exactly how much data is gathered and sold depends on the scope of the ISP’s business: “one recipient reported that it has over 370 million direct consumer relationships, across its mobile, pay-TV, broadband, and digital properties” while another claimed to serve a trillion ads per month.
Can ISPs sell my data in the EU?
Good news! If your country belongs to the EU, the famous GDPR – General Data Protection Regulation – prevents the collection of your personal data without your express permission. It also forbids them from selling it.
Can ISPs sell my data in the UK?
Technically speaking, a UK internet service provider can’t sell your browsing data. While the UK is no longer part of the EU, its data laws are still based on GDPR. The article has been changed a little post-Brexit, but it still doesn’t allow the ISPs to harvest personal data for sale.
Can ISPs see my browsing history?
Technically speaking, yes, the ISP is in one of the best positions to access personal data as all of your traffic passes through their infrastructure (this is what allows them to throttle your connection). Practically, data collection may be by the scope of its services and what they are allowed to record by the local laws.
Fortunately, this can be overcome by using a VPN, which hides most of what an ISP could track about you.
Can a VPN prevent ISPs from selling my data?
Nothing but laws can prevent the sale of your data. However, by using a VPN, you can drastically cut down on the amount of data that becomes available to the ISP. With a VPN:
- Your data is encrypted, meaning that the ISP can’t read any of its contents. It can tell that you’re using a VPN, but that’s it. This also means that an ISP can’t see when you’re gaming, streaming, or downloading files.
- Your data is routed via VPN servers, so the ISP can’t tell what websites you’re accessing, when you’re accessing them, or for how long. It all looks like VPN use.
Of course, the ISP will still have the data they collected on you before you started using a VPN and the data you gave out to register for it. But it is the one way to stop the ISP from profiting from your continued internet use.
What do ISPs do with my data?
Even if the ISP doesn’t have a financial motive to keep your data (like when it’s forbidden to sell it), there may be reasons for them to collect it. Most often, it depends on government regulations.
For example, Australian law prevents ISPs from selling your data, but they are required to maintain certain records for some time. This is all usually done for state security purposes, so it all depends on how you feel about that.
What type of data can the ISP sell?
It depends on what they can scrape, but it includes (but not limited to):
- The websites you visit
- Your time of visit
- Your duration of visit
- The device you used
- Real-time location
- Location history
Plus, if you’re visiting a website that isn’t secured by HTTPS, they can see everything you do on such a site.
Protect your privacy now
Whether or not your ISP is selling your data to marketers depends on the legal framework of your country. You should really keep both legislation and your service agreement in mind when it comes to considerations like these. As for the technical aspect, you should really get a VPN to cut down on the amount of your personal information an ISP would be able to collect in the first place.