In April 2017, President Donald Trump signed a bill that repealed online privacy protection rules that forbade internet service providers from doing what they wish with internet users’ browsing histories (online activity or search history), including shopping habits and location.
“The cancellation and withdrawal of these rules puts all of us at serious risk,” says Michael Bien
, an attorney at Rosen Bien Galvan & Grunfeld in San Francisco. “These rules were designed to limit and restrict what companies could do with your personal data.”
When you connect to the internet, you use an internet service provider (ISP); these providers are most often cable and telephone companies. “Basically,” says Bien, “everything you do to access the internet goes through their system before it gets to Google or Facebook or wherever you’re going to. They have 100 percent access to all of your information—every key stroke, every website, every financial transaction, every email that you send.”
The protections weren’t going to limit access to information for the companies, but rather make sure they were being transparent about what data they were using. “People have gotten used to a lot of invasions in privacy,” Bien adds. “I think that these regulations were designed to at least make this transparent; you could at least choose not to let a company use your information.”
Among many other things, the regulations ensured that ISPs were keeping up to date with proper security measures, as well as alerting the government and their customers if they experienced a data breach from hackers.
“Any time a government agency or a private entity is collecting mass amounts of information about us, we all should be concerned,” says Bien, “because no matter how well intentioned they are and how wonderful the purpose may be, that information can be accessed by somebody— whether it’s a government entity or private party or a foreign government. Once the information exists, it can be tapped—with or without a court order.”
Now that we know those regulations are gone, and ISPs can sell your data to whomever they like, what can you do to protect yourself?
A virtual private network, or VPN service, is one option. Essentially, a VPN protects your internet data by acting as a firewall, and it replaces your IP address with that of the VPN provider. “They have their own risks,” says Bien. “It’s not a perfect solution, but does provide some protection.”
Bien states that some internet providers in California have pledged to keep their customers’ data confidential, voluntarily. “You should find out whether there’s a choice in your area that’s giving you more privacy,” he says. “One local company I know is called CREDO Mobile.”
He also suggests visiting sites of organizations like the Electric Frontier Foundation to learn more about internet privacy. “They’re really experts on the issue of what people who use the internet can do to gain privacy,” Bien says. “They also reveal when they find out that companies are monetizing [your data], and are doing things that they’re not telling you about, that you would want to know.”
A final option is simply action: “I think, as a customer in California, you should demand that your company tells you what they’re doing with your data,” says Bien. “A tool we have as consumers is to organize and respond. … Find out what your company is doing and protest. We’ve seen some of this recently, where companies reacted to a strong attack against some corporate practice on Twitter, Facebook or in the media.”
The FCC is accepting comments
on the net neutrality proposal, should you desire to make yourself heard that way, as well.
“I might be more of a classic consumer,” he adds. “I’m going to be upset about this, and I’m going to rant about it, but I’m not going to do anything about it. Unless these things are very easy to do, most of us are not going to bother with something that makes our using the internet more difficult.”
For more information on data collection, cybersecurity, and ISP tracking, see our overview of consumer law.