“Unlock The Box” — So Big Tech Can Profile and Data Mine Our TV Choices?

The FCC’s AllVid proposal sweeps away vital legal protections for our privacy — and replaces them with nothing

Sometimes we watch Game of Thrones or the History Channel, sometimes we watch Real Housewives or Homeland. And those choices have always been private — ours to make in our homes and protected by Congress.

But the new AllVid-style TV regulations being proposed by the FCC this week are an assault on consumer privacy. They will strip viewers of vital safeguards for their viewing choices and add “what we watch” to the mountains of data being mined and exploited by privacy scofflaws like Google, alongside their existing files of what we search for on the Internet; what we say in our gmail at home, work, and school; what happens in our “Nest”-connected homes; and where we go using Waze and Google Maps.

Chairman Wheeler and advocates for Silicon Valley claim they will fix the problem — but they haven’t explained how, and as best we can tell it’s just not possible. Congress imposed certain privacy rules on video providers, and it isn’t clear the FCC can require any of these other companies to follow those rules. In fact, the FCC recently declared unequivocally that it will not regulate the privacy practices of the so-called edge providers.

Today Our Personal Viewing History Is Protected by Law

Today, federal statutes require pay TV companies like cable and satellite to protect the privacy of their video customers’ individual viewing history and other personally identifiable information. They can’t unilaterally sell personally identifiable viewing records. Viewers have powerful opt-out and consent rights to limit disclosures. And providers must inform their customers of the personally identifiable information they have, how they use it, how customers can access and correct it, and their power to prevent access by third parties and enforce their rights. Providers also must follow comprehensive restrictions to protect viewers when addressing government demands for protected data.

They also bake legal privacy protections into new services and into their apps for new platforms, protecting consumers however and wherever they access their video. And if your cable or satellite company breaches these statutory duties, you have the right to go to federal court and hold them to account.

AllVid Eliminates These Statutory Protections by Giving Our Data to Others

The retail device manufacturers and Big Data tech companies lobbying for this AllVid proposal are not subject to any of these statutory requirements. The limits on collecting and selling our information, our power to consent and-opt out of certain practices, the obligation to give notice, the limits on disclosure of information to requesting government agencies, our ability to sue to protect our rights, and more — all swept away.

As a result, these Internet giants and device providers could monitor, share, store, and use customers’ individually identifiable TV viewing history and other personally identifiable information without the mandatory safeguards Congress has applied to satellite and cable. The FCC’s own staff admits this, recently acknowledging that the privacy protections under the Communications Act “apply to MVPDs only.”

Handing over our privacy to the companies advocating for AllVid should be a non-starter for anyone who cares about consumer privacy rights — particularly in light of these companies’ abysmal track record exploiting sensitive consumer data. Google paid $17 million to settle a case brought by 28 state attorneys general after it circumvented browser privacy settings to track users’ web browsing without their consent.

Google also paid a $22.5 million fine in a separate case brought last year by the Federal Trade Commission over similar charges that it bypassed privacy settings in the Safari browser, in violation of a prior FTC order against Google prohibiting such activity. That fine was the largest settlement ever obtained by the FTC. Google tracked the activities of nearly 50 million students and teachers using its Google for Education initiative without giving parents a way to opt out. And it outraged privacy advocates even further when its Wi-Spy cars sucked up information off our home Wi-Fi networks, with at least one federal judge asking if this violated wiretap laws.

And Google is not alone. Vizio reportedly tracked its customers’ viewing habits and shared them with advertisers and others without consent, and its defense has been that existing FCC privacy protections do not apply to its business.

Anyone who cares about privacy should fear handing our viewing history over to companies who don’t have to comply with statutory rules. Google and others like it have a unique ability to combine intimate knowledge of what we watch with existing stockpiles of personal data on our communications, movements, Internet activities, shopping, travel, and so much more. Why give them our viewing history along with a free pass on the privacy protections Congress put in place?

Outsourcing the Problem to Serial Privacy Abusers Won’t Fix It

The problem is that the FCC appears to lack the power to subject AllVid providers to the federal laws under the Communications Act that protect home viewers today. To date, no one at the Commission has even articulated how the FCC might possess that authority. Conversely, the proponents of the Google proposal have clearly stated that in their view the existing Congressional mandates do not apply to them.

The Commission’s AllVid fact sheet weakly offers that “the proposal seeks to ensure that the privacy protections that exist today will also apply when alternative navigation devices are used.” But an empty promise to try and figure things out is no substitute for the statutory privacy protections that exist today.

And it is false comfort to consumers to say that AllVid companies will have to “pledge” to abide by the same statutory privacy protections that govern satellite and cable, as Public Knowledge argues, apparently putting its support for Google’s lobbying priorities ahead of both its purported concern for consumer privacy and basic common sense. A pledge is no substitute for concrete statutory protections, and satellite and cable providers would have no way to police this “pledge” at all. They can’t see what happens inside other companies or their devices, and would have no way to force these companies to remedy any violations that did occur.

Passing a sweeping new rule that strips viewers of the statutory privacy protections they have today and then handing the problem over with a wink and a nod for an unenforceable privacy pledge by the companies that brought us Wi-Spy and eavesdropping TVs is no solution at all.

A Huge Step Backwards for Privacy

The Chairman’s approach creates a gaping hole in consumer privacy where none exists today, and leaves our personal viewing histories at the mercy of vast businesses built almost entirely on mining, exploiting, and profiling our personal data. It would be the biggest step backwards for consumer privacy ever enacted by the FCC. This makes absolutely no sense, especially when cable and satellite providers are already covered by strict statutory privacy protections and a robust “apps” solution is already working in the marketplace to deliver video to hundreds of millions of viewers and devices without compromising our privacy at all.