Big Data is Watching: Growing Digital Data Surveillance of Consumers by ISPs and Other Leading Video Providers

Americans face growing new threats to their personal privacy as phone and cable Internet service providers (ISPs), along with leading Internet companies, expand their ability to capture details about what we do online in order to target us with data-driven personalized advertising. This report examines AT&T, Comcast, Cablevision, Charter, Cox, Verizon, Dish, Time Warner Cable, Viacom, Google, News Corp. (Fox), Turner Broadcasting (Time Warner), and Disney, focusing on some of their recent data- and video-related advertising practices.

ISPs have formed partnerships with powerful data brokers (including Acxiom, Krux, and Oracle Marketing Cloud), gaining new insights into our online and offline behaviors. They are incorporating state-of-the-art “Big Data” practices, such as “programmatic advertising” that instantaneously buys and sells individual consumers—to financial marketers, fast-food companies, and health advertisers, for example—all without the consumer’s knowledge. In the process, ISPs have transformed TV and digital video into a vast new source of personal information, analyzing set-top box and streaming-video data for our viewing habits, and combining that information with sensitive online and offline data (including financial, health, racial, ethnic, and location) to compile detailed “digital dossiers” on millions of Americans.

The ability of an ISP and others to identify and target us regardless of what digital device we use, moreover, has effectively erased any privacy safeguards we may have enjoyed in the past when we switched between devices. The report provides more evidence of the “digital data arms race” that is further eroding consumer privacy:

• AT&T, through its AdWorks division, has developed a “cross-screen system to match users’ mobile, online and television devices together based on identifiers and systems” that the company has “access to.” It operates a “consumer insights platform” that uses “Big-Data” techniques to advance AT&T’s targeted-marketing objectives.

• Comcast is using Rubicon’s Advertising Automation Cloud, “one of the largest cloud and Big Data computing systems in the world, [which] leverages over 50,000 algorithms and analyzes billions of data points in real time” to buy and sell individuals to marketers.

• Verizon, by acquiring mobile-marketing-data company Millennial Media, gained access to customer data gathered by more than 60,000 apps, including “location, social, interest, and contextual” information. Millennial has “developed more than 700 million active server-side unique user profiles, over 60 million of which link multiple mobile devices and PCs to a single specific user … ,” with some 175 million monthly unique users in the “United States alone.”

The Federal Communications Commission’s pending proceeding on privacy should examine all the ways that broadband networks operated by Internet service providers gather and use consumer information today. The review and policy proposals need to address the data-targeting relationships that ISPs have with leading digital marketing companies, including ad exchanges, data brokers, and advertisers. The FCC should enact privacy and consumer protection rules that provide individuals with rights over their data—including a set of Fair Information Practices that address the current data practices of ISPs. These companies should not be allowed to share data with affiliates or to use information for marketing their services without the informed, prior consent of the customer. Policies for privacy are essential as well for a competitive digital video market. Otherwise powerful ISPs and other gatekeepers will control the key way programming is financially supported and distributed.