Internet service providers – ISPs – are the inevitable middlemen of our digital daily lives. Without someone providing and maintaining the infrastructure that brings Twitter to our screens, we’d have to find new ways to be miserable. But is your internet service provider profiting from you? Is it possible that ISPs are selling our personal data?
In short: can ISPs sell your data?
Whether or not your ISP can collect and sell your data depends on the country you live in. As of 2017, ISPs in the United States are legally allowed to sell user data to third parties, while such activities remain illegal in Europe and many other countries worldwide.
Can ISPs sell my data in the US?
Yes, ISPs in the US can absolutely sell your personal data, and this has been the case since 2017. After the law that allows sale of data was implemented, all ISPs were granted the right to sell your data to basically whomever. Data brokers are obviously among the most interested in buying and selling your data. A convenient way to opt out from data brokers in bulk is to use a service like Incogni.
Technically, a user can get on their internet service provider’s website and opt-out of the ISP selling data. However, if you’re one of the ordinary web users who aren’t even aware that it’s a thing, you’re tacitly agreeing that they can sell your data.
Let’s take a look at the largest ISPs in the US!
Does Comcast sell my data? | Maybe? | The Xfinity website uses weasel words like “We do not sell information that identifies who you are to anyone,” so they may not be selling your browsing history data, but there’s a lot of wiggle room there. |
|---|---|---|
Does Charter/Spectrum sell my data? | No | While it’s hard to say for sure with any ISP, Spectrum’s privacy policy states that they do not sell your information, but some of it may be used in market reports. |
Does Cox sell my data? | No* | It takes some digging, but it appears that Cox only sells some data related to TV viewership but not online services, that’s why we put an asterisk there. |
Does Altice sell my data? | Maybe? | The privacy policy states that personally identifiable information isn’t disclosed unless it’s for “legitimate business activity related to our Covered Services,” which can mean anything. Furthermore, mailing list information - which includes names, addresses, and services used - is disclosed to marketers. |
Does Mediacom sell my data? | Maybe? | The privacy policy states that Cable Privacy Law “also allows us to provide your name and address to third parties in the business of selling information about consumers from a variety of sources to charities, advertisers, marketers and others,” so read that as you will. |
Again, these are but preliminary impressions based on reading into the privacy policies. There’s still cause for concern, at least in the eyes of the FTC, which has recently released a report on just how deep the ISP data collection practices go. Said report also remarks that exactly how much data is gathered and sold depends on the scope of the ISP’s business: “one recipient reported that it has over 370 million direct consumer relationships, across its mobile, pay-TV, broadband, and digital properties” while another claimed to serve a trillion ads per month.
Can ISPs sell my data in the EU?
Good news! If your country belongs to the EU, the famous GDPR – General Data Protection Regulation – prevents the collection of your personal data without your express permission. It also forbids them from selling it.
Can ISPs sell my data in the UK?
Technically speaking, a UK internet service provider can’t sell your browsing data. While the UK is no longer part of the EU, its data laws are still based on GDPR. The article has been changed a little post-Brexit, but it still doesn’t allow the ISPs to harvest personal data for sale.
Can ISPs see my browsing history?
Technically speaking, yes, the ISP is in one of the best positions to access personal data as all of your traffic passes through their infrastructure (this is what allows them to throttle your connection). Practically, data collection may be by the scope of its services and what they are allowed to record by the local laws.
Fortunately, this can be overcome by using a VPN, which hides most of what an ISP could track about you.
Can a VPN prevent ISPs from selling my data?
Nothing but laws can prevent the sale of your data. However, by using a VPN, you can drastically cut down on the amount of data that becomes available to the ISP. With a VPN:
- Your data is encrypted, meaning that the ISP can’t read any of its contents. It can tell that you’re using a VPN, but that’s it. This also means that an ISP can’t see when you’re gaming, streaming, or downloading files.
- Your data is routed via VPN servers, so the ISP can’t tell what websites you’re accessing, when you’re accessing them, or for how long. It all looks like VPN use.
Of course, the ISP will still have the data they collected on you before you started using a VPN and the data you gave out to register for it. But it is the one way to stop the ISP from profiting from your continued internet use.
What do ISPs do with my data?
Even if the ISP doesn’t have a financial motive to keep your data (like when it’s forbidden to sell it), there may be reasons for them to collect it. Most often, it depends on government regulations.
For example, Australian law prevents ISPs from selling your data, but they are required to maintain certain records for some time. This is all usually done for state security purposes, so it all depends on how you feel about that.
What type of data can the ISP sell?
It depends on what they can scrape, but it includes (but not limited to):
- The websites you visit
- Your time of visit
- Your duration of visit
- The device you used
- Real-time location
- Location history
Plus, if you’re visiting a website that isn’t secured by HTTPS, they can see everything you do on such a site.
Protect your privacy now
Whether or not your ISP is selling your data to marketers depends on the legal framework of your country. You should really keep both legislation and your service agreement in mind when it comes to considerations like these. As for the technical aspect, you should really get a VPN to cut down on the amount of your personal information an ISP would be able to collect in the first place.
