28 Oct Yesterday’s FCC Ruling: What Brands Need To Know
Last year, Advertising Age ran an article revealing some data practices employed by internet service providers (ISPs) that many consumers find to be rather creepy, namely collecting and selling our data to marketers. Well, yesterday the Federal Communications Commission (FCC) put their foot down and said, “No more.”
After a six-month comment period and a party-line 3-2 vote, the FCC ruled that ISPs must obtain opt-in consent to collect or use “sensitive” data including health data, financial information, app data, location data and even the content of emails and other digital messages.
Getting users to OPT-IN? Good Luck! Companies built upon access to web-surfing data from ISPs could be run right out-of-business. Yes, I’m talking about you Verizon Precision Market Insights and AT&T’s Ad Works as well as assorted DSPs, DMPs, RTBs, et al. The FCC has also agreed to allow collection of specific, less-sensitive data via an opt-out mechanism.
For those of us that have been around long enough to remember when AOL did not allow cookies on their network, we can appreciate how lethal an opt-in model can be for targeting, advertising and analytics. It’s a well-known fact that consumers don’t opt-in very often. Comments submitted to the FCC revealed that 81% of consumers allow data collection with opt-out, but only 18% allow data collection with opt-in.
What about Google, Facebook, Yahoo and Apple? Websites, ad networks and social networks (“edge” sites) are not directly affected because they’re subject to the Federal Trade Commission’s privacy regime, a portion of which dates back to 2000. Consumers visit websites by using a browser application such as Firefox or Chrome. Browsers have evolved over time to become the central source of privacy and security controls on the web. Apps such as ad blockers and cookie privacy settings operate within a browser. ISPs gather data from behind the browser – directly plugged into clickstream data without any limitations or restrictions. Google knows what you’re doing through a browser on their network, but not on Yahoo or Facebook (mostly). An ISP has 100% visibility to every packet of data that moves through your smartphone including personally identifiable information such as your name, address, phone number and credit card number.
Enforcement of this ruling won’t start for 12 months, so we have a little time to determine how to manage within a new privacy framework. However, ISPs are facing a real challenge – how do they get consumers to agree to allow data collection when they have demonstrated over the years they are not willing to do so? When it comes to getting users to opt-in, the carrot approach could involve lower charges or access to premium features whereas the stick approach might involve reducing features & benefits.
It really comes down to trust with ISPs. Consumers are far more likely to opt-in with brands they know and trust, and trust is not a hallmark of the relationship ISPs have with consumers.
The ruling is a bold move for the FCC, one that will probably not go unchallenged. The Association of National Advertisers has already issued a scathing review of the new ruling in a statement that began with “The FCC’s new sweeping privacy rules decision is unprecedented, misguided, counterproductive, and potentially extremely harmful….” Furthermore, this may cause AT&T to revisit the terms of its acquisition of Time Warner, which was partially justified by their intent to combine resources for more powerful targeted advertising. In any case, you can expect to see revisions to privacy policies, changes to targeting platforms, and a boatload of those little dialogue boxes popping up limiting your access unless you opt-in.